URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety...
Submission: On July 17 via api from TR — Scanned from DE

Summary

This website contacted 44 IPs in 4 countries across 35 domains to perform 134 HTTP transactions. The main IP is 2606:2c40::c73c:671d, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.humansecurity.com.
TLS certificate: Issued by WE1 on July 8th 2024. Valid for: 3 months.
This is the only time www.humansecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
27 2606:2c40::c7... 209242 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
11 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:2800:233... 15133 (EDGECAST)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
3 104.18.37.212 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
11 95.101.111.170 20940 (AKAMAI-ASN1)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 18.66.102.53 16509 (AMAZON-02)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 184.31.85.59 16625 (AKAMAI-AS)
3 2a02:26f0:350... 20940 (AKAMAI-ASN1)
5 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f08... 32934 (FACEBOOK)
2 2606:2800:234... 15133 (EDGECAST)
1 2001:4860:480... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 3.255.217.67 16509 (AMAZON-02)
1 13.32.27.19 16509 (AMAZON-02)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 52.70.247.33 14618 (AMAZON-AES)
1 2a02:26f0:710... 20940 (AKAMAI-ASN1)
9 35.190.10.96 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700:440... 13335 (CLOUDFLAR...)
1 18.66.112.79 16509 (AMAZON-02)
1 34.252.158.105 16509 (AMAZON-02)
2 76.223.9.105 16509 (AMAZON-02)
1 192.28.147.68 15224 (OMNITURE)
5 2606:4700::68... 13335 (CLOUDFLAR...)
5 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:275... ()
1 2606:4700:10:... ()
1 13.224.189.17 ()
134 44
Apex Domain
Subdomains
Transfer
27 humansecurity.com
www.humansecurity.com
213 KB
12 px-cloud.net
client.px-cloud.net — Cisco Umbrella Rank: 8932
collector-pxxdhgmtcm.px-cloud.net
collector-pxf69i9fy8.px-cloud.net
142 KB
12 6sc.co
j.6sc.co — Cisco Umbrella Rank: 12402
c.6sc.co — Cisco Umbrella Rank: 16017
ipv6.6sc.co — Cisco Umbrella Rank: 12823
b.6sc.co — Cisco Umbrella Rank: 6896
21 KB
11 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 554
251 KB
6 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
region1.google-analytics.com — Cisco Umbrella Rank: 3123
21 KB
5 hubspot.net
cdn2.hubspot.net — Cisco Umbrella Rank: 20878
62 KB
5 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 10891
ws-assets.zoominfo.com — Cisco Umbrella Rank: 34577
33 KB
5 gstatic.com
fonts.gstatic.com
106 KB
5 linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 7061
px.ads.linkedin.com — Cisco Umbrella Rank: 669
px4.ads.linkedin.com — Cisco Umbrella Rank: 7330
163 KB
3 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 5067
19 KB
3 salesloft.com
scout-cdn.salesloft.com — Cisco Umbrella Rank: 28532
scout.salesloft.com — Cisco Umbrella Rank: 36652
4 KB
3 zi-scripts.com
js.zi-scripts.com — Cisco Umbrella Rank: 15834
4 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 534
15 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
310 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 18992
732 B
2 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 4716
content.hotjar.io — Cisco Umbrella Rank: 8904
404 B
2 hubspot.com
app.hubspot.com — Cisco Umbrella Rank: 10634
track.hubspot.com — Cisco Umbrella Rank: 5359
2 KB
2 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 1868
28 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
89 KB
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 8471
6 KB
2 g2crowd.com
tracking.g2crowd.com — Cisco Umbrella Rank: 19182
2 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 1335
script.hotjar.com — Cisco Umbrella Rank: 2017
60 KB
1 fullcircleinsights.com
st.fullcircleinsights.com Failed
1 acsbapp.com
acsbapp.com
94 KB
1 cloudfront.net
d2i34c80a0ftze.cloudfront.net
11 KB
1 mktoresp.com
001-vjx-104.mktoresp.com
318 B
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 5135
24 KB
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 11009
92 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 1019
295 B
1 cdnsynd.com
s.cdnsynd.com — Cisco Umbrella Rank: 15675
64 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1884
14 KB
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 157
64 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336
28 KB
1 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 12087
5 KB
134 35
Domain Requested by
27 www.humansecurity.com www.humansecurity.com
cdn2.hubspot.net
11 cdn.cookielaw.org www.humansecurity.com
cdn.cookielaw.org
client.px-cloud.net
9 b.6sc.co www.humansecurity.com
5 cdn2.hubspot.net cdn2.hubspot.net
www.humansecurity.com
5 collector-pxxdhgmtcm.px-cloud.net client.px-cloud.net
5 fonts.gstatic.com fonts.googleapis.com
5 www.google-analytics.com www.googletagmanager.com
www.humansecurity.com
4 ws.zoominfo.com client.px-cloud.net
4 collector-pxf69i9fy8.px-cloud.net client.px-cloud.net
3 js.hs-banner.com www.humansecurity.com
js.hs-banner.com
3 px.ads.linkedin.com 1 redirects snap.licdn.com
3 client.px-cloud.net www.googletagmanager.com
www.humansecurity.com
client.px-cloud.net
3 js.zi-scripts.com www.humansecurity.com
js.zi-scripts.com
3 bat.bing.com www.humansecurity.com
bat.bing.com
3 www.googletagmanager.com www.humansecurity.com
www.googletagmanager.com
2 epsilon.6sense.com j.6sc.co
2 scout.salesloft.com scout-cdn.salesloft.com
2 platform.twitter.com www.humansecurity.com
platform.twitter.com
2 connect.facebook.net www.humansecurity.com
connect.facebook.net
2 munchkin.marketo.net www.humansecurity.com
munchkin.marketo.net
2 tracking.g2crowd.com www.humansecurity.com
tracking.g2crowd.com
1 st.fullcircleinsights.com d2i34c80a0ftze.cloudfront.net
1 acsbapp.com www.humansecurity.com
1 d2i34c80a0ftze.cloudfront.net www.humansecurity.com
1 track.hubspot.com
1 ws-assets.zoominfo.com js.zi-scripts.com
1 001-vjx-104.mktoresp.com munchkin.marketo.net
1 content.hotjar.io script.hotjar.com
1 vc.hotjar.io script.hotjar.com
1 js.hs-analytics.net www.humansecurity.com
1 js.hsleadflows.net www.humansecurity.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 px4.ads.linkedin.com www.humansecurity.com
1 script.hotjar.com static.hotjar.com
1 s.cdnsynd.com www.googletagmanager.com
1 app.hubspot.com www.humansecurity.com
1 region1.google-analytics.com www.googletagmanager.com
1 scout-cdn.salesloft.com www.humansecurity.com
1 static.hotjar.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 j.6sc.co www.humansecurity.com
1 pagead2.googlesyndication.com www.googletagmanager.com
1 fonts.googleapis.com www.humansecurity.com
1 cdnjs.cloudflare.com www.humansecurity.com
1 static.hsappstatic.net www.humansecurity.com
1 platform.linkedin.com www.humansecurity.com
134 48
Subject Issuer Validity Valid
www.humansecurity.com
WE1
2024-07-08 -
2024-10-06
3 months crt.sh
*.google-analytics.com
WR2
2024-06-24 -
2024-09-16
3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2024-03-01 -
2024-12-31
10 months crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA
2024-06-13 -
2025-06-13
a year crt.sh
hsappstatic.net
E5
2024-07-06 -
2024-10-04
3 months crt.sh
cdnjs.cloudflare.com
E1
2024-06-02 -
2024-08-31
3 months crt.sh
upload.video.google.com
WR2
2024-06-24 -
2024-09-16
3 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 04
2024-06-19 -
2024-12-16
6 months crt.sh
zi-scripts.com
GTS CA 1P5
2024-05-27 -
2024-08-25
3 months crt.sh
*.g.doubleclick.net
WR2
2024-06-24 -
2024-09-16
3 months crt.sh
6sc.co
R11
2024-07-03 -
2024-10-01
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
*.hotjar.com
Amazon RSA 2048 M03
2024-05-22 -
2025-06-20
a year crt.sh
g2crowd.com
WE1
2024-06-23 -
2024-09-21
3 months crt.sh
salesloft.com
Sectigo RSA Domain Validation Secure Server CA
2024-03-20 -
2025-04-19
a year crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1
2023-12-08 -
2024-12-11
a year crt.sh
client.botchk.net
R3
2024-05-29 -
2024-08-27
3 months crt.sh
*.gstatic.com
WR2
2024-06-24 -
2024-09-16
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-04-25 -
2024-07-24
3 months crt.sh
*.twimg.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-08 -
2025-07-07
a year crt.sh
hubspot.com
E1
2024-05-23 -
2024-08-21
3 months crt.sh
cdnsynd.com
R3
2024-05-28 -
2024-08-26
3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-07-01 -
2025-01-01
6 months crt.sh
*.px-cloud.net
Sectigo RSA Domain Validation Secure Server CA
2023-08-15 -
2024-09-13
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2023-11-13 -
2024-11-12
a year crt.sh
hsleadflows.net
E1
2024-06-02 -
2024-08-31
3 months crt.sh
hs-analytics.net
WE1
2024-06-11 -
2024-09-09
3 months crt.sh
hs-banner.com
E1
2024-05-30 -
2024-08-28
3 months crt.sh
*.hotjar.io
Amazon ECDSA 256 M02
2024-02-07 -
2025-03-08
a year crt.sh
*.6sense.com
Amazon RSA 2048 M03
2024-03-31 -
2025-04-29
a year crt.sh
*.mktoresp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-07 -
2024-10-07
a year crt.sh
zoominfo.com
E5
2024-06-17 -
2024-09-15
3 months crt.sh
hubspot.net
Cloudflare Inc ECC CA-3
2024-03-06 -
2024-12-31
10 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2023-10-10 -
2024-09-19
a year crt.sh
acsbapp.com
WE1
2024-06-20 -
2024-09-18
3 months crt.sh
aws-st.fullcircleinsights.com
Amazon RSA 2048 M02
2024-05-28 -
2025-06-25
a year crt.sh

This page contains 2 frames:

Primary Page: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Frame ID: 8DB9D3643BE284675C18BF3A622D4FD4
Requests: 130 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.humansecurity.com
Frame ID: 69828F3176915B3112923B275F95FD3D
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

The Party’s Over: HUMAN’s Satori Threat Intelligence and Research Team Cleans up “Konfety” Mobile Ad Fraud Campaign

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics

Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js

Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js


Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

134
Requests

97 %
HTTPS

67 %
IPv6

35
Domains

48
Subdomains

44
IPs

4
Countries

1831 kB
Transfer

5646 kB
Size

23
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1721182150558&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&tm=gtmv2 HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1721182150558&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&tm=gtmv2&e_ipv6=AQIBfmUv7-juHwAAAZC-c2BDjn0ulemVt35CqYBGEGLI6k12qk24sZYaYBkyjZkPn6rWtmGfjPOQo_65O5KyH5oNUt_2Eg

134 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
www.humansecurity.com/learn/blog/
194 KB
21 KB
Document
General
Full URL
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b226808642bb28ed36793d18833e94ef5768f1c928d4bc86ab1ea7dbe5053c58
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
s-maxage=10800, max-age=0
cf-ray
8a46b0350c061941-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 17 Jul 2024 02:09:09 GMT
edge-cache-tag
CT-100850159647,CT-108749681073,CT-172769674525,CT-50798705058,CG-5249379964,P-3400937,CW-120410438969,CW-123754977913,CW-166526026759,CW-63656548895,CW-63656638135,CW-63656840557,CW-64556607012,E-115294898870,E-115307132989,E-115307516677,E-115387395449,E-115388248694,E-115450692019,E-115451707707,E-120377909830,E-164610244707,E-164611792452,E-164742850616,E-164742903989,E-166527373913,E-166942765475,E-63463820289,E-63463820290,E-63463820292,E-63463820302,E-63656499996,E-63656586570,E-63656625716,E-63656674711,E-63656841263,E-63656841264,E-68518573488,E-91065958246,E-91065964034,E-99901597287,RA-170315478827,RA-171495719182,RA-172012720271,PGS-ALL,SW-3,GC-166536734550,GC-166958618433,TS-63463820311
last-modified
Tue, 16 Jul 2024 23:32:47 GMT
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UFkLiN1VY6%2BmiHi%2FBh06RKFeT8zJim5Ncppfb6X0q7ivQjRvveRt4PuuYK4hn8W3zXBHv7EloiQJYvXXQ10lnwUEUV4xg5twUJhUKpJ1q%2BgG1FToZhWEajHgV45jM91bDCF0ocYqT5oii6vWmJizxgq2zg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-30s
x-hs-cache-control
s-maxage=10800, max-age=0
x-hs-cf-cache-status
HIT
x-hs-content-id
172769674525
x-hs-hub-id
3400937
x-hs-prerendered
Tue, 16 Jul 2024 23:32:47 GMT
project.js
www.humansecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/
1 KB
1 KB
Script
General
Full URL
https://www.humansecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
via
1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
age
10838176
x-amz-cf-pop
FRA56-P2
x-amz-server-side-encryption
AES256
content-security-policy
upgrade-insecure-requests
x-cache
Hit from cloudfront
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F9j7VYAJtlYnZh4oHxOSTqMlvrfXLg4zwG7PaIcUUngJXgHuYB9V%2FzQaiVQzahKq4JGpL%2FeSw%2BlaoBXN2wwYBILDakZLf1GFY%2BOluBRTV608HTJbw1u81QzjnmbDb1hxjH6nm0tHfKCIRRLE2QYKv1mKBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8a46b0357c911941-FRA
x-amz-cf-id
vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires
Thu, 17 Jul 2025 02:09:10 GMT
frontend.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656586570/1698698464930/humansecurity-hs/punch/assets/css/
43 KB
10 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656586570/1698698464930/humansecurity-hs/punch/assets/css/frontend.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
afff892691aaab5f3a2c411cb09a2674006120f314eb8ac1fc6efb8c66a1c353
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
age
1669
x-amz-request-id
JMJJQKEBHKZ7Y274
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"b77d3abc0b9bf83fbcfd36a5a1e3ea4c"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1698698465825
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 7a99ed3f39c18af8fe138a695e5f657c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-version-id
GaNibL_2mws_6v_lkcwwJfeo4CxpHPWp
x-cache
Miss from cloudfront
x-hubspot-correlation-id
b6aa0449-b027-46b4-8bd7-46136f4aca36
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
224
alt-svc
h3=":443"; ma=86400
x-amz-id-2
UfgWAfZARD2W9Nqg+gd0m1wPXP+/r4v5pyCd8qDuRxX7rvyqDH2Sjkk39RgwHi8anD6hvkur8xU=
x-evy-trace-route-configuration
listener_https/all
x-request-id
b6aa0449-b027-46b4-8bd7-46136f4aca36
last-modified
Mon, 30 Oct 2023 20:41:06 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gZ4ynCwKEbWu5eB6qNGo12sJFwR4Lc92z5jSvuqGpkH2848WI5h2W2nyhMd6KmtIyl3CCv8nS6n85unTrbGG%2B%2FZkGQRQOgBLpA2PLw8Mx74fILCVCslGkN7Da1cgWpyr70nHH%2F5XJSULP%2BmxMpL30iHOpw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials
false
cf-ray
8a46b0357c961941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
oV_i9kel-W2tFTYiOeouQKyyiaQowShNdDHnT88nTNq-k_6q7SiNFw==
variables.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820290/1693233181263/humansecurity-hs/assets/css/dist/
0
1 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820290/1693233181263/humansecurity-hs/assets/css/dist/variables.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
age
1669
x-amz-request-id
8HR5K6H3YVDQ5FQP
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
"d41d8cd98f00b204e9800998ecf8427e"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1693233181849
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000
via
1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
PVtlsZaAUzw31xbOkIyAmX4R8T95ZDvv
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
c5e47e35-fbe0-4d9d-b700-472066e10019
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
193
alt-svc
h3=":443"; ma=86400
content-length
0
x-amz-id-2
vf/Et3tfFrKDN+qRHL9tRh5hptpMYr83x+RpN4OEGWyMZH5vFWChdOXW7kiwryF8c+m5wZj34L42Vd+tFY7jMbnmyT3UNdlqlYF3JZ1Yb14=
x-evy-trace-route-configuration
listener_https/all
x-request-id
c5e47e35-fbe0-4d9d-b700-472066e10019
last-modified
Mon, 28 Aug 2023 14:33:02 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=trusC76PKEFEQm4LNuU2se2ZB%2BN1n%2FhBUivZEL7K78g3vZDV2UPnVCRuF0xJgLsI%2FwJWghxwaslArZYXeb24ZP120cJmvnSyxVRG5vzb839bHIUsZO5vQabdt04cQI0e3S6Wg32zqKaLa%2Fie8oRA85vz3g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
8a46b0357c971941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
Cx-TYhN3GwAKO6fcb9ZejJpDoRZwPq__Kt5W5CqL46-ja9rX4Xvi_g==
main.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820289/1715786988598/humansecurity-hs/assets/css/
79 KB
22 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820289/1715786988598/humansecurity-hs/assets/css/main.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0392294081a8113d3c077796594484f5354ebb23b518d3337738015bddb70aa
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
age
3304
x-amz-request-id
A2N88TR11KEJ824P
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"47787750df632993e786b00ce189b343"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1715786989545
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 e71ab653feb8332f51edf19089ecf9fc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
x-amz-cf-pop
IAD55-P4
x-hs-alternate-content-type
text/plain
x-amz-version-id
SAEe3SNv3Lb1_ysCcV6bfhvdbJ82X__.
x-cache
RefreshHit from cloudfront
x-hubspot-correlation-id
d4b8ce20-ac79-450c-b0a4-ac5f07f2db13
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
176
alt-svc
h3=":443"; ma=86400
x-amz-id-2
ncfdwU7taJbZ3IKP7o8Y3tr8UyviiFdSYX6FmSvjLBcbcuWtzUXSwbxS3Wk76ZLRF7868jxvgQk=
x-evy-trace-route-configuration
listener_https/all
x-request-id
d4b8ce20-ac79-450c-b0a4-ac5f07f2db13
last-modified
Wed, 15 May 2024 15:29:50 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dIpC3fSZNYt7DiiZvmbCqgyTzMyYa3YFcWvMM8IU0UmxpJtUHJEkldJywKDJp%2FYsyPbacJjQtkMt8gKPefB1j1lz4EwfHrQOcvIuF%2FbdoBh%2FnDMq5vFQ1c3d3suAy0DSKWJigu82yV7MTqIt6WdCA0uTlw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials
false
cf-ray
8a46b0358c9a1941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
bqhuTaM-eBxLgifJ6n1JSBVjkFOd2Q04Mq-YT99o5jh6Eebl-imwww==
single-common.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115451707707/1709753002216/humansecurity-hs/assets/css/
16 KB
4 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115451707707/1709753002216/humansecurity-hs/assets/css/single-common.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
81f2e0a9e0cbb9cfcb5d72f56f4eff056370ddd14104251fc7066a8f7d641828
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
age
1669
x-amz-request-id
TD9P9PBBZWP80RVQ
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"49aab6c32e04790c0f1e45fad3996b2b"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1709753002890
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-version-id
TDjcu_c8CPezB1bGaaBBUci0M.U7cgii
x-cache
Miss from cloudfront
x-hubspot-correlation-id
518df720-5932-4497-82e8-a724859d7b4b
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
161
alt-svc
h3=":443"; ma=86400
x-amz-id-2
KJ0e1GSrJ9LsCCOfwJOJrpH3F2Dr3L04Gn9pxBd3MZvFYOdleDEGh9BFh/axFy9PcOpaZKG7dD5Vx1WjzLNj78XFM3OwsYaxa6F+A8gZ0jw=
x-evy-trace-route-configuration
listener_https/all
x-request-id
518df720-5932-4497-82e8-a724859d7b4b
last-modified
Wed, 06 Mar 2024 19:23:23 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TLxG4vyrjzYrEzTFkQ33FNEqTBw88OGugJNIQTZZjiI71z5cNifIvpw%2FTItdJyYu3iUNt%2BgAQrGNESFri%2BY7RQ6UgH2QfOap23KDrKD0dAHUlTp1O6CqT82yWXNRmOTsymPHg2jE18UMfDsV32s7czq8qw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials
false
cf-ray
8a46b0358c9b1941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
7jzu9U227TWnNOwgx2-igAOak85Bp4OF1LW7UQck2RakwQd0rLxNtA==
module_166526026759_header-menu-v2.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/module_assets/166526026759/1716224039145/
843 B
2 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/module_assets/166526026759/1716224039145/module_166526026759_header-menu-v2.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f684971a6600c115bd3d3102c43a0b09ad5a1a3c45a818269445ba888ce8d58
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1669
x-amz-request-id
2FP2QR7F3GTRWYCH
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"6805cf8d57acac50bb55afbe7921aa0e"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1716224039145
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000
via
1.1 b140d5b0fbed1dab248b0959f44a7944.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
BzbKtMItj7hwZxg5bjmqXnlAHwZPHzBN
x-amz-cf-pop
IAD61-P1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
056205bb-342a-4af8-867f-75e2dbcc7867
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
180
alt-svc
h3=":443"; ma=86400
x-amz-id-2
zHQALN6UZkzBsMkFPnZzKO/urytl/DhYCMpI2B1+2fo1vXGhxfYfzdTmJb3L7WKmNW/MXvSNN+8=
x-evy-trace-route-configuration
listener_https/all
x-request-id
056205bb-342a-4af8-867f-75e2dbcc7867
last-modified
Mon, 20 May 2024 16:54:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jbeolW%2BBw1nDcoQ7Kfi8CURaHN9wxkqrlIC72OYdtXM1aI6%2F%2F9q71OvyQ6FxR5KLCznvqRwv9r8SRztq6k3HwJb%2BUglj4ZihU1dRCNOaMeZz5csxxEaRAkpqfg%2FxJRkgHxMi3dtQVhKI%2FJhp5%2FhiUMWbuw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials
false
cf-ray
8a46b0358c9c1941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
5CfIS8swdTzFPigpj-YR22jBVSYXF10PTN35SPesxVRE89kalJeVSw==
owl.carousel.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/164742903989/1713364613685/humansecurity-hs/assets/js/owlcarousel/assets/
3 KB
3 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/164742903989/1713364613685/humansecurity-hs/assets/js/owlcarousel/assets/owl.carousel.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
age
1669
x-amz-request-id
JV49QW9HPBKYC7Y2
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"b2752a850d44f50036628eeaef3bfcfa"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1713364613685
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 8f37d2a62fbfeba0212cd5ced67c0c16.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
x-amz-cf-pop
IAD61-P2
x-hs-alternate-content-type
text/plain
x-amz-version-id
lxA_FGpWvDSJaDwG1OPwtR8dnfjYrFcp
x-cache
RefreshHit from cloudfront
x-hubspot-correlation-id
92d4bf7a-6d78-4072-ae75-461bc529367c
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
145
alt-svc
h3=":443"; ma=86400
x-amz-id-2
n6kNSnMjFrycTj+F+eKR37KfjLkxTGvy5aZKt5dr8NCDnQnN+ueMbDDbxFGI9+P5/MYZYaIso3GEXhm2b68vi3rJ0/nleGHk
x-evy-trace-route-configuration
listener_https/all
x-request-id
92d4bf7a-6d78-4072-ae75-461bc529367c
last-modified
Wed, 17 Apr 2024 14:36:54 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UsB9YmNh5hIbt1qvQbymGy%2BvYTYmR9Dq%2F0fpgwZSz1j4%2FOr4QZviHYWVZSoHSnDYJ0Vn5CILy7yroIGa6%2Bl7Q5bYxCr6gQH8gFpd6uTuNhnw941U10Ud2Fm3A0biidH24osuCDpq7LBvaYg1kzxcNhbAnA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials
false
cf-ray
8a46b0358c9d1941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
U_wVHeCd0RvWZa8xLu2rst2-AfXEvDP1m-89XH-16_RN08vRpNZCbA==
human.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/164611792452/1721056561303/humansecurity-hs/assets/css/dist/
47 KB
12 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/164611792452/1721056561303/humansecurity-hs/assets/css/dist/human.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab737fa7c8ceb810f22ddead9edd6c05bd7d28043b601241077f55525f986dd0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
age
171
x-amz-request-id
B5ZTFT7J401HC0KF
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"a0f9a9e469c99511bb3d84cc111a1a44"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1721056562313
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 7dc4818c830423900ae855831181d2b8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-version-id
5hQhru0yOpykQi7i4yqVPmqzTkn1XQcd
x-cache
RefreshHit from cloudfront
x-hubspot-correlation-id
7ac49f00-676c-4e30-a481-5aacdc0310e9
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
151
alt-svc
h3=":443"; ma=86400
x-amz-id-2
oo7Vccrb3uh+B0mqZRZ5RQWZ6F7rM43dtx7oClzf8ypc1uGlPyP2jBug4bK84R5zdW6tqVgzWVs=
x-evy-trace-route-configuration
listener_https/all
x-request-id
7ac49f00-676c-4e30-a481-5aacdc0310e9
last-modified
Mon, 15 Jul 2024 15:16:03 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CRO6ISVhQjFnwn6T%2Bkq7S10oCrN24x4oiRokNkUYO3ohiIrLAWDhqRRcpl3erua7MlCkuX5Wev4J6pOey%2FoyUNvYfbJYMYqEW0Q1TR27aak93Jboyxgr5%2FnQJD4rZJchG7WxRfIY0U%2Br7OKI6O5kgqGp3A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-54bddf99d6-5zvjq
access-control-allow-credentials
false
cf-ray
8a46b0358c9e1941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
ZfvHnoLcLtrHRnTiupTN0TWxNdtQGQyWiT6OAPbc48K57bG5nw0Q9Q==
gtm.js
www.googletagmanager.com/
349 KB
114 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fdb54396c6418ecf53b3c05f4f702f634b0da3cc81c9ce69b7b1d09776fea509
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
116304
x-xss-protection
0
last-modified
Wed, 17 Jul 2024 00:18:29 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 17 Jul 2024 02:09:10 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
PzcU3Ivp6w0l3AsetHXgNw==
age
66409
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6882
x-ms-lease-status
unlocked
last-modified
Mon, 15 Jul 2024 02:05:43 GMT
server
cloudflare
etag
0x8DCA472A275654C
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
242bb68b-f01e-005d-21e7-d6638e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a46b037283a37f1-FRA
expires
Wed, 17 Jul 2024 07:42:21 GMT
prism.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/91065964034/1693233180291/humansecurity-hs/assets/css/dist/
1 KB
2 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/91065964034/1693233180291/humansecurity-hs/assets/css/dist/prism.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b17ad6eab5f71934277721a0558d12da27ef1c1d7688d3dc8e8440165902526b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
age
1669
x-amz-request-id
TD9YA7ZQJ297N399
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"9f0794436f73e871f1d234b0aed34aaf"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1693233180994
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-version-id
4AdoQ1qbFlghg5XDq_6m5FKyZgIg_9_9
x-cache
Miss from cloudfront
x-hubspot-correlation-id
5935e731-7be7-471f-b0bd-6bc6afdca7f7
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
152
alt-svc
h3=":443"; ma=86400
x-amz-id-2
arCLVziG4PZvBuNmVXCJp7MpQ6Vohs9AitouY9vkCI6eMLYqyEqQ6EpUpzNhU3j8D9GvLx9mp9Q=
x-evy-trace-route-configuration
listener_https/all
x-request-id
5935e731-7be7-471f-b0bd-6bc6afdca7f7
last-modified
Mon, 28 Aug 2023 14:33:01 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i1JjeinAhWqN1b6n%2BXp4luQ9FRz7lJ1%2FwSpXH%2FZ4TJIRpT8zy25w3uRSESsaB8AxWNq0%2F0IzXzjf0BV7FYHmVHfbLnzFIPs6MrVT%2BRRkcdp7Zo5M7jDcdh6OXHI%2FVUQYnC7u5IFzJWm%2FNBWNFY31CqckNA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials
false
cf-ray
8a46b0358c9f1941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
qPIzfQXlBGzLZqw8SFg5lIAFtP3kXgseHcwku-Pqrd4Jd1kbzd4wSg==
in.js
platform.linkedin.com/
510 KB
160 KB
Script
General
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CE6) /
Resource Hash
c7a35841c0957d8e8dc3211bece89411757630609c1e47f134c3ff8804fb8d33
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cdn
ECST
age
2993
x-cdn-client-ip-version
IPV6
x-cache
HIT
x-cdn-proto
HTTP2
content-length
163630
x-li-uuid
AAYdZ0BATi86vZ9ljFs9FQ==
last-modified
Wed, 17 Jul 2024 01:19:17 GMT
server
ECAcc (frc/4CE6)
x-li-pop
prod-lva1-x
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type
text/javascript; charset=UTF-8
x-li-fabric
prod-lor1
x-li-source-fabric
prod-lva1
cache-control
public, max-age=3600
x-li-proto
http/1.1
accept-ranges
bytes
expires
Wed, 17 Jul 2024 02:19:21 GMT
js.cookie-min.min.js
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/120377909830/1693233183213/humansecurity-hs/assets/js/dist/
2 KB
2 KB
Script
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/120377909830/1693233183213/humansecurity-hs/assets/js/dist/js.cookie-min.min.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cac5e10bd3d5631c178a838d415c28b126daca61e10e81e6dc36aa18919174f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1668
x-amz-request-id
PFT9EKC4Y1B1B5DR
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"b2d77f293176c0278a1d65d5afe1d1b9"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1693233183379
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000
via
1.1 263d97c176fc51d1d08116820c013de4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
LVKDx31g5hiRxJMSIPYCqKTZgOeBIIto
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
9f4b3053-3eb4-4fd7-983e-9e1169308f77
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
176
alt-svc
h3=":443"; ma=86400
x-amz-id-2
0OlTjSSmWiatL2EgH5ZAbw1bbpiPGAodzuIIRhxgOkDMm71dkefCADCkeS5u7rEskwgNBf6vO76f4xD5eV/Hyw==
x-evy-trace-route-configuration
listener_https/all
x-request-id
9f4b3053-3eb4-4fd7-983e-9e1169308f77
last-modified
Mon, 28 Aug 2023 14:33:04 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YsXRCev0scmKOMUikvP6dgzRhStsHnj5S2EJBPDRdu73yuI6EY7bb4Eri7HwYFbZB0pcr1WrK%2BDvPI8p4fF6rhqR1Lr6QAK%2Fo7VvrwGPhtyB4fPSLXEqueGEes5ONr5XuAdqi3fPdewHQ5NkVkMq7ravjg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials
false
cf-ray
8a46b0358ca01941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
Cf93sz_oaE4095RW6WCJRJwMgxBOIPKTDybrsei0SFldUlNm1GqAMg==
header-lazy.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115388248694/1709752515544/humansecurity-hs/assets/css/
62 KB
8 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115388248694/1709752515544/humansecurity-hs/assets/css/header-lazy.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
92cde36d24b66c5bb39231c290e47319cc207455557a1c4ddf0b1c584422db77
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
age
3304
x-amz-request-id
X7G0DJ5YPQ34C7Q9
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"ab9f490b09044ac8accc7cd47c303436"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1709752516468
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 95ad9d4dc596fb803e3114c8dbdc4b60.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
x-amz-cf-pop
IAD61-P1
x-hs-alternate-content-type
text/plain
x-amz-version-id
_V.JkPAY5XMXY1FxwyxeMEqz70RyFn88
x-cache
Miss from cloudfront
x-hubspot-correlation-id
6a7e5b41-1435-45f4-9d9a-b2764d65be5d
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
205
alt-svc
h3=":443"; ma=86400
x-amz-id-2
RnTAzO67+Q6MxeWeYGRJu8VDZTWha+izr3um4vv51gHGciOB2e8CmA2r4uecmrAeAL3elKqitc8=
x-evy-trace-route-configuration
listener_https/all
x-request-id
6a7e5b41-1435-45f4-9d9a-b2764d65be5d
last-modified
Wed, 06 Mar 2024 19:15:17 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jSq2TZun7zz8BE4uUXQeK2345KdKZSyzxx8ihvKuN89aARxItJ4PSkScEEH4NzJLd0%2FpY4si7HyYvfyh2vGR3XFmk5zIKlLCP7G2OHVa7eab0qL8Mq%2F%2BLmM2fJyqCKKoH%2BZi%2F4xwNy84rQBjeUG8D6dHUw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials
false
cf-ray
8a46b0358ca11941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
tPBF7Ui4It8unVSfDZj8p0XO91JyEbcsKMehitNWcHfy2PRxAaGFRA==
shield-1.png
www.humansecurity.com/hubfs/
7 KB
8 KB
Image
General
Full URL
https://www.humansecurity.com/hubfs/shield-1.png
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
adfc35d72ea1d0feaa677acecd2dafad7fdda56b02a76d7f51ad1bc067c2d499
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-5862207449,P-3400937,FLS-ALL
age
274585
x-amz-request-id
G63RTGG6F2FCX3V4
edge-cache-tag
F-5862207449,P-3400937,FLS-ALL
content-disposition
inline; filename="shield-1.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"a7f612073c41fe336a127bcdc8c85fb1"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000
via
1.1 a5607d37f6322bee208b762f730550a0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
9.gcTtGdad6IxMaTuMgRoNGBoTuxoK7p
x-amz-cf-pop
FRA60-P7
cf-polished
origFmt=png, origSize=12483
x-cache
RefreshHit from cloudfront
cache-tag
F-5862207449,P-3400937,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
6658
x-amz-id-2
qf2osl6aZnGjT0vEOS9M3/7U/bnjPMm4pRXREYQa+ocrvm3ptJjksZa4vk1Lf8tSnOEw0C7V6WE=
last-modified
Fri, 08 Jun 2018 19:07:22 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vcsAEkzBWpSsZZIr6yi0meBZyEOCkm8asSIX8CihnpUN1ut3bNAQMXhv3KUj%2FcuuZqEB4g8uoayi6A9fyqWxbpJOofoFJO%2BZVMWIoFC9hkICcynkI%2FUcp2ZhmvGFDeK3PK9AP5reXk9nz8gIJ%2BuX4kSn2g%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a46b035acc61941-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
oI1EfnPgfhkamzlEI6qLC0nUQ6Vm3OF5LLEsdsMgeqpkXhPkFdVRMQ==
HMN_Blog-images_2024_Konfety-2.jpg
www.humansecurity.com/hubfs/
39 KB
40 KB
Image
General
Full URL
https://www.humansecurity.com/hubfs/HMN_Blog-images_2024_Konfety-2.jpg
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3fd799acb893b5ebe0d8afccfd19e932cfed9ebf5c18f8f940118afda06d29c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-173051066500,P-3400937,FLS-ALL
age
46479
x-amz-request-id
0BBQ7T6J5NFBNPKM
x-amz-server-side-encryption
AES256
edge-cache-tag
F-173051066500,P-3400937,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag
public-indexable
cf-bgj
imgq:85,h2pri
etag
"ac4c7cdcec8495ee5d2b335199e7aa05"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1721068019614
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000
via
1.1 8bd22c4e977189bdb5963957ff8477de.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
7_BcQ7OnAm7YwGfIGV7gqVi5tYPoxSIC
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
cf-polished
origSize=42037, status=webp_bigger
x-cache
RefreshHit from cloudfront
cache-tag
F-173051066500,P-3400937,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
39616
x-amz-id-2
uv8NiyLuDvDMpfrr76UaeMCm82cFuy7kb+Doskz+eo6f/gxFzKBZL7ZUEeBKTG9pdSB03tM4ayI=
last-modified
Mon, 15 Jul 2024 18:27:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wOt7IPMdE9f0I0NIbLbbb1ZESbfIIOOLXmslGylEbvJQ%2FFFpNHYGq0F1Iqlcdf63%2Fe%2FJNT7%2BDIrVN%2F8fQwabwnyPeZeEM0QBMpVtkzgWf9mhCjAsHqmpamUywJzXIP6cdUsDwTGDh4qO9qzMPluPJwNVpg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a46b035acc81941-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
XLRsFaxDEj-bFXqHBFbkkcM1k9A49sa1QB48GTvTaEDshGq2DhSVHA==
embed.js
static.hsappstatic.net/content-cwv-embed/static-1.971/
13 KB
5 KB
Script
General
Full URL
https://static.hsappstatic.net/content-cwv-embed/static-1.971/embed.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:ac5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
x-amz-version-id
1gm1MaaLzWiIBc2FerIVtLdckhSMSaY7
content-encoding
gzip
cf-cache-status
HIT
via
1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P6
age
1154312
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 05 Jun 2024 15:05:39 GMT
server
cloudflare
etag
W/"26c40482b55a607cd44486a2958741d4"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GgNqYD1qGJDwUVp%2FjDjRvwnd9lSPMSLjoNmGSJSCA3WLRQqUyppvFUqhpUkHwUYqSe5rWd86xQztUGhXX5ugBGRLNiVYjOiQKFGKUPysbmlQfAWb92zHsryInOVAT0lFHDFDzn7mtm7kaAi8m0a8uxaN1L0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8a46b037381e19af-FRA
x-amz-cf-id
4KGI5t64pXc0VBpiZlqrGzYDMFRUiAtNY-kZWNgC73HhfnStC05rHQ==
expires
Thu, 17 Jul 2025 02:09:10 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/
87 KB
28 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1140182
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27938
last-modified
Tue, 02 Mar 2021 18:58:36 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"603e8adc-15d9d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rKzo%2B9%2FkgUr1idj0Vf6qU%2BODqSYA%2FUjKwb5RE%2B73uF7BVasbbgyeuEcSh8qWfkO0oclynMBdlrvBxmAUPJE6PAMQOv1lJTKv%2FNfRcBc6D7JgDGlMb2XfsT1ibNtlr2Ts5aJZjfM3frNVfoZpSNwDnhf8"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8a46b0367e7d695b-FRA
expires
Mon, 07 Jul 2025 02:09:10 GMT
3400937.js
www.humansecurity.com/hs/scriptloader/
2 KB
1 KB
Script
General
Full URL
https://www.humansecurity.com/hs/scriptloader/3400937.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
25f465dbb7dd46caf67af5cd3628703b5026b57013ece9b8905735c3d268d9fa
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
a791bf8b-6c57-4129-8f86-bc4c236148e7
content-security-policy
upgrade-insecure-requests
x-envoy-upstream-service-time
12
alt-svc
h3=":443"; ma=86400
content-length
618
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
a791bf8b-6c57-4129-8f86-bc4c236148e7
last-modified
Wed, 17 Jul 2024 02:06:19 GMT
server
cloudflare
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-7dd59b876-4rbtd
cache-control
public, max-age=90
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j9r5XCGEepKdKjLxjQ7YSrhYuNuHcDuwYjYY%2BZ7ZwwhWA%2B9Y2WDorr6dShCA98N97icdadlt%2F%2F1J8JAm9zqclY02vtpOkzVXxBxJ%2FHJNOr5H3fe5hsb41xKjuUWEHCCkNm5OQH7x2ozJ7N8uaDk6nCZoRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a46b036de371941-FRA
expires
Wed, 17 Jul 2024 02:10:40 GMT
index.js
www.humansecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.349/js/
12 KB
5 KB
Script
General
Full URL
https://www.humansecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.349/js/index.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b987245cc5d802ec15d04b1797d14a16f002aca05348c13f79d31ecedecad8ac
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
via
1.1 fe3f25790bc50bc3d0e9d4585a26a248.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
age
18857
x-amz-cf-pop
LHR50-P6
x-amz-server-side-encryption
AES256
content-security-policy
upgrade-insecure-requests
x-cache
Hit from cloudfront
x-amz-version-id
xQGlP28JK8czygjYT3ac5MmMcZh4SwPp
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 16 Jul 2024 20:51:48 GMT
server
cloudflare
etag
W/"804371e77c152132301ab9a09be49f93"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JuCM%2BU5QESEX%2Ben8%2FX6W0SSzsQWHMHTJSSN0rF7LeJaaElEanlslwN4fkDZPqKIM0onzzkZ8%2Ba85lSTqaOIvEzxfBNJUNDVcOoaNGvXdjd2BzDHAEDp%2BERTB3nbyWTf%2BI8PqZur8hAqb%2FpfpIQyQPUQPWg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8a46b036de3a1941-FRA
x-amz-cf-id
oblp2cdpnaFkrH0rFz0hj0mu43CM2qjuZLI9TvbwOLCocbN9BV05hQ==
expires
Thu, 17 Jul 2025 02:09:10 GMT
prism.min.js
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/91065958246/1693233184177/humansecurity-hs/assets/js/dist/
21 KB
8 KB
Script
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/91065958246/1693233184177/humansecurity-hs/assets/js/dist/prism.min.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
439042e0204db71db38bb4cbe130c3e520d35a14c2d9f65200308eaf1886eb64
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1667
x-amz-request-id
P7W4WA185SVKR45B
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"e04540ffd56a0772a80fe4364a8bf233"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1693233184509
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000
via
1.1 c6b0d1d85b2590c57ac754bf9e61944e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
zkFy2U0v.jSQC8vEXzv06RDRCJ.ugkoT
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
e41d1350-a9c2-4028-957e-1943ed095826
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
172
alt-svc
h3=":443"; ma=86400
x-amz-id-2
qQ2AP58W2AJOYF+Jfb5+Y4LVvtwTvCkI0gu9f78w/GGAwmmZ5mBzb4DImxPt1LDbUZjfAnm9XJRoYkRJ0AJk9o9iFTY6pk4m
x-evy-trace-route-configuration
listener_https/all
x-request-id
e41d1350-a9c2-4028-957e-1943ed095826
last-modified
Mon, 28 Aug 2023 14:33:05 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=leZ19IJYaic8ICy1TvpOMpJDzvhphRnSYzt2tZiEUHnO34AMHx%2BfKkEGzj4pt5IjCKytNZlic8veGBkIQRMyYOfirfUdCym9J4UfDSQwiBjg5ryfdaXzg7KSDuQUGiQ2Q6Pe69bsrKBqpfTV3ytQuWlnxg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials
false
cf-ray
8a46b036de3d1941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
R4Vswjr6kig5b80cSQ7cJsKV8i_T3toOaNOaN5pjXHeKsIV1CIp_Eg==
lightbox-combo.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115307516677/1698698455711/humansecurity-hs/punch/assets/css/dist/
8 KB
4 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115307516677/1698698455711/humansecurity-hs/punch/assets/css/dist/lightbox-combo.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
671367c3c0e84517f31e61945cd9ba416f89eb653dbc3c4d1828518ef5c627e7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
age
3303
x-amz-request-id
JMJZ79XRSZHPKFDB
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"3d743ab0a1949bb9ac17908aa63faff8"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1698698456389
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-version-id
ELy4NSaJEl78PQk9TJ5aF_svDOrYHxB1
x-cache
Miss from cloudfront
x-hubspot-correlation-id
742395c6-cb55-43a5-a761-b1ce8c5c2fb7
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
254
alt-svc
h3=":443"; ma=86400
x-amz-id-2
kdRTPW3ZchItL4AlE64u7dNTfZp8FAsBYI+7q0+DGOA1LB0yIP7vxOtm/x6VOMLn/596trWNyhQ=
x-evy-trace-route-configuration
listener_https/all
x-request-id
742395c6-cb55-43a5-a761-b1ce8c5c2fb7
last-modified
Mon, 30 Oct 2023 20:40:57 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ULfCjnxOpF%2Fjz2k2FK%2F9grKmkR9lDCRgdoxPwCPOGgeCPIqx%2Bqu10E8MS8a8XhE5ibkM6T8hoL8cH13ozT8TaiL45QHFUBZEjzR6QOiaoyicAM8lVV2d%2BYt%2BblZz5uvi7lKwt%2BCe4J4H3shIYTH6F3ndw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials
false
cf-ray
8a46b0364d751941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
SlVTBiYQqtY6nL_jCfD3pAvlGRnfgMsps2BE5dgupYg83_kLoE_ZZA==
bulma-grid.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656841263/1698698444648/humansecurity-hs/punch/assets/css/dist/
26 KB
5 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656841263/1698698444648/humansecurity-hs/punch/assets/css/dist/bulma-grid.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
78142c1a0831423d3fee5308b442b24659445ac8d7c34b92bde6624cc012f4e8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
age
3303
x-amz-request-id
YXSGC4ZTX2G2ZB71
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"7e59b5a4545779f41e2037e047741bac"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1698698445418
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-version-id
9qYDnhWep0M62FVMJnv5CyhdEIgIEl8a
x-cache
Miss from cloudfront
x-hubspot-correlation-id
bd73196d-f765-4d39-99cb-398af5b39723
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
148
alt-svc
h3=":443"; ma=86400
x-amz-id-2
MH4WVjbFsMPc10GdSEP0lIEFFzhoGq4q26IiBseBMBZJiAFMr9oqBLNNVZbCu1/uEAnGJ8YIKBc=
x-evy-trace-route-configuration
listener_https/all
x-request-id
bd73196d-f765-4d39-99cb-398af5b39723
last-modified
Mon, 30 Oct 2023 20:40:46 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=InsrNaAjvYJtNU1VliAiDjEZKB%2FBgqzyVHI98bA%2FpXs08%2FtSj7FXfaJudTypl1gUnOsW3CF5rxukwfJNBWfXH5hjoxn0hllPMuhSqYCWPxB1tUYJcMIMoRpdLC9MGNX4raFoANHhFvV5%2BOe%2BCDpRuY%2FD2g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials
false
cf-ray
8a46b036bdf41941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
6xNmKqb4vlK4RLdcx_kAqHzBT1Nx9KD0U59cHmlRl9DzC1z5MEY_5g==
flickity.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656841264/1698698444616/humansecurity-hs/punch/assets/css/dist/
2 KB
2 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656841264/1698698444616/humansecurity-hs/punch/assets/css/dist/flickity.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
27d001801da9af0f66dfdc4b42a2a22ef3c91682ec36157d1e38c9c75e16bef6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
age
1667
x-amz-request-id
JMJSS7QRNMRN81W4
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"b75662d6f54e7a5c27d147376632748f"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1698698445246
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 fba666ceffdeb316c8edf476d8994bd4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-version-id
Nbji9Bjxg49HIGnuSoWxjDbh9B0ruDRH
x-cache
Miss from cloudfront
x-hubspot-correlation-id
c23fc4af-d4e9-4184-be4c-8afc8f4e3c20
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
181
alt-svc
h3=":443"; ma=86400
x-amz-id-2
PoDdEgzj2GMedWfMCCvv3EjxAzfQwRskDkAhQo9/titfS/zITu1sPyqkIjS6Znj9WAtL+vdlm/vJbP+UDGsz0w==
x-evy-trace-route-configuration
listener_https/all
x-request-id
c23fc4af-d4e9-4184-be4c-8afc8f4e3c20
last-modified
Mon, 30 Oct 2023 20:40:46 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2g1%2FYnaDPfgOi0coriNxnFM84FS85YDFeRUnN0qCuqyIFrUu7LTk40t6DViwES%2BSzp1rLladfQpq8UFr1kSFrYFsbrYLT72hGXMA0e1szIKMsR%2BG6NpnnxPTjUpVExSJZaJcZzxUGjU608mI8bilBAAjpw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials
false
cf-ray
8a46b036de1f1941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
LaMV6KLQdJFe__HazTmcq4w_0jaaHSmXJYLxybs5Uz63Lolq3uz3cQ==
custom.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115450692019/1698698457814/humansecurity-hs/assets/css/dist/
0
1 KB
Stylesheet
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115450692019/1698698457814/humansecurity-hs/assets/css/dist/custom.min.css
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
age
171
x-amz-request-id
JMJVCSJRVYW1GX9Z
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
"d41d8cd98f00b204e9800998ecf8427e"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1698698458499
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000
via
1.1 148f45d892bd2198be5295012ed59888.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
yPbyfUQgByZmsXz3Bv8lGkrQvoYQGHox
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
1ebb22dd-a4fc-4261-8e44-1f65e14f8f27
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
177
alt-svc
h3=":443"; ma=86400
content-length
0
x-amz-id-2
nHy8UArMJXsXdK8EG0irBQ0JggRhUkzAfQ3hYjomcvkEuE9szfbt8HWs+V/3Df0i4ssPzpU/Ono=
x-evy-trace-route-configuration
listener_https/all
x-request-id
1ebb22dd-a4fc-4261-8e44-1f65e14f8f27
last-modified
Mon, 30 Oct 2023 20:40:59 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uWNhrM7hR1r3lssm1%2B8hsIv9D6owEedMr%2Fji4p4YTtWZ2o7oAhYsowFXcFqkmJWMGQ5sVuK8iwWcH0vyJiCX%2BFbHbr%2BMISs3blSHmgD9U5BVWNC0W%2Fv1FQ7alkg7iSnnA6zUE32KOoCo1ARVPt%2F0ZtKMyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
8a46b036de2a1941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
HCZ37gVHgG3O6TYR8wfwFmL-rNmDcBgEhaBUETaFJvFiTxw5r2T1mA==
lazy-loading.min.js
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115307132989/1698698445616/humansecurity-hs/punch/assets/js/
3 KB
3 KB
Script
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115307132989/1698698445616/humansecurity-hs/punch/assets/js/lazy-loading.min.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0d54140c9e5b41f4f5f8fd5583a8ae657452e2bec968966ab70c26d5ae77719
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1985
x-amz-request-id
JMJPV9D1CQYNZEJ8
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"4bad0a4c32f8ed6cc9ae26f79403ba1d"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1698698445767
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000
via
1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Yf5CV0qo3j47sw1HNl1JCGV8Teo7T9N0
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
459f6b4d-725e-427d-bef2-70609a51faa8
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
229
alt-svc
h3=":443"; ma=86400
x-amz-id-2
7bUv83GM2YQwk2AVt8qivso62eMiq2RRKXfHPJ+9c/4AN5amylDE6EEyvT01JAGVx7iMSZhW1F4=
x-evy-trace-route-configuration
listener_https/all
x-request-id
459f6b4d-725e-427d-bef2-70609a51faa8
last-modified
Mon, 30 Oct 2023 20:40:46 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uJHVeAhRybWMy%2F06lLWS4ct27H9WfzMyDPNfJCOExZpRgvm0hXsdGx2B0WtcvWhdTpzPsertrnPm1hpK5T0HfWKMXtg7xrXU106Bvv3bjLbUAz9Ugt5M74iU6%2FusHBJdKfcnbm9nEof8TfmWlmnrIVt76Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials
false
cf-ray
8a46b036de2e1941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
FYKZsL7z8Z3JFiG1oFnhlRQ9gxjz02mLti9_1hWMyewk7fT_0pN-Tg==
owl.carousel.min.js
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/164742850616/1713364613712/humansecurity-hs/assets/js/owlcarousel/
43 KB
13 KB
Script
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/164742850616/1713364613712/humansecurity-hs/assets/js/owlcarousel/owl.carousel.min.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
171
x-amz-request-id
JV4CDCAVB6Z3P5ER
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"f416f9031fef25ae25ba9756e3eb6978"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1713364613712
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000
via
1.1 ee9b452ef78932123abe17295c8c65be.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
YXST8RJs5KZFT1MFRhfRhJxx14M2tAc1
x-amz-cf-pop
IAD61-P2
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
c39598bf-e9d4-4074-a353-13581418732e
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
162
alt-svc
h3=":443"; ma=86400
x-amz-id-2
JtAM1oryMCrgcBOgTicQ//yYq57Qh8l9nX4GoyTDKPqi28DiQmkdM1MbKAZD8Rds4j63At6L4oI=
x-evy-trace-route-configuration
listener_https/all
x-request-id
c39598bf-e9d4-4074-a353-13581418732e
last-modified
Wed, 17 Apr 2024 14:36:54 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=73HZY%2BBGPPm6lK7yFvTllWpbS%2B5tpLTQ8V2okgY1gDh%2FX6CnR9G0GoFRr2r9rd79Oinj6gBLS5tAvBUktLpQvfxgx9ESrowGo44ZsYvCTbiGeSmzjo%2FH7uYlNEpMscNTJIwkKFp7cZ2sG97jNPdL%2BbiK8A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials
false
cf-ray
8a46b036de321941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
8hEFThOQFEmwzHYh9YprKIGY6QjrS9SGqTxk2aiZyRX-u5dbQZiCgQ==
frontend.min.js
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656674711/1698698447070/humansecurity-hs/punch/assets/js/
7 KB
4 KB
Script
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656674711/1698698447070/humansecurity-hs/punch/assets/js/frontend.min.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd5e60442181c68a2711c4a407db551e51e0af167f16b86775ceb7e56679a045
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1667
x-amz-request-id
E8DHH2DZ85ATAQAD
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"a4f49c0d3a6711894e9c55d1c0c7de21"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1698698447313
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000
via
1.1 c6b0d1d85b2590c57ac754bf9e61944e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
9kHHRG.4lQ.A7FuJiqDBrnDLMH9bi.w1
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
f10daa55-b2df-469c-a170-d05370996216
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
188
alt-svc
h3=":443"; ma=86400
x-amz-id-2
cIbrffKWNP1qwiNGYKqgGYMeQFSocTX0D0wBfs2Ve5uEj8q3Lx06oHbpL2ss7ub7Qyjj1Dqp/cUitMl85G1KPg==
x-evy-trace-route-configuration
listener_https/all
x-request-id
f10daa55-b2df-469c-a170-d05370996216
last-modified
Mon, 30 Oct 2023 20:40:48 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5j63IJc5aFDpt7Jgr0o6wfGDdQ4XNqDwK5OsmC16B1DSb4AagVqEsLSu9NAjGlVkJib41bpOGtC%2FcYPanzPK54YN7JTtF1QEX04YoN4mfPdZ%2BXXkF27%2BFKL6Atk9v5wwRftZEnmF%2BZL4BS%2BAeQxJojlipA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials
false
cf-ray
8a46b036de3f1941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
X3W-DqHE06ckRN1KOlE3ylwzrHCgxYJ7KEjcd7NNKBhEPvtVrHkerQ==
main.min.js
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820292/1701277809330/humansecurity-hs/assets/js/
5 KB
3 KB
Script
General
Full URL
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820292/1701277809330/humansecurity-hs/assets/js/main.min.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d651066ec06c641549632f4776b2cdbf638ca0786adf1c58f44a2728daed9b00
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
3102
x-amz-request-id
JMJPTVVQ4XQ1DA38
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"685174d68af17bd7d0e6a28ceb5be545"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1701277809525
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000
via
1.1 7c4bbd97f5be908e33f403c3794f629a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
vY8wV06NgfCiTijo9TsZU9.WhSQoNj73
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
5f0108ff-9694-4a69-bc9d-593e3fec5140
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
257
alt-svc
h3=":443"; ma=86400
x-amz-id-2
37tSop7bplhdwAOY7u7kT2dzPRF2LLBfVUXV1FpzsyzXr+2ea/8z00lXgxR8sYW3ZlF1Et8MRMo=
x-evy-trace-route-configuration
listener_https/all
x-request-id
5f0108ff-9694-4a69-bc9d-593e3fec5140
last-modified
Wed, 29 Nov 2023 17:10:10 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yo%2BwAY4k7iuEg2k6ZIfYo7qf8nDZes92UG7Sk%2F5ienQUwTEYxdEqAI8VYRfgQ8ptoWhHYe3aOAjEkBZTSse3LULYzF0YopWYJ40bpUZvQlipD5xxB6lds1%2BauZMINMmNjMp5SuzJKE5in8ng0sDnDUSnNg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials
false
cf-ray
8a46b036de351941-FRA
timing-allow-origin
www.humansecurity.com
x-amz-cf-id
sDN7dqMSBSIcDD-QB888Ehyoxz3jYikP-Hu6BSlGrEbR9lnnKlE5DA==
css2
fonts.googleapis.com/
14 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600;700;800&family=Barlow:wght@300;400;500;600;700;800&display=swap
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820289/1715786988598/humansecurity-hs/assets/css/main.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1bb0e098f5a598b1a0dbd04775c38b0421251adda71dfc6cd7ae673e710da874
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820289/1715786988598/humansecurity-hs/assets/css/main.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 17 Jul 2024 02:09:10 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 17 Jul 2024 02:09:10 GMT
bat.js
bat.bing.com/
49 KB
14 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Wed, 17 Jul 2024 02:09:09 GMT
last-modified
Sat, 13 Jul 2024 20:42:16 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E628B77567DB404D9CB7D37073C261AE Ref B: FRA31EDGE0110 Ref C: 2024-07-17T02:09:10Z
etag
"044982565d5da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
14183
zi-tag.js
js.zi-scripts.com/
9 KB
3 KB
Script
General
Full URL
https://js.zi-scripts.com/zi-tag.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7bcabdeabc928df5f998a410f656db22b6d8973ad3b73851feaba2ee6a44bc8

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
x-amz-version-id
az1JGSQ.qou05rXeP8ubGTGmlUNWgCp9
via
1.1 92ab13182d4b89ed20b3b5c10adc4f22.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
content-encoding
gzip
x-amz-cf-pop
FRA6-C1
age
52777
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 24 Jun 2024 11:29:23 GMT
server
cloudflare
etag
W/"e3c441f75699329acb887bf918f755c9"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8a46b0375f53bbd9-FRA
x-amz-cf-id
DXnLM1Sfuk7qi1v3IdQK3DOPRsBrIuwE9iu-p8KVXcE3Q9ij4QkoCQ==
landing
pagead2.googlesyndication.com/pagead/
42 B
64 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=13p3p3p2p5&tag_exp=0&rnd=151495630.1721182150&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&dma_cps=-&dma=1&npa=1&gtm=45He47f0n81KVP42DDv830094232za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:10 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
312 KB
104 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-59DHKRCY6M&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2b8cd89a6ee33abb737efbcad5acc23602f53905b2a42f46518efb2c66edcb06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
106294
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 17 Jul 2024 02:09:10 GMT
6si.min.js
j.6sc.co/
68 KB
19 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-170.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
f0b06f5902f28b3ef029c76a5d0baa23b794870af8e4df15d542163b07714276
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 12 Jul 2024 19:23:12 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"669182a0-10e7a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, proxy-revalidate, max-age=1800
accept-ranges
bytes
content-length
18682
expires
Wed, 17 Jul 2024 02:39:10 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 17 Jul 2024 01:41:01 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1689
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 17 Jul 2024 03:41:01 GMT
destination
www.googletagmanager.com/gtag/
269 KB
92 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-878225418&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5aace294040a33c9bbf8d4be4e8f344b997d4f584e37b6821e9e3775e4b5b6ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
94431
x-xss-protection
0
last-modified
Wed, 17 Jul 2024 00:18:29 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 17 Jul 2024 02:09:10 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
38 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
dbfeb010a0c8acddc38dea97e228787f16ac5e30b4af96b764fa2252fe3827e4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 11 Jul 2024 09:19:33 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=19396
accept-ranges
bytes
content-length
14011
hotjar-3389720.js
static.hotjar.com/c/
9 KB
4 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-3389720.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-53.fra56.r.cloudfront.net
Software
/
Resource Hash
8af62ffe7b7970898976897e8c6d22fbddec8e6e99c1e9c2ecc2f07aa1fb5805
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/36eb17fe53f7c9a095b9cdc0ff7432eb
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
RH-VX5JC4TH8iFb6CTp96-d2QRW4f91yhoirsuc6czk3cCLjXT3MeA==
5210.js
tracking.g2crowd.com/attribution_tracking/conversions/
2 KB
2 KB
Script
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/5210.js?p=https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&e=
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82ec28f3854d18459405d3521985c2c7961f9a1b096c857a8515cd27e195b8fd
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
content-encoding
br
x-permitted-cross-domain-policies
none
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
content-disposition
inline
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
origin-agent-cluster
?1
cf-ray
8a46b0379c2e366e-FRA
sl.js
scout-cdn.salesloft.com/
6 KB
3 KB
Script
General
Full URL
https://scout-cdn.salesloft.com/sl.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4869 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
x-amz-version-id
6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-request-id
EZPGEPEQRJ835T56
age
3160
alt-svc
h3=":443"; ma=86400
x-amz-id-2
vj/H9CfyiKNwtvLJrelCw6CtXo93qB0KDTwbomYs8Kf/kZA94jYHXVgMqek/RNtsa+9eO7BrPxA=
last-modified
Mon, 13 Dec 2021 16:28:37 GMT
server
cloudflare
etag
W/"d74cc4825c8e333b2116da3fcc649db1"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
8a46b037ed3d1e4a-FRA
expires
Wed, 17 Jul 2024 06:09:10 GMT
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.31.85.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-85-59.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 02:09:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Mar 2023 01:24:48 GMT
Server
AkamaiNetStorage
ETag
"cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
729
main.min.js
client.px-cloud.net/PXxDhGmtcm/
169 KB
70 KB
Script
General
Full URL
https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:11::215:14d0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
8dd58f4bdbe044fb5e05bb595fa7b0be061f21df9f545a21da688ec614c8987a

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
last-modified
Wed, 17 Jul 2024 01:52:37 GMT
server
UploadServer
etag
"3eb0f18c14565952fa152953995c2250"
active-cdn
Akamai
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
active-cdn,x-served-by,Akamai-Request-BC
cache-control
max-age=600
x-goog-stored-content-length
71090
accept-ranges
bytes
content-length
71090
expires
Wed, 17 Jul 2024 02:11:02 GMT
truncated
/
381 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
201b591d8778f953b5cde276d197d939dbc151d21e948d0e91d8869901f9eeb8

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
Single-Post-Hero-Bg@1x.jpg
www.humansecurity.com/hubfs/Website%20Assets/Backgrounds/
15 KB
17 KB
Image
General
Full URL
https://www.humansecurity.com/hubfs/Website%20Assets/Backgrounds/Single-Post-Hero-Bg@1x.jpg
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115451707707/1709753002216/humansecurity-hs/assets/css/single-common.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b84398de46283985db9507da817ab6fd1c66687b7b9f6d1bf3e0de29bc2b3e28
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115451707707/1709753002216/humansecurity-hs/assets/css/single-common.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-115446220894,FD-65670907291,P-3400937,FLS-ALL
age
373912
x-amz-request-id
GWA4QXTPX2478MCW
x-amz-server-side-encryption
AES256
edge-cache-tag
F-115446220894,FD-65670907291,P-3400937,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Single-Post-Hero-Bg@1x.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"dd6b6465df335a37717da6c525533fc1"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1684015842832
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000
via
1.1 b159f39ee34c14548a9d9dc3e730676a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
CdDX03HZKu6sllEw2p2ZvE8w0miVHEku
x-amz-cf-pop
VIE50-P1
x-hs-alternate-content-type
text/plain
cf-polished
qual=85, origFmt=jpeg, origSize=34092
x-cache
RefreshHit from cloudfront
cache-tag
F-115446220894,FD-65670907291,P-3400937,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
15628
x-amz-id-2
xhDynToFnaDes+zdmWYpLyukKfS4/byH7QRKa0MHC8rvsnvVo1MvdlPkyD8CT7AoAo67vTFNIn8lD/Qi6vFgitkhdQ0t0u4jqcXpnW4RDbo=
last-modified
Sat, 13 May 2023 22:10:43 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9HGYcnDJCSGh4G7XoHUCUsIjfvUByowfM9X%2FWzt61KAfxn0oMwRu6R%2BbgN7l%2BqJaV%2BnlikKH5xqWt3PCmIcuGklv6XkIGlbC45HoMpmG0%2Bio%2BGS4RwbGI%2BWPsx6NOjo%2FC9ex7u2WuNL3Tv%2Fyqzzmfmmqxg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a46b0375ea31941-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
NQkMaoitZ_DlA_NYnDHlTAGOirWD8uZVPHpU9eSymtX-1N-BX5Sg7A==
truncated
/
378 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2fc92a4b6bcd0e8fdd8b4939e421646379410fc25266f0fb5f1abf07a843f93e

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v12/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600;700;800&family=Barlow:wght@300;400;500;600;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.humansecurity.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 07:38:12 GMT
x-content-type-options
nosniff
age
66658
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21724
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 19:29:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jul 2025 07:38:12 GMT
7cHpv4kjgoGqM7E_DMs5.woff2
fonts.gstatic.com/s/barlow/v12/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600;700;800&family=Barlow:wght@300;400;500;600;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.humansecurity.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 09:37:53 GMT
x-content-type-options
nosniff
age
59477
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21144
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 19:43:23 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jul 2025 09:37:53 GMT
7cHqv4kjgoGqM7E30-8s51os.woff2
fonts.gstatic.com/s/barlow/v12/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E30-8s51os.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600;700;800&family=Barlow:wght@300;400;500;600;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2b14e8397d552f351a4396dec25ec5da1348865683100e94c4ab0faea4a9a254
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.humansecurity.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 12:19:38 GMT
x-content-type-options
nosniff
age
49772
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21796
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 19:35:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jul 2025 12:19:38 GMT
HTxwL3I-JCGChYJ8VI-L6OO_au7B46r2z3bWuQ.woff2
fonts.gstatic.com/s/barlowcondensed/v12/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B46r2z3bWuQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600;700;800&family=Barlow:wght@300;400;500;600;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8320299532b4b81498d5b3714d49c9d5938883b55f4c2a1efe6f105bf4a942bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.humansecurity.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 15 Jul 2024 18:16:34 GMT
x-content-type-options
nosniff
age
114756
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21440
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:46:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 15 Jul 2025 18:16:34 GMT
7cHqv4kjgoGqM7E3_-gs51os.woff2
fonts.gstatic.com/s/barlow/v12/
20 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3_-gs51os.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600;700;800&family=Barlow:wght@300;400;500;600;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.humansecurity.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 14:59:46 GMT
x-content-type-options
nosniff
age
40164
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20960
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 19:18:28 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jul 2025 14:59:46 GMT
truncated
/
11 KB
11 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
54a00c1f0eaaeb0537a8297cda238d8d96c0441a708ebaba46e4f473ac94e689

Request headers

Referer
Origin
https://www.humansecurity.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
font/truetype;charset=utf-8
sdk.js
connect.facebook.net/en_US/
3 KB
4 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
353160fb76863d54d07637e36360b6297887cef9c3f21d86d2dc0c4ed4d2c60d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 17 Jul 2024 02:09:10 GMT
content-md5
Pk/ZxLvHoCc0JDMW9vvxfg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1686
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=20, rtx=0, c=12, mss=1328, tbw=2792, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug
YUgyaZ5bglWELiB04UQSrJDkKKKh0LfS+djvxf6BmatZpwUFnWn9iWKYk5dn4XmMHKxUwdL12eOL89k85hCU3w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
02a7f1df618fdf90b1e95a4ea2c7e154
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
etag
"c2c8aa5c52fd20727d805a197f937a60"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options
DENY
timing-allow-origin
*
expires
Wed, 17 Jul 2024 02:10:51 GMT
widgets.js
platform.twitter.com/
91 KB
28 KB
Script
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6738) /
Resource Hash
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 02:09:10 GMT
Content-Encoding
gzip
Age
276
x-amz-server-side-encryption
AES256
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=
Content-Length
27597
Last-Modified
Mon, 11 Dec 2023 17:20:28 GMT
Server
ECS (frb/6738)
Etag
"824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=1800
Vary
Accept-Encoding
collect
region1.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-59DHKRCY6M&gtm=45je47f0v881684866z8830094232za200zb830094232&_p=1721182150190&gcs=G100&gcd=13p3p3p2p5&npa=1&dma_cps=-&dma=1&tag_exp=0&cid=1481148879.1721182150&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&_s=1&sid=1721182150&sct=1&seg=0&dl=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&dt=The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign&en=page_view&_fv=1&_nsi=1&_ss=1&ep.timestamp=2024-07-17T04%3A09%3A10.252%2B02%3A00&tfd=597&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-59DHKRCY6M&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:10 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.humansecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
getSubscriptions
js.zi-scripts.com/unified/v1/master/
203 B
579 B
Fetch
General
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
566d1885a01635023ace80d331ae6e3c71e340e8b802a4bc8bfdf17d691a4e4a

Request headers

visited_url
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Authorization
Bearer a6151318a91681741142
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront)
content-encoding
gzip
cf-cache-status
DYNAMIC
x-amz-cf-pop
FRA6-C1
x-powered-by
Express
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
apigw-requestid
bCMnGjcMvHcEP_A=
server
cloudflare
etag
W/"cb-aJBK6S9IeByW4m7OlUda4tAeI1Q"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
cf-ray
8a46b039bc1c9066-FRA
x-amz-cf-id
WKX9uETx1XJIUPZA_SnW9-umtRrHnDDueBJPgdkfDsWcxckY11Q34A==
getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame
0
0
Preflight
General
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,visited_url
Access-Control-Request-Method
GET
Origin
https://www.humansecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods
POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin
https://www.humansecurity.com
alt-svc
h3=":443"; ma=86400
apigw-requestid
bCMnEh1WvHcEPgQ=
cf-cache-status
DYNAMIC
cf-ray
8a46b0388b369066-FRA
date
Wed, 17 Jul 2024 02:09:10 GMT
server
cloudflare
vary
Origin
via
1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront)
x-amz-cf-id
zbICUaqQAptuXySp5moj34bdD2SOa3S3IuV7crozyea46NZh0PPrFA==
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
x-powered-by
Express
10c1c946-3ec8-49a0-92ce-5be53945f2bc.json
cdn.cookielaw.org/consent/10c1c946-3ec8-49a0-92ce-5be53945f2bc/
4 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/10c1c946-3ec8-49a0-92ce-5be53945f2bc/10c1c946-3ec8-49a0-92ce-5be53945f2bc.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4a42e8f77ed647b32311ffc6b611bdc77b6296726e51cfc958ac736c63a6654
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
65599
content-md5
gKPVf/0JY7LPyMXBubVDLg==
content-length
1651
x-ms-lease-status
unlocked
last-modified
Mon, 10 Jul 2023 18:48:56 GMT
server
cloudflare
etag
0x8DB817650AF29D1
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
1d2a2bae-c01e-000f-5871-224fef000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a46b0390f171981-FRA
expires
Thu, 18 Jul 2024 02:09:10 GMT
has-permission-json
app.hubspot.com/content-tools-menu/api/v1/tools-menu/
0
1 KB
XHR
General
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=3400937
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.349/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options no-sniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
no-sniff
cf-cache-status
DYNAMIC
x-hs-worker-debug-mode
false
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
35ed4ebc-66e8-4323-9410-98e6fb933fdd
x-envoy-upstream-service-time
4
x-evy-trace-route-configuration
listener_https/all
reporting-endpoints
default="https://send.hsbrowserreports.com/csp/reports?cfRay=8a46b038faf271a9&resource=unknown"
x-evy-trace-listener
listener_https
x-request-id
35ed4ebc-66e8-4323-9410-98e6fb933fdd
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
GET
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin
https://www.humansecurity.com
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-jxxbv
cache-control
max-age=0
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
cf-ray
8a46b038faf271a9-FRA
97050842.js
bat.bing.com/p/action/
335 B
403 B
Script
General
Full URL
https://bat.bing.com/p/action/97050842.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e6eae0251ff9d9602e618bd779c3c7234b243fb71da5afa4e502443e9c007bd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Wed, 17 Jul 2024 02:09:10 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 4F838389CE8C4A19BB5DFD7ACEE447DC Ref B: FRA31EDGE0110 Ref C: 2024-07-17T02:09:10Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=1800
clear.js
s.cdnsynd.com/2/259353/
0
64 B
Script
General
Full URL
https://s.cdnsynd.com/2/259353/clear.js?dt=2593531613684042609000&pd=mkt&gci=1481148879.1721182150&gtr=UA-111948466-3&gdc=1&gdb=2
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
3.255.217.67 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-255-217-67.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 02:09:10 GMT
collect
www.google-analytics.com/
35 B
194 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=347621475&t=pageview&_s=1&dl=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&ul=de-de&de=UTF-8&dt=The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCgAgAABAAAAAAAEKk~&cid=1481148879.1721182150&tid=UA-111948466-2&_gid=1334414573.1721182151&gtm=45He47f0n81KVP42DDv830094232za200&cd7=2024-07-17T04%3A09%3A10.257%2B02%3A00&cd8=f9bd4ffb-470c-4ce7-9d5d-257b133cc1d3&gcs=G100&gcd=13p3p3p2p5&dma_cps=-&dma=1&tag_exp=0&cd3=1481148879.1721182150&npa=1&z=1147451945
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 16 Jul 2024 11:59:24 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
50986
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
91 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=347621475&t=pageview&_s=1&dl=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&ul=de-de&de=UTF-8&dt=The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCgAAAABAAAAAAAEKk~&cid=1481148879.1721182150&tid=UA-111948466-3&_gid=1380345656.1721182151&gtm=45He47f0n81KVP42DDv830094232za200&cd1=1481148879.1721182150&gcs=G100&gcd=13p3p3p2p5&dma_cps=-&dma=1&tag_exp=0&cd2=Human&npa=1&z=1000428829
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 16 Jul 2024 11:59:24 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
50986
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
main.min.js
client.px-cloud.net/PXf69I9fY8/
169 KB
70 KB
Script
General
Full URL
https://client.px-cloud.net/PXf69I9fY8/main.min.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:11::215:14d0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
733ce984c58be1f41905748575e85bcde044306a3163de4110942bf01e855629

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
last-modified
Wed, 17 Jul 2024 01:51:38 GMT
server
UploadServer
etag
"fa5cad31e7269628bfbc0dd18010df11"
active-cdn
Akamai
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
active-cdn,x-served-by,Akamai-Request-BC
cache-control
max-age=600
x-goog-stored-content-length
71087
accept-ranges
bytes
content-length
71087
expires
Wed, 17 Jul 2024 02:11:36 GMT
modules.e4b2dc39f985f11fb1e4.js
script.hotjar.com/
223 KB
56 KB
Script
General
Full URL
https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3389720.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-19.fra56.r.cloudfront.net
Software
/
Resource Hash
619feac205d68f6356fcad13d6758533011a8acc7830e3deb0f763249d7516c0
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 01 Jul 2024 08:11:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 8fd360cd20d33fa1400394ae41746f66.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
1360683
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56291
last-modified
Mon, 01 Jul 2024 08:10:34 GMT
etag
"ca025d2d8ae4b3dc51e058b782590501"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
g0FG__i9F1hrb_Hcsq0erQBt6ijbECgIcHmlSCbw5yMmldcWc2juBw==
/
px.ads.linkedin.com/wa/
0
645 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 72B3BB640FC942D6B677367D668D0A61 Ref B: FRAEDGE1717 Ref C: 2024-07-17T02:09:10Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
access-control-allow-origin
https://www.humansecurity.com
x-li-source-fabric
prod-lva1
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYdZ/KvWS4juOhs2IQ0Jg==
attribution_trigger
px.ads.linkedin.com/
2 B
812 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=1755754%2C5211716&time=1721182150558&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&tm=gtmv2
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept
*
Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: F6751FAABCE44B73BDF5B157490DFAA3 Ref B: FRAEDGE2011 Ref C: 2024-07-17T02:09:10Z
access-control-allow-methods
GET, OPTIONS
x-li-fabric
prod-ltx1
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
content-type
application/json
x-li-proto
http/2
x-restli-protocol-version
1.0.0
access-control-allow-headers
*
x-li-uuid
AAYdZ/Kvs5S7SWXbA8LOBQ==
x-fs-uuid
00061d67f2afb394bb4965db03c2ce05
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1721182150558&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-an...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1721182150558&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-a...
0
265 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1721182150558&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&tm=gtmv2&e_ipv6=AQIBfmUv7-juHwAAAZC-c2BDjn0ulemVt35CqYBGEGLI6k12qk24sZYaYBkyjZkPn6rWtmGfjPOQo_65O5KyH5oNUt_2Eg
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 3397F715941C45079AC5E29D73EF7073 Ref B: FRAEDGE1608 Ref C: 2024-07-17T02:09:10Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYdZ/K0NSo6mXgDiPXD4g==

Redirect headers

date
Wed, 17 Jul 2024 02:09:10 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 38C2D05C48ED4D969EBD1387278B9305 Ref B: FRAEDGE1717 Ref C: 2024-07-17T02:09:10Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1721182150558&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&tm=gtmv2&e_ipv6=AQIBfmUv7-juHwAAAZC-c2BDjn0ulemVt35CqYBGEGLI6k12qk24sZYaYBkyjZkPn6rWtmGfjPOQo_65O5KyH5oNUt_2Eg
x-li-proto
http/2
content-length
0
x-li-uuid
AAYdZ/Kv6Eoiyl2HAtFzEg==
r
scout.salesloft.com/
41 B
361 B
XHR
General
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDUxMzV9.H2JT8UA8cynPbW9zXcx95AgvYUvFrlnYRFPelG2PReM
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.70.247.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-70-247-33.compute-1.amazonaws.com
Software
/
Resource Hash
1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
41
x-request-id
c39ec8096df22e4b89d1818dd9b6a772
sdk.js
connect.facebook.net/en_US/
299 KB
86 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=0f0694ea98631efaae729129dab44737
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7ca20e01715422f342109ece2859f4aab89c7b84380f96833a8eb75faa6d64d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Origin
https://www.humansecurity.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 17 Jul 2024 02:09:10 GMT
content-md5
BTmQnqhzHjfzF7IfHKa8Jw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
87599
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=22, rtx=0, c=23, mss=1232, tbw=4315, tp=9, tpl=0, uplat=1, ullat=-1
x-fb-debug
FxZC+zGgEvdQyjTFx+zOrwHEUOwT8f8afqZJxPis0x1GkYOQcevInTAU2DX6iQr1JP53x+C1CUn8fLznTnY58A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
3f36d76821084e446adf7c3534186e92
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
etag
"5e315ba791959d36a6ee038900e887ed"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options
DENY
timing-allow-origin
*
priority
u=3,i
expires
Thu, 17 Jul 2025 01:10:49 GMT
assign
tracking.g2crowd.com/attribution_tracking/conversions/
0
0
Ping
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by
Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/5210.js?p=https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&e=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundary6d1w8ZbgKA10BJMA

Response headers

widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 6982
0
0
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.humansecurity.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67C0) /
Resource Hash

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
9842908
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105429
Content-Type
text/html; charset=utf-8
Date
Wed, 17 Jul 2024 02:09:10 GMT
Etag
"81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified
Mon, 11 Dec 2023 17:19:49 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/67C0)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=
Vary
Accept-Encoding
X-Cache
HIT
x-amz-server-side-encryption
AES256
x-tw-cdn
VZ
/
c.6sc.co/
7 B
197 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-170.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.humansecurity.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/
36 B
340 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::210:172 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
89daabd1464fddd800ba7034f54113309c4a9cedd73c13a8638b40d3b522ad1b

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:10 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.humansecurity.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2001:1b60:1010:3:1011:91bb:b5b8:5ea6
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1721182150826_34603374_132678073_28_991_53_45_219";dur=1
content-length
36
expires
Wed, 17 Jul 2024 02:09:10 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=aedd3aed-4f96-4c2c-8df0-dc4b44700146&session=38a19b70-445b-44ac-81fa-260a0ed7364a&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2017%20Jul%202024%2002%3A09%3A10%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Konfety%20is%20a%20mobile%20ad%20fraud%20campaign%20that%20peaked%20at%2010%20billion%20bid%20requests%20per%20day%20before%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20team%20disrupted%20it.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&pageViewId=04acf6f3-6b9a-4d8f-8079-171ce50847a6&v=1.1.22
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-170.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:10 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 17 Jul 2024 02:09:10 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=aedd3aed-4f96-4c2c-8df0-dc4b44700146&session=38a19b70-445b-44ac-81fa-260a0ed7364a&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2017%20Jul%202024%2002%3A09%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2220d60e1303ace3bf5d3a031877ae81bd%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2017%20Jul%202024%2002%3A09%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%220d406420db5f6e6d2e1be79267cc2b18e3de7e44%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2017%20Jul%202024%2002%3A09%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2017%20Jul%202024%2002%3A09%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2017%20Jul%202024%2002%3A09%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Konfety%20is%20a%20mobile%20ad%20fraud%20campaign%20that%20peaked%20at%2010%20billion%20bid%20requests%20per%20day%20before%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20team%20disrupted%20it.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&pageViewId=04acf6f3-6b9a-4d8f-8079-171ce50847a6&v=1.1.22
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-170.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:10 GMT
x-content-type-options
nosniff
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 17 Jul 2024 02:09:10 GMT
collector
collector-pxxdhgmtcm.px-cloud.net/api/v2/
560 B
808 B
XHR
General
Full URL
https://collector-pxxdhgmtcm.px-cloud.net/api/v2/collector
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
72df9a502a58fd09ba51ac1b2ec89d51be6c7aa2381da1950f361cc44eabfb42

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
560
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
59 B
295 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
8a46b039ea11365d-FRA
access-control-allow-headers
Content-Type
leadflows.js
js.hsleadflows.net/
551 KB
92 KB
Script
General
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/hs/scriptloader/3400937.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:8c11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd26d9d88899d0587c9377964b7d1ab478a318b0fdbee7b9d6a084e4aa6425f7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Origin
https://www.humansecurity.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
age
69844
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js&cfRay=8a40070bdf8939d6-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"be45bdb720f44c8db4ee42bc228ff2a8"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=86400, max-age=0
x-hs-target-asset
lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js
date
Wed, 17 Jul 2024 02:09:10 GMT
x-amz-version-id
HLkmxotJV8gQ_mnvhNwLT9fnVmh1uWjb
x-content-type-options
nosniff
cf-cache-status
HIT
via
1.1 b9e3ae23b2e5d7b2e1c159467ba23f34.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
ac25e242-d4c0-49e2-9668-214d005986c1
x-cache
Hit from cloudfront
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
6
x-evy-trace-route-configuration
listener_https/all
x-request-id
ac25e242-d4c0-49e2-9668-214d005986c1
last-modified
Thu, 30 May 2024 10:22:15 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-sb5bh
cf-ray
8a46b039eef01c9f-FRA
x-amz-cf-id
WfTHCtTM3etjh23Zjr_OwJG99ZL9wnuKKb75pItsA7fZmu_BKyQOZA==
3400937.js
js.hs-analytics.net/analytics/1721181900000/
67 KB
24 KB
Script
General
Full URL
https://js.hs-analytics.net/analytics/1721181900000/3400937.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/hs/scriptloader/3400937.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a284bd27f6567269d6c99632718027358d6af76e0c5e377d0cd9b4fe4bc70e1

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
MISS
x-amz-request-id
Q03DR4E17HZHJ8X2
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
00c4f08d-707a-4246-850a-d8816d389153
x-envoy-upstream-service-time
19
x-amz-id-2
JbQkDbIkroiBUQN7yXbZyVVk1SihlmVZQHZufxUhwSsD0ovvwMqvefr+AD8ARpT6GmOry8Hh/t0=
x-evy-trace-listener
listener_https
x-request-id
00c4f08d-707a-4246-850a-d8816d389153
x-evy-trace-route-configuration
listener_https/all
last-modified
Tue, 09 Jul 2024 17:53:25 GMT
server
cloudflare
etag
W/"407169857a13fa6886ad12e6731e3e53"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-rslzw
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
8a46b039ecaebb3e-FRA
expires
Wed, 17 Jul 2024 02:14:10 GMT
3400937.js
js.hs-banner.com/
61 KB
19 KB
Script
General
Full URL
https://js.hs-banner.com/3400937.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/hs/scriptloader/3400937.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02a711f90cf3fe3f3c91c838aa383dd9bc60d67b59e678328975e2193c1ce1d1

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:11 GMT
x-amz-version-id
j3Z3MHDFFIrOvQEWaUYKy.NfZW7yr8Jm
content-encoding
gzip
cf-cache-status
REVALIDATED
x-amz-request-id
01KFTAA65KM2BP1A
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
7e93170b-dc71-4cf0-8a36-c0bb676156e6
x-envoy-upstream-service-time
26
x-amz-id-2
0aXGu/m9MM7i5TXmtVqwnMPnepa2XM0G0qhosMmk0lmuKgG28shtIvw/Vzq8MEqU3CGs2sE/BESaOa4ysNr5JA==
x-evy-trace-listener
listener_https
x-request-id
7e93170b-dc71-4cf0-8a36-c0bb676156e6
x-evy-trace-route-configuration
listener_https/all
last-modified
Fri, 29 Mar 2024 16:23:31 GMT
server
cloudflare
etag
W/"7df6ee72098e64058dcb0f86caf8fbf0"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.humansecurity.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-6dfb9475dd-sx8bv
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
8a46b039eef118f3-FRA
expires
Wed, 17 Jul 2024 02:14:10 GMT
collector
collector-pxf69i9fy8.px-cloud.net/api/v2/
564 B
812 B
XHR
General
Full URL
https://collector-pxf69i9fy8.px-cloud.net/api/v2/collector
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXf69I9fY8/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
6b1da5fb307028044d26ac46f0004b005c2f111fb8e68bd2990295162385b0f0

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
564
munchkin.js
munchkin.marketo.net/163/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/163/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.31.85.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-85-59.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 02:09:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 06 Jan 2023 02:26:40 GMT
Server
AkamaiNetStorage
ETag
"ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4741
Expires
Fri, 25 Oct 2024 02:09:10 GMT
3389720
vc.hotjar.io/sessions/
0
233 B
XHR
General
Full URL
https://vc.hotjar.io/sessions/3389720?s=0.25&r=0.1536874736684759
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-79.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 17 Jul 2024 02:09:10 GMT
cache-control
no-store
via
1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
x-amz-cf-id
oZSKoMtLJd5CZonvJzYyEZrgf3WWNvS4ZY_q5sMPxkaz_uC2DACMxg==
x-cache
Miss from cloudfront
/
content.hotjar.io/
56 B
171 B
XHR
General
Full URL
https://content.hotjar.io/?site_id=3389720&gzip=1
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.252.158.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-252-158-105.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b6613952815dad6f76bdf837b8393d969240d6ff75d10b3953f12e419afeca15

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 17 Jul 2024 02:09:11 GMT
content-length
56
access-control-max-age
86400
content-type
application/json
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202303.2.0/
400 KB
97 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202303.2.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8e166157d90ed13492b8627e50c606aeab874cd0a5d6ed3b7c8a7988a3d46d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Sw59qQKTUz8IJh2hCY03KQ==
age
38046
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
98810
x-ms-lease-status
unlocked
last-modified
Tue, 16 May 2023 03:39:51 GMT
server
cloudflare
etag
0x8DB55BF34FA32B5
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
36866bdb-a01e-007b-2b02-247b1f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a46b03adab637f1-FRA
main.min.js
client.px-cloud.net/PXxDhGmtcm/
0
0
XHR
General
Full URL
https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:11::215:14d0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
last-modified
Wed, 17 Jul 2024 01:52:37 GMT
server
UploadServer
etag
"3eb0f18c14565952fa152953995c2250"
active-cdn
Akamai
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
active-cdn,x-served-by,Akamai-Request-BC
cache-control
max-age=600
x-goog-stored-content-length
71090
accept-ranges
bytes
content-length
71090
expires
Wed, 17 Jul 2024 02:11:02 GMT
details
epsilon.6sense.com/v3/company/
769 B
732 B
XHR
General
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software
nginx /
Resource Hash
810fa2a3b55e453ecd985550d03ec94f57c492a7052f8f271e58110e8dd720eb

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Authorization
Token 0d406420db5f6e6d2e1be79267cc2b18e3de7e44
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-6s-CustomID
WebTag1.0 20d60e1303ace3bf5d3a031877ae81bd

Response headers

x-trace-id
3108335501642959242
date
Wed, 17 Jul 2024 02:09:11 GMT
content-encoding
gzip
server
nginx
vary
Origin, Accept-Encoding
content-type
application/json
x-6si-region
eu-central-1a
access-control-allow-origin
https://www.humansecurity.com
access-control-expose-headers
X-6si-Region
access-control-allow-credentials
true
timing-allow-origin
https://6sense.com, https://www.ssga.com
content-length
408
details
epsilon.6sense.com/v3/company/ Frame
0
0
Preflight
General
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-6s-customid
Access-Control-Request-Method
GET
Origin
https://www.humansecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,x-6s-customid
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.humansecurity.com
access-control-expose-headers
X-6si-Region
access-control-max-age
1800
date
Wed, 17 Jul 2024 02:09:10 GMT
server
nginx
timing-allow-origin
https://6sense.com, https://www.ssga.com
x-6si-region
eu-central-1a
x-trace-id
858819872729677753
visitWebPage
001-vjx-104.mktoresp.com/webevents/
2 B
318 B
Ping
General
Full URL
https://001-vjx-104.mktoresp.com/webevents/visitWebPage?_mchNc=1721182150887&_mchCn=&_mchId=001-VJX-104&_mchTk=_mch-humansecurity.com-1721182150886-33017&_mchHo=www.humansecurity.com&_mchPo=&_mchRu=%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 02:09:11 GMT
Content-Encoding
gzip
Server
nginx/1.20.1
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
b22e2cab-0842-461c-bc45-e959884931fd
0
bat.bing.com/action/
0
178 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=97050842&Ver=2&mid=f6b6b842-9604-43cc-8281-69fef07af0e1&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign&p=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&r=&lt=666&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=291220
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 17 Jul 2024 02:09:10 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: BAAB3EC4B8A94EA188CE983A01529024 Ref B: FRA31EDGE0110 Ref C: 2024-07-17T02:09:10Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=aedd3aed-4f96-4c2c-8df0-dc4b44700146&session=38a19b70-445b-44ac-81fa-260a0ed7364a&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A1010%3A3%3A1011%3A91bb%3Ab5b8%3A5ea6%22%7D&isIframe=false&m=%7B%22description%22%3A%22Konfety%20is%20a%20mobile%20ad%20fraud%20campaign%20that%20peaked%20at%2010%20billion%20bid%20requests%20per%20day%20before%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20team%20disrupted%20it.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&pageViewId=04acf6f3-6b9a-4d8f-8079-171ce50847a6&ipv6=2001%3A1b60%3A1010%3A3%3A1011%3A91bb%3Ab5b8%3A5ea6&v=1.1.22
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-170.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:11 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 17 Jul 2024 02:09:11 GMT
/
ws.zoominfo.com/pixel/650492e79cc5e659a2211991/ Frame
0
0
Preflight
General
Full URL
https://ws.zoominfo.com/pixel/650492e79cc5e659a2211991/?iszitag=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
_vtok,_zitok,content-type,visited-url
Access-Control-Request-Method
GET
Origin
https://www.humansecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin
https://www.humansecurity.com
allow
GET,HEAD
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8a46b03c289c6949-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 17 Jul 2024 02:09:11 GMT
server
cloudflare
via
1.1 google
x-content-type-options
nosniff
x-powered-by
Express
x-robots-tag
noindex, nofollow
formcomplete.js
ws-assets.zoominfo.com/
90 KB
27 KB
Script
General
Full URL
https://ws-assets.zoominfo.com/formcomplete.js
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:11 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
age
3365
x-guploader-uploadid
ACJd0NoMS_JBib0mBsMMWqEwhEe60sL16YTvQAkZwh_oEJEoK3_3JV1yYOlmgv_FnDKVXIB6_PaMgKq_Mg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 16 May 2024 10:14:37 GMT
server
cloudflare
etag
W/"006455bd44ed289ddcc403d0ecd96ab0"
x-goog-hash
crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
x-goog-generation
1715854477710382
content-type
application/javascript
cache-control
public, max-age=3600
x-goog-stored-content-length
91778
cf-ray
8a46b03b88c7a03d-FRA
expires
Wed, 17 Jul 2024 02:13:06 GMT
/
ws.zoominfo.com/pixel/650492e79cc5e659a2211991/
3 KB
2 KB
Fetch
General
Full URL
https://ws.zoominfo.com/pixel/650492e79cc5e659a2211991/?iszitag=true
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
7035c5ff53fcf923fe2d082ef0e7fecf2f766e25ce6fc3d2d57fa02338f842cb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

visited-url
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
_vtok
MjE3LjExNC4yMTUuMTMz
_zitok
3f86aba4a4ccab86e0291721182150
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/javascript

Response headers

date
Wed, 17 Jul 2024 02:09:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
https://www.humansecurity.com
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc
h3=":443"; ma=86400
cf-ray
8a46b03d78551cc1-FRA
en.json
cdn.cookielaw.org/consent/10c1c946-3ec8-49a0-92ce-5be53945f2bc/00f3a755-1fe4-4724-a84f-485fd8516370/
66 KB
14 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/10c1c946-3ec8-49a0-92ce-5be53945f2bc/00f3a755-1fe4-4724-a84f-485fd8516370/en.json
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b54028de37c84f4aeca11a73d1b1e1bd07de8ef2bc096281b432e497f9dd0ec9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 17 Jul 2024 02:09:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
62703
content-md5
6PLJEspOGyE/L+rXgCYpCg==
content-length
14030
x-ms-lease-status
unlocked
last-modified
Mon, 10 Jul 2023 18:49:00 GMT
server
cloudflare
etag
0x8DB8176530CBDC9
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
99e84bc7-301e-009d-800f-7ccb39000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a46b03b59211981-FRA
expires
Thu, 18 Jul 2024 02:09:10 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202303.2.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202303.2.0/assets/otFlat.json
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa355c393e03f831dbdbcc678ba16396aab95930b1bc5b0549695d40cc955ca1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 17 Jul 2024 02:09:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
pRHDWyQMLvXwKY458EnqRw==
age
171
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3019
x-ms-lease-status
unlocked
last-modified
Tue, 16 May 2023 03:39:45 GMT
server
cloudflare
etag
0x8DB55BF315FAED9
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
070f78cc-e01e-002f-7f26-d312b0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a46b03bc96f1981-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202303.2.0/assets/v2/
61 KB
12 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202303.2.0/assets/v2/otPcCenter.json
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 17 Jul 2024 02:09:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
obw5M94dAr0Gi2p2lbQQ/g==
age
35222
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12544
x-ms-lease-status
unlocked
last-modified
Tue, 16 May 2023 03:39:48 GMT
server
cloudflare
etag
0x8DB55BF32AEE4B7
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
d6f8cc22-301e-0069-7468-7900cf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a46b03bc9701981-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202303.2.0/assets/
21 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202303.2.0/assets/otCommonStyles.css
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 17 Jul 2024 02:09:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
oWkBTLgDDXvrUsd93y/Zxg==
age
50984
x-ms-lease-status
unlocked
last-modified
Tue, 16 May 2023 03:39:56 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
008b0490-e01e-0018-5d64-23e6e4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8a46b03bc9711981-FRA
i
scout.salesloft.com/
48 B
468 B
XHR
General
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.70.247.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-70-247-33.compute-1.amazonaws.com
Software
/
Resource Hash
42d2bc98fb3725b62617abc2f643328b1d8e2daeeeb919386b09cdc34b3277aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
48
x-request-id
cb9d3742cd57d601b183982cf9d368c3
view
js.hs-banner.com/cookie-banner-public/v1/activity/
0
175 B
XHR
General
Full URL
https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by
Host: js.hs-banner.com
URL: https://js.hs-banner.com/3400937.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 17 Jul 2024 02:09:11 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
edc95673-65e4-4727-95a4-bf78cef56352
x-envoy-upstream-service-time
16
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
edc95673-65e4-4727-95a4-bf78cef56352
server
cloudflare
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://www.humansecurity.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary
origin
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-rslzw
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
8a46b03e3b0b1cad-FRA
forms
ws.zoominfo.com/formcomplete-v2/
44 KB
4 KB
Fetch
General
Full URL
https://ws.zoominfo.com/formcomplete-v2/forms
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
4470812cccafc2228171cad13cb84e3aa000b33a0f75110a081aba3f017c8d68
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Authorization
bearer 3a88c8f1a27e4f0ec92016da0338ac
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 17 Jul 2024 02:09:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
x-powered-by
Express
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"aea1-Q42NKSRqx9LsgoM447CV2lp5NqY"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray
8a46b03d78541cc1-FRA
view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame
0
0
Preflight
General
Full URL
https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.humansecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://www.humansecurity.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age
604800
cf-cache-status
DYNAMIC
cf-ray
8a46b03c49e31cad-FRA
content-length
0
content-type
application/octet-stream
date
Wed, 17 Jul 2024 02:09:11 GMT
server
cloudflare
timing-allow-origin
*
vary
origin
x-envoy-upstream-service-time
1
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-zmwrp
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
1c88bbe2-32a3-4e19-8949-07f30e0b3299
x-request-id
1c88bbe2-32a3-4e19-8949-07f30e0b3299
forms
ws.zoominfo.com/formcomplete-v2/ Frame
0
0
Preflight
General
Full URL
https://ws.zoominfo.com/formcomplete-v2/forms
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://www.humansecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin
https://www.humansecurity.com
allow
POST
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8a46b03c28a06949-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 17 Jul 2024 02:09:11 GMT
server
cloudflare
via
1.1 google
x-content-type-options
nosniff
x-powered-by
Express
x-robots-tag
noindex, nofollow
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=347621475&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&ul=de-de&de=UTF-8&dt=The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aDgAgAABAAAAAAAEKk~&cid=1481148879.1721182150&tid=UA-111948466-2&_gid=1045660424.1721182151&gtm=45He47f0n81KVP42DDv830094232za200&cd7=2024-07-17T04%3A09%3A11.75%2B02%3A00&cd8=aaab2a67-a590-410c-a90e-4a612fd77ac8&cd9=&cd10=Germany&cd11=&cd12=&cd13=&cd14=&cd15=&cd16=&gcs=G100&gcd=13p3p3p2p5&dma_cps=-&dma=1&tag_exp=0&cd3=1481148879.1721182150&npa=1&z=1227899635
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 16 Jul 2024 12:07:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
50482
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=6sense-temp-analytics&svisitor=null&visitor=aedd3aed-4f96-4c2c-8df0-dc4b44700146&session=38a19b70-445b-44ac-81fa-260a0ed7364a&event=https%3A%2F%2Fepsilon.6sense.com&q=%7B%22name%22%3A%22https%3A%2F%2Fepsilon.6sense.com%2Fv3%2Fcompany%2Fdetails%22%2C%22entryType%22%3A%22resource%22%2C%22startTime%22%3A1008.1999969482422%2C%22duration%22%3A207.20000457763672%2C%22initiatorType%22%3A%22xmlhttprequest%22%2C%22deliveryType%22%3A%22%22%2C%22nextHopProtocol%22%3A%22%22%2C%22renderBlockingStatus%22%3A%22non-blocking%22%2C%22workerStart%22%3A0%2C%22redirectStart%22%3A0%2C%22redirectEnd%22%3A0%2C%22fetchStart%22%3A1008.1999969482422%2C%22domainLookupStart%22%3A0%2C%22domainLookupEnd%22%3A0%2C%22connectStart%22%3A0%2C%22secureConnectionStart%22%3A0%2C%22connectEnd%22%3A0%2C%22requestStart%22%3A0%2C%22responseStart%22%3A0%2C%22firstInterimResponseStart%22%3A0%2C%22responseEnd%22%3A1215.400001525879%2C%22transferSize%22%3A0%2C%22encodedBodySize%22%3A0%2C%22decodedBodySize%22%3A0%2C%22responseStatus%22%3A200%2C%22serverTiming%22%3A%5B%5D%2C%22metadata%22%3A%7B%22region%22%3A%22eu-central-1a%22%7D%7D&isIframe=false&m=%7B%22endpoint%22%3A%22epsilon.6sense.com%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&pageViewId=&d=1&v=1.1.22
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-170.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:11 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 17 Jul 2024 02:09:11 GMT
ot_close.svg
cdn.cookielaw.org/logos/static/
651 B
623 B
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 17 Jul 2024 02:09:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
38036
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 01:55:58 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
f1fbeac8-901e-0046-242f-d74d1c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8a46b03c7bab37f1-FRA
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/
497 B
494 B
Fetch
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 17 Jul 2024 02:09:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
74345
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 01:55:58 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
acfde6c9-e01e-00e8-2c37-d76e71000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8a46b03c8a031981-FRA
HUMAN_logo_horiz_black.jpg
cdn.cookielaw.org/logos/bdc406fe-f273-4909-9374-53fa72f05678/f00e5254-ffda-4283-935d-86b9a91dc6c1/2bf04d17-0bd6-46fa-8a3b-648dbd5086cf/
108 KB
108 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/bdc406fe-f273-4909-9374-53fa72f05678/f00e5254-ffda-4283-935d-86b9a91dc6c1/2bf04d17-0bd6-46fa-8a3b-648dbd5086cf/HUMAN_logo_horiz_black.jpg
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31bffb649cd812a3e720b1838c910fe359aef60c46ec91149d895dc23708768d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 17 Jul 2024 02:09:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
NhqNgvFSsXYG+FRFrroJLA==
age
58569
content-length
110133
x-ms-lease-status
unlocked
cf-bgj
h2pri
last-modified
Thu, 20 Apr 2023 19:26:36 GMT
server
cloudflare
etag
0x8DB41D5282227E0
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
35eb79a0-401e-0011-6ee9-5da337000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8a46b03cbc2c37f1-FRA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
5 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 17 Jul 2024 02:09:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
71848
x-ms-lease-status
unlocked
last-modified
Mon, 15 Jul 2024 02:05:46 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
6bd98c42-f01e-00f7-05ea-d6b561000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8a46b03cbc2f37f1-FRA
__ptq.gif
track.hubspot.com/
45 B
620 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=321484724&v=1.1&a=3400937&pi=172769674525&ct=blog-post&ccu=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&cpi=172769674525&cgi=5249379964&lpi=172769674525&lvi=172769674525&lvc=en-us&pu=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&t=The+Party%E2%80%99s+Over%3A+HUMAN%E2%80%99s+Satori+Threat+Intelligence+and+Research+Team+Cleans+up+%E2%80%9CKonfety%E2%80%9D+Mobile+Ad+Fraud+Campaign&cts=1721182151225&vi=d2780ccc6ffa8c150f737ae5286a4dee&nc=true&ce=false&pt=1&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
05150768-1543-4695-acef-24c01ff28080
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
9
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
05150768-1543-4695-acef-24c01ff28080
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z0aLXcvWb2Ke7LOVVIb4ADy98ut%2BL2NR1dUEEVd3xcEWszYEYWCB%2F3Lj0%2F2vZS5Hik2%2F0JZS2M5G%2F7Y%2FCICs2uFIvZlvc9WX7c9ZwRnpJ%2BM%2BlmurY89ZeoDlNmX6ZfyHltGgcQgpmgZUiO%2FIBSaB"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-rt7tr
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8a46b03d4df571a9-FRA
x-robots-tag
none
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=347621475&t=timing&_s=2&dl=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&ul=de-de&de=UTF-8&dt=The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1371&pdt=25&dns=40&rrt=0&srt=68&tcp=31&dit=628&clt=651&_gst=417&_gbt=673&_u=aDgAgAABAAAAAAAEKk~&cid=1481148879.1721182150&tid=UA-111948466-2&_gid=1334414573.1721182151&gtm=45He47f0n81KVP42DDv830094232za200&cd7=2024-07-17T04%3A09%3A10.257%2B02%3A00&cd8=f9bd4ffb-470c-4ce7-9d5d-257b133cc1d3&gcs=G100&gcd=13p3p3p2p5&dma_cps=-&dma=1&tag_exp=0&cd3=1481148879.1721182150&npa=1&z=1723814788
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 16 Jul 2024 12:07:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
50482
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
Human-Favicon-White-Black%20BKG.png
www.humansecurity.com/hubfs/
10 KB
11 KB
Other
General
Full URL
https://www.humansecurity.com/hubfs/Human-Favicon-White-Black%20BKG.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
efa303262b36a12c1c28503edc4d8852388482855d729b169c9bfb1b969adf45
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-84331736107,P-3400937,FLS-ALL
age
703623
x-amz-request-id
QX7JTTSQNN58WAFN
x-amz-server-side-encryption
AES256
edge-cache-tag
F-84331736107,P-3400937,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Human-Favicon-White-Black%20BKG.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"90f1b1e31f9d8f952a7c9f1b72a4fad6"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1662646750288
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:11 GMT
strict-transport-security
max-age=31536000
via
1.1 dc929648f0c936ae1fcea0675ad0382c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ReqLDPL4vOVfyNNDhCn51TdwyjSTJzqi
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=35632
x-cache
RefreshHit from cloudfront
cache-tag
F-84331736107,P-3400937,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
10100
x-amz-id-2
v5t8pTO81ekGN2r3d3OH3Ul4zZI5Q9hzECMiqCGDJzYVx2fPsNHEHwhQxOankS+Rb2lZU/YJKWKYtTq26YgMHqu+eUB9BrLUmkD3wfacf+8=
last-modified
Thu, 08 Sep 2022 14:23:32 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X2hHZHSazY4Hc1rKwBFKgAYx5mxM9GYkeX%2BMXrlbUbU%2B%2B2XtPxAfFWjsydNeFg4AiGLh%2FyuvFDKzF1cz9ZBwdR%2FS1qTXrBkeazanzbvZdiKkeaa%2Fe6hiq17wWxMbsHlcHHWvs8%2FsZmwOJMMaAgetYs2Y1w%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a46b03d4c491941-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
AYtYadGX1QQinp0TeBZVoa9hpCy-TwbfltQzSRZz2tXRwnQW3v3nSg==
958762e0-913c-484c-bfe4-92d50fe21f56
https://www.humansecurity.com/
3 KB
0
Script
General
Full URL
blob:https://www.humansecurity.com/958762e0-913c-484c-bfe4-92d50fe21f56
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7035c5ff53fcf923fe2d082ef0e7fecf2f766e25ce6fc3d2d57fa02338f842cb

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length
3033
Content-Type
text/javascript
collector
collector-pxxdhgmtcm.px-cloud.net/api/v2/
680 B
736 B
XHR
General
Full URL
https://collector-pxxdhgmtcm.px-cloud.net/api/v2/collector
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4ddb826c91074eadb2fa70702a5db72ae3c1af357f405536b6a0467078536cf0

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
680
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=aedd3aed-4f96-4c2c-8df0-dc4b44700146&session=38a19b70-445b-44ac-81fa-260a0ed7364a&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2017%20Jul%202024%2002%3A09%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2017%20Jul%202024%2002%3A09%3A10%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Konfety%20is%20a%20mobile%20ad%20fraud%20campaign%20that%20peaked%20at%2010%20billion%20bid%20requests%20per%20day%20before%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20team%20disrupted%20it.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&pageViewId=04acf6f3-6b9a-4d8f-8079-171ce50847a6&ipv6=2001%3A1b60%3A1010%3A3%3A1011%3A91bb%3Ab5b8%3A5ea6&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-170.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:11 GMT
x-content-type-options
nosniff
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 17 Jul 2024 02:09:11 GMT
collector
collector-pxf69i9fy8.px-cloud.net/api/v2/
32 B
49 B
XHR
General
Full URL
https://collector-pxf69i9fy8.px-cloud.net/api/v2/collector
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXf69I9fY8/main.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
19e0ccf5f49d76af8db3bcaa13c7fabc8276dcff286235a30c069da7abec2d8e

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 17 Jul 2024 02:09:10 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
collector
collector-pxxdhgmtcm.px-cloud.net/api/v2/
116 B
134 B
XHR
General
Full URL
https://collector-pxxdhgmtcm.px-cloud.net/api/v2/collector
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
b88f3bd28c4bb420c3add6c02d6d8cc8771599b9affa036d89f4afc573c881ca

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 17 Jul 2024 02:09:12 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
116
collector
collector-pxf69i9fy8.px-cloud.net/api/v2/
32 B
49 B
XHR
General
Full URL
https://collector-pxf69i9fy8.px-cloud.net/api/v2/collector
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXf69I9fY8/main.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
19e0ccf5f49d76af8db3bcaa13c7fabc8276dcff286235a30c069da7abec2d8e

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 17 Jul 2024 02:09:11 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=aedd3aed-4f96-4c2c-8df0-dc4b44700146&session=38a19b70-445b-44ac-81fa-260a0ed7364a&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2017%20Jul%202024%2002%3A09%3A12%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2017%20Jul%202024%2002%3A09%3A11%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Konfety%20is%20a%20mobile%20ad%20fraud%20campaign%20that%20peaked%20at%2010%20billion%20bid%20requests%20per%20day%20before%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20team%20disrupted%20it.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&pageViewId=04acf6f3-6b9a-4d8f-8079-171ce50847a6&ipv6=2001%3A1b60%3A1010%3A3%3A1011%3A91bb%3Ab5b8%3A5ea6&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-170.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:12 GMT
x-content-type-options
nosniff
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 17 Jul 2024 02:09:12 GMT
collector
collector-pxxdhgmtcm.px-cloud.net/api/v2/
116 B
134 B
XHR
General
Full URL
https://collector-pxxdhgmtcm.px-cloud.net/api/v2/collector
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
19db0caaa0c171dd9772e4e0e43fa2cacd7cb344f96c660d46a83d8613752479

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 17 Jul 2024 02:09:13 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
116
undefined
www.humansecurity.com/learn/blog/
0
0

footer.min.css
cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115387395449/1693233183077/humansecurity-hs/assets/css/
21 KB
4 KB
Stylesheet
General
Full URL
https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115387395449/1693233183077/humansecurity-hs/assets/css/footer.min.css
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115307132989/1698698445616/humansecurity-hs/punch/assets/js/lazy-loading.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:583e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46043be637afe914e3a575c2921cd2904b2c4b59388128ed10625628402d46a6

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
age
27633
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"b4d88ed60cd8e0f1e827de88fcfcc1e8"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1693233183807
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:13 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
040573df-4bf0-43c3-b8b1-3967b12d33f3
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
146
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
040573df-4bf0-43c3-b8b1-3967b12d33f3
last-modified
Mon, 28 Aug 2023 14:33:04 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EEZk4kMoOq9hhDPUiALO6Jxog18cT0ev6sn9DKdBZspGue%2B0LmGtv7xvxBseX8xtFgz%2BzeT2UN3wQOJZWvvdwQLpuqQT%2F1Qoauzy8NqJ1YbUgzwDnMuIIqC5zVez0UCaA0ISEs8iJJUdQMbq%2Bow%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-fbf687555-cks9m
cf-ray
8a46b04adb542c77-FRA
timing-allow-origin
cdn2.hubspot.net
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=aedd3aed-4f96-4c2c-8df0-dc4b44700146&session=38a19b70-445b-44ac-81fa-260a0ed7364a&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2017%20Jul%202024%2002%3A09%3A13%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2017%20Jul%202024%2002%3A09%3A12%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Konfety%20is%20a%20mobile%20ad%20fraud%20campaign%20that%20peaked%20at%2010%20billion%20bid%20requests%20per%20day%20before%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20team%20disrupted%20it.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&pageViewId=04acf6f3-6b9a-4d8f-8079-171ce50847a6&ipv6=2001%3A1b60%3A1010%3A3%3A1011%3A91bb%3Ab5b8%3A5ea6&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-170.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:13 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 17 Jul 2024 02:09:13 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=aedd3aed-4f96-4c2c-8df0-dc4b44700146&session=38a19b70-445b-44ac-81fa-260a0ed7364a&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2017%20Jul%202024%2002%3A09%3A14%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2017%20Jul%202024%2002%3A09%3A13%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Konfety%20is%20a%20mobile%20ad%20fraud%20campaign%20that%20peaked%20at%2010%20billion%20bid%20requests%20per%20day%20before%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20team%20disrupted%20it.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&pageViewId=04acf6f3-6b9a-4d8f-8079-171ce50847a6&ipv6=2001%3A1b60%3A1010%3A3%3A1011%3A91bb%3Ab5b8%3A5ea6&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-170.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:14 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 17 Jul 2024 02:09:14 GMT
fullcircle.js
d2i34c80a0ftze.cloudfront.net/
32 KB
11 KB
Script
General
Full URL
https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=c05754bf-2b15-4935-b7c4-cf576218c528&domain=humansecurity.com
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:275b:7e00:9:14eb:6280:93a1 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
88e7b0718f584603ca29ed368567c07f629f1012e0e4972c3fd95db2e339504d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 04:04:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront), 1.1 256cd380c9790a2b71d68709829caa18.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
FRA56-C1, FRA60-P7
age
79478
x-amzn-requestid
c80c0966-5a76-45e8-a7f3-02d6bf5aade1
x-amzn-trace-id
Root=1-6695f154-097599357c5dbdf05db7ed89;Parent=15764c274d867f33;Sampled=0;lineage=be50798f:0
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
a_KlNE2svHcEGtg=
x-amz-cf-id
P33fi-BUtoW4r5evElOoVWpqQVo5R8yb3fQa-mUXKOavbe8mQNvAzQ==
app.js
acsbapp.com/apps/app/dist/js/
308 KB
94 KB
Script
General
Full URL
https://acsbapp.com/apps/app/dist/js/app.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:cc -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 02:09:15 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-guploader-uploadid
ACJd0NrM6WHrCAwSGOESKkLPB4bbxW7eHtR0_JENWHVlt-DZAf-3kdFBODWVlc7JhMSxlQCEllwc0_HxQg
x-goog-storage-class
STANDARD
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
last-modified
Tue, 16 Jul 2024 15:37:21 GMT
server
cloudflare
etag
W/"253b8cbfa899c120cd8109d1a250cb8d"
vary
Accept-Encoding
x-goog-hash
crc32c=sa1vqA==, md5=JTuMv6iZwSDNgQnRolDLjQ==
x-goog-generation
1721144241468844
access-control-allow-origin
*
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=300, must-revalidate
x-goog-stored-content-length
315841
access-control-expose-headers
*
cf-ray
8a46b058a8fe2bd1-FRA
expires
Thu, 17 Jul 2025 02:09:15 GMT
body.min.css
cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/99901597287/1709310373713/humansecurity-hs/assets/css/
133 KB
21 KB
Stylesheet
General
Full URL
https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/99901597287/1709310373713/humansecurity-hs/assets/css/body.min.css
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115307132989/1698698445616/humansecurity-hs/punch/assets/js/lazy-loading.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:583e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b96ef0d9ef85e362482119da55a9a5d777d77e993d424a33932a8166930a76a7

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"26ae2de7619c4ae54aa98d86bf8d2050"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1709310374970
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:15 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hubspot-correlation-id
a1adf1e4-18b6-40f7-85a3-e7e2e80de52d
x-hs-alternate-content-type
text/plain
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
307
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
a1adf1e4-18b6-40f7-85a3-e7e2e80de52d
last-modified
Fri, 01 Mar 2024 16:26:15 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nkE0nYSBRH6dpwfqCyVuYajMOUYxMo2FYC7DEBbhEXIaf2GnpLYQKs1k%2BNVmB7X4%2F0yXEFjbLxH2AjS09tLvZT9QgdwkcDmQrpTEmWXkhpSb0TWwsE89pxmBDeIr2BHeMrjMaG9yyIa51%2FxL4cY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-64d59778d6-jrv7z
cf-ray
8a46b0571efa2c77-FRA
timing-allow-origin
cdn2.hubspot.net
jquery.magnificpopup.min.js
cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/63656499996/1698698454228/humansecurity-hs/punch/assets/js/dist/
20 KB
9 KB
Script
General
Full URL
https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/63656499996/1698698454228/humansecurity-hs/punch/assets/js/dist/jquery.magnificpopup.min.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:583e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a123eebd3f1e4f9b4641216ddc8aee3dd0ecc035cc9d2f6ed7b92c979fccc326

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
br
age
456579
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"23546b2633cc3b557bb3a13ac0d1c719"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1698698454685
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:15 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
17a489e6-f64b-4e24-95bf-348115000181
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
214
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
17a489e6-f64b-4e24-95bf-348115000181
last-modified
Mon, 30 Oct 2023 20:40:55 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fb8%2B%2Bn%2Buedl3Z3y7qH7WbbS%2FsON1kqFJ1sSukB7hA3PXXmNhfZqlX1pCIiuXS%2B3EBDHChWwyTzmJF1MMBlZ%2BkzRU%2B%2FAsj90O0NLvXGnWMED3QqdEaWYtGWjSUdQl1eOl74dTy6v1X3%2BVfB6Q8mE%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-64786dc485-k5lvm
cf-ray
8a46b0571efd2c77-FRA
timing-allow-origin
cdn2.hubspot.net
lightbox-combo.min.js
cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115294898870/1698698465768/humansecurity-hs/punch/assets/js/dist/
24 KB
10 KB
Script
General
Full URL
https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115294898870/1698698465768/humansecurity-hs/punch/assets/js/dist/lightbox-combo.min.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:583e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54922aed651f983596d7c4d47b075f10dfa004fffe6c60c15c59ecdc1856529f

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
br
age
1167192
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"687a6f388e56976362f732fa3410027c"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1698698466182
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:15 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
dc6a0cdb-bd75-43a4-a9f9-4fd2db7504a3
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
132
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
dc6a0cdb-bd75-43a4-a9f9-4fd2db7504a3
last-modified
Mon, 30 Oct 2023 20:41:07 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ym9HdB693WAgB%2BrZrl0U%2BpTUCd%2B9rWs%2BhMJRgr8vfPDhDxD72In7wN2EoQHTFU12SVQt9RRineHCFl2GknD40XMDZtVJF9SGl7%2BY%2BSPmUaR28b3ZkHFfwtwNauaemzJcbGo3sc1XbOuqbGZSM4%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-6f9f79465b-4f62g
cf-ray
8a46b0571f002c77-FRA
timing-allow-origin
cdn2.hubspot.net
flickity-combo.min.js
cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/63656625716/1698698450031/humansecurity-hs/punch/assets/js/dist/
67 KB
19 KB
Script
General
Full URL
https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/63656625716/1698698450031/humansecurity-hs/punch/assets/js/dist/flickity-combo.min.js
Requested by
Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:583e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d3b1eb7d0f0f9f6b02dc4d100a34d5ed61b9b22e284ef8b8fc16dee56cb0453

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"0b1204d9265290f1b3d4250e491d06dd"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1698698450553
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 17 Jul 2024 02:09:15 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hubspot-correlation-id
e37a9e46-243b-4ac4-99d0-b5a8185f7898
x-hs-alternate-content-type
text/plain
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
204
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
e37a9e46-243b-4ac4-99d0-b5a8185f7898
last-modified
Mon, 30 Oct 2023 20:40:51 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WNhnl3OGXlpEFYvD9J%2B7wx0%2FY6UuuP74dvqkO270LUK8EGnl9mwaDSQqcuV%2Bv4x9y83RjdBJhxrdh4RWKD6qQ8y8rML0SBQJ3I2Gndvidr3QIehno%2BGaTm08GWDHUGPlZzqEVMFM8WeqC5mf8sY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-6f9f79465b-8lkkj
cf-ray
8a46b0571f042c77-FRA
timing-allow-origin
cdn2.hubspot.net
collector
collector-pxf69i9fy8.px-cloud.net/api/v2/
32 B
49 B
XHR
General
Full URL
https://collector-pxf69i9fy8.px-cloud.net/api/v2/collector
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXf69I9fY8/main.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
19e0ccf5f49d76af8db3bcaa13c7fabc8276dcff286235a30c069da7abec2d8e

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 17 Jul 2024 02:09:15 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
collector
collector-pxxdhgmtcm.px-cloud.net/api/v2/
116 B
134 B
XHR
General
Full URL
https://collector-pxxdhgmtcm.px-cloud.net/api/v2/collector
Requested by
Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
6530c8d34be69f82411ef76c1a8375e168e8c65cb0f5cdc21d9685ff4a466967

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 17 Jul 2024 02:09:14 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.humansecurity.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
116
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=aedd3aed-4f96-4c2c-8df0-dc4b44700146&session=38a19b70-445b-44ac-81fa-260a0ed7364a&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2017%20Jul%202024%2002%3A09%3A15%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2017%20Jul%202024%2002%3A09%3A14%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Konfety%20is%20a%20mobile%20ad%20fraud%20campaign%20that%20peaked%20at%2010%20billion%20bid%20requests%20per%20day%20before%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20team%20disrupted%20it.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Party%E2%80%99s%20Over%3A%20HUMAN%E2%80%99s%20Satori%20Threat%20Intelligence%20and%20Research%20Team%20Cleans%20up%20%E2%80%9CKonfety%E2%80%9D%20Mobile%20Ad%20Fraud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&pageViewId=04acf6f3-6b9a-4d8f-8079-171ce50847a6&ipv6=2001%3A1b60%3A1010%3A3%3A1011%3A91bb%3Ab5b8%3A5ea6&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-170.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jul 2024 02:09:15 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 17 Jul 2024 02:09:15 GMT
create
st.fullcircleinsights.com/v1/visitors/
0
0

create
st.fullcircleinsights.com/v1/visitors/ Frame
0
0
Preflight
General
Full URL
https://st.fullcircleinsights.com/v1/visitors/create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.17 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
js-version,origin-fci,x-api-key
Access-Control-Request-Method
POST
Origin
https://www.humansecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.humansecurity.com
content-length
1
content-type
application/json
date
Wed, 17 Jul 2024 02:09:16 GMT
via
1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
x-amz-apigw-id
bCMn8GtLPHcEYpg=
x-amz-cf-id
NmiV3wRto3Jae4kGkvOlh0sBn_YOHz_TukRx3RgCMM8hNN5fjt2erg==
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
4294387f-ba4f-471f-94a0-32a72089ba2a
x-cache
Miss from cloudfront

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.humansecurity.com
URL
https://www.humansecurity.com/learn/blog/undefined
Domain
st.fullcircleinsights.com
URL
https://st.fullcircleinsights.com/v1/visitors/create

Verdicts & Comments Add Verdict or Comment

116 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 function| gtag object| _hsp object| dataLayer object| zi string| ZIProjectKey function| OptanonWrapper object| uetq object| __core-js_shared__ object| Sslac object| IN function| punchClassApplier function| punchAttachOverlay object| google_tag_manager object| google_tag_data string| adroll_adv_id string| adroll_pix_id object| Cookies function| removeTopBar object| hsVars function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage function| processEpsilonData string| epsilonName boolean| enabled function| callback number| version object| _6si string| GoogleAnalyticsObject function| ga string| _linkedin_data_partner_id object| _linkedin_data_partner_ids boolean| _already_called_lintrk function| hj object| _hjSettings string| SLScoutObject function| slscout function| getParam function| getExpiryRecord function| addGclid function| $ function| jQuery object| _hsq function| scriptAppender function| styleAppender function| triggerScriptLoader function| loadScripts function| onYouTubeIframeAPIReady object| gaGlobal object| zitag object| ZILogs function| loadZILogs function| errorHandler object| _self object| Prism function| UET function| UET_init function| UET_push object| ueto_8f12f78ddc object| gaplugins object| gaData function| _ga_originalSendHitTask object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled function| lintrk object| ORIBILI object| FB object| __twttrll object| twttr object| __twttr string| _pxAppId object| PXxDhGmtcm object| PX object| PXf69I9fY8 object| __buffer function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData boolean| _storagePopulated object| MunchkinTracker object| _zi_fc object| globalRoot function| bindToWindowOnError object| leadflows object| hubspot function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN object| _paq function| sanitizeKey boolean| _hstc_loaded object| Optanon object| OneTrust boolean| _hspb_ran boolean| _hspb_loaded object| regeneratorRuntime object| _zi boolean| __adroll_loaded boolean| _hstc_ran object| hsCallsToActionsReady string| __hsUserToken number| expireDateTime object| ziws

23 Cookies

Domain/Path Name / Value
.www.humansecurity.com/ Name: __cf_bm
Value: TumtGBg08py05_UzEhj9sOuxBlFyhA4VZCUIQkWSEa4-1721182149-1.0.1.1-.udRv_BvPGMKJetgySLFzwuAMevtAfDmPuiKrJ7zqlBMvPiGNazWqhtKVBFGdKSNCV797vsOnlmqG.Ui6d7oqw
.www.humansecurity.com/ Name: __cfruid
Value: 3fa0e17e0ebb9cf86f1c1d74a3fc4d39ba17b97c-1721182149
.g2crowd.com/ Name: __cf_bm
Value: XiEwuBE6YrN6eMGaTwNJKJO4WaOjIajhm.pZ0_c0XxE-1721182150-1.0.1.1-Vdkq3eA0kfEArYxbrkD22gmAM7VRV70dzZO2yBY2UtD0ymh9Wgzyhjrf8nmedoEfQAhbVG85IHNhbEZHMNOPWg
www.humansecurity.com/ Name: _gd_visitor
Value: aedd3aed-4f96-4c2c-8df0-dc4b44700146
www.humansecurity.com/ Name: _gd_session
Value: 38a19b70-445b-44ac-81fa-260a0ed7364a
.humansecurity.com/ Name: _hjSessionUser_3389720
Value: eyJpZCI6IjhiY2U5MDU4LThiMzctNWY2MC04ODJjLWZhZmYxNGEzNzU0OSIsImNyZWF0ZWQiOjE3MjExODIxNTA3MjIsImV4aXN0aW5nIjp0cnVlfQ==
.humansecurity.com/ Name: _hjSession_3389720
Value: eyJpZCI6ImE0YmE3NjdiLTA5MjEtNDk3Mi04MzkxLWZkNmZlYmU5MDg5NSIsImMiOjE3MjExODIxNTA3MjMsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
.humansecurity.com/ Name: pxcts
Value: 8e65adcc-43e1-11ef-9263-5d24dabe3b5b
.linkedin.com/ Name: bcookie
Value: "v=2&bdfeac95-8d6e-42c1-88b9-a9fb46aa95b4"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MjExODIxNTA7MjswMjGAa44lmCdXbRsuuxB9cxlmH9dYlMtTDEjd+7cT8NJ28g==
.linkedin.com/ Name: lidc
Value: "b=TGST06:s=T:r=T:a=T:p=T:g=2957:u=1:x=1:i=1721182150:t=1721268550:v=2:sig=AQGbG_dgCABN47dBq9Q6XoVr-9vQlZqS"
.humansecurity.com/ Name: _mkto_trk
Value: id:001-VJX-104&token:_mch-humansecurity.com-1721182150886-33017
.www.humansecurity.com/ Name: _zitok
Value: 3f86aba4a4ccab86e0291721182150
.hubspot.com/ Name: __cf_bm
Value: P.22eoBRMgv9xVhXKcHrh8Cqr63cYD_OsFoM611anoQ-1721182150-1.0.1.1-_vumsVJPbFOrCvAGH1KBO5AtMqmVZm3N4srPeTNXoI7sMtj3f5.pDCf9nAIz1dZjH5B6wxLyO2SQofF_YGf58Q
.hubspot.com/ Name: _cfuvid
Value: 6URDGpckIr910srmc2c35Ou0VAdGwzYiAjopX.aW0to-1721182150900-0.0.1.1-604800000
www.humansecurity.com/ Name: pxcts
Value: 8e70c94a-43e1-11ef-86c9-090c6d365ea0
www.humansecurity.com/ Name: _pxvid
Value: 8e70b6bd-43e1-11ef-86c7-d2e8ef295eaa
www.humansecurity.com/ Name: slireg
Value: https://scout.us3.salesloft.com
.zoominfo.com/ Name: __cf_bm
Value: nLugBLQYGFsBKSIU2iEsHMaUqRU1rZdaETJ9wVLlwL0-1721182151-1.0.1.1-xz6MR4adInjsJVKgU7fmLz_b8oMBfd9Z87cjykConHonYD82UafEaBtKvkU.I8as2628jhtcMl9C62JWnmmtgg
.zoominfo.com/ Name: _cfuvid
Value: PS0M3moVKdkUzbUhbZhXGOrag5BlfBUx7fD3_Co9DF8-1721182151011-0.0.1.1-604800000
.www.humansecurity.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Wed+Jul+17+2024+04%3A09%3A11+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202303.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fthe-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign&groups=C0004%3A0%2CC0003%3A0%2CBG44%3A0%2CC0001%3A1%2CC0002%3A0
www.humansecurity.com/ Name: sliguid
Value: aaf6e167-0a99-4a4f-bcea-8d8881aab6d6
www.humansecurity.com/ Name: slirequested
Value: true

1 Console Messages

Source Level URL
Text
security error URL: https://www.humansecurity.com/learn/blog/the-partys-over-humans-satori-threat-intelligence-and-research-team-cleans-up-konfety-mobile-ad-fraud-campaign
Message:
Refused to apply style from 'https://www.humansecurity.com/learn/blog/undefined' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

001-vjx-104.mktoresp.com
acsbapp.com
app.hubspot.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.cookielaw.org
cdn2.hubspot.net
cdnjs.cloudflare.com
client.px-cloud.net
collector-pxf69i9fy8.px-cloud.net
collector-pxxdhgmtcm.px-cloud.net
connect.facebook.net
content.hotjar.io
d2i34c80a0ftze.cloudfront.net
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hsleadflows.net
js.zi-scripts.com
munchkin.marketo.net
pagead2.googlesyndication.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
s.cdnsynd.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
snap.licdn.com
st.fullcircleinsights.com
static.hotjar.com
static.hsappstatic.net
track.hubspot.com
tracking.g2crowd.com
vc.hotjar.io
ws-assets.zoominfo.com
ws.zoominfo.com
www.google-analytics.com
www.googletagmanager.com
www.humansecurity.com
st.fullcircleinsights.com
www.humansecurity.com
104.18.37.212
13.107.42.14
13.224.189.17
13.32.27.19
18.66.102.53
18.66.112.79
184.31.85.59
192.28.147.68
2001:4860:4802:32::36
2600:9000:275b:7e00:9:14eb:6280:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:671d
2606:4700:10::6816:cc
2606:4700:4400::6812:2089
2606:4700:4400::6812:22e5
2606:4700::6810:4869
2606:4700::6810:7574
2606:4700::6810:762b
2606:4700::6811:180e
2606:4700::6811:ac5b
2606:4700::6811:afc9
2606:4700::6812:1fb0
2606:4700::6812:583e
2606:4700::6812:8c11
2606:4700::6813:b134
2620:1ec:21::14
2620:1ec:c11::237
2a00:1450:4001:827::2003
2a00:1450:4001:82f::200a
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2002
2a00:1450:4001:831::2008
2a02:26f0:3500:10::210:a99
2a02:26f0:3500:11::215:14d0
2a02:26f0:7100::210:172
2a03:2880:f083:9:face:b00c:0:3
3.255.217.67
34.252.158.105
35.190.10.96
52.70.247.33
76.223.9.105
95.101.111.170
02a711f90cf3fe3f3c91c838aa383dd9bc60d67b59e678328975e2193c1ce1d1
0d3b1eb7d0f0f9f6b02dc4d100a34d5ed61b9b22e284ef8b8fc16dee56cb0453
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
19db0caaa0c171dd9772e4e0e43fa2cacd7cb344f96c660d46a83d8613752479
19e0ccf5f49d76af8db3bcaa13c7fabc8276dcff286235a30c069da7abec2d8e
1bb0e098f5a598b1a0dbd04775c38b0421251adda71dfc6cd7ae673e710da874
1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178
201b591d8778f953b5cde276d197d939dbc151d21e948d0e91d8869901f9eeb8
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
25f465dbb7dd46caf67af5cd3628703b5026b57013ece9b8905735c3d268d9fa
27d001801da9af0f66dfdc4b42a2a22ef3c91682ec36157d1e38c9c75e16bef6
2b14e8397d552f351a4396dec25ec5da1348865683100e94c4ab0faea4a9a254
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4
2b8cd89a6ee33abb737efbcad5acc23602f53905b2a42f46518efb2c66edcb06
2fc92a4b6bcd0e8fdd8b4939e421646379410fc25266f0fb5f1abf07a843f93e
31bffb649cd812a3e720b1838c910fe359aef60c46ec91149d895dc23708768d
353160fb76863d54d07637e36360b6297887cef9c3f21d86d2dc0c4ed4d2c60d
42d2bc98fb3725b62617abc2f643328b1d8e2daeeeb919386b09cdc34b3277aa
439042e0204db71db38bb4cbe130c3e520d35a14c2d9f65200308eaf1886eb64
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4470812cccafc2228171cad13cb84e3aa000b33a0f75110a081aba3f017c8d68
46043be637afe914e3a575c2921cd2904b2c4b59388128ed10625628402d46a6
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4a284bd27f6567269d6c99632718027358d6af76e0c5e377d0cd9b4fe4bc70e1
4ddb826c91074eadb2fa70702a5db72ae3c1af357f405536b6a0467078536cf0
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc
54922aed651f983596d7c4d47b075f10dfa004fffe6c60c15c59ecdc1856529f
54a00c1f0eaaeb0537a8297cda238d8d96c0441a708ebaba46e4f473ac94e689
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
566d1885a01635023ace80d331ae6e3c71e340e8b802a4bc8bfdf17d691a4e4a
5aace294040a33c9bbf8d4be4e8f344b997d4f584e37b6821e9e3775e4b5b6ee
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
619feac205d68f6356fcad13d6758533011a8acc7830e3deb0f763249d7516c0
6530c8d34be69f82411ef76c1a8375e168e8c65cb0f5cdc21d9685ff4a466967
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
671367c3c0e84517f31e61945cd9ba416f89eb653dbc3c4d1828518ef5c627e7
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6b1da5fb307028044d26ac46f0004b005c2f111fb8e68bd2990295162385b0f0
6f684971a6600c115bd3d3102c43a0b09ad5a1a3c45a818269445ba888ce8d58
7035c5ff53fcf923fe2d082ef0e7fecf2f766e25ce6fc3d2d57fa02338f842cb
72df9a502a58fd09ba51ac1b2ec89d51be6c7aa2381da1950f361cc44eabfb42
733ce984c58be1f41905748575e85bcde044306a3163de4110942bf01e855629
78142c1a0831423d3fee5308b442b24659445ac8d7c34b92bde6624cc012f4e8
7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80
7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e
7ca20e01715422f342109ece2859f4aab89c7b84380f96833a8eb75faa6d64d4
810fa2a3b55e453ecd985550d03ec94f57c492a7052f8f271e58110e8dd720eb
81f2e0a9e0cbb9cfcb5d72f56f4eff056370ddd14104251fc7066a8f7d641828
82ec28f3854d18459405d3521985c2c7961f9a1b096c857a8515cd27e195b8fd
8320299532b4b81498d5b3714d49c9d5938883b55f4c2a1efe6f105bf4a942bd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88e7b0718f584603ca29ed368567c07f629f1012e0e4972c3fd95db2e339504d
89daabd1464fddd800ba7034f54113309c4a9cedd73c13a8638b40d3b522ad1b
8af62ffe7b7970898976897e8c6d22fbddec8e6e99c1e9c2ecc2f07aa1fb5805
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8dd58f4bdbe044fb5e05bb595fa7b0be061f21df9f545a21da688ec614c8987a
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
92cde36d24b66c5bb39231c290e47319cc207455557a1c4ddf0b1c584422db77
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
9cac5e10bd3d5631c178a838d415c28b126daca61e10e81e6dc36aa18919174f
a123eebd3f1e4f9b4641216ddc8aee3dd0ecc035cc9d2f6ed7b92c979fccc326
a3fd799acb893b5ebe0d8afccfd19e932cfed9ebf5c18f8f940118afda06d29c
a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d
aa355c393e03f831dbdbcc678ba16396aab95930b1bc5b0549695d40cc955ca1
ab737fa7c8ceb810f22ddead9edd6c05bd7d28043b601241077f55525f986dd0
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
adfc35d72ea1d0feaa677acecd2dafad7fdda56b02a76d7f51ad1bc067c2d499
afff892691aaab5f3a2c411cb09a2674006120f314eb8ac1fc6efb8c66a1c353
b0392294081a8113d3c077796594484f5354ebb23b518d3337738015bddb70aa
b17ad6eab5f71934277721a0558d12da27ef1c1d7688d3dc8e8440165902526b
b226808642bb28ed36793d18833e94ef5768f1c928d4bc86ab1ea7dbe5053c58
b54028de37c84f4aeca11a73d1b1e1bd07de8ef2bc096281b432e497f9dd0ec9
b6613952815dad6f76bdf837b8393d969240d6ff75d10b3953f12e419afeca15
b7bcabdeabc928df5f998a410f656db22b6d8973ad3b73851feaba2ee6a44bc8
b84398de46283985db9507da817ab6fd1c66687b7b9f6d1bf3e0de29bc2b3e28
b88f3bd28c4bb420c3add6c02d6d8cc8771599b9affa036d89f4afc573c881ca
b96ef0d9ef85e362482119da55a9a5d777d77e993d424a33932a8166930a76a7
b987245cc5d802ec15d04b1797d14a16f002aca05348c13f79d31ecedecad8ac
c7a35841c0957d8e8dc3211bece89411757630609c1e47f134c3ff8804fb8d33
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d4a42e8f77ed647b32311ffc6b611bdc77b6296726e51cfc958ac736c63a6654
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d651066ec06c641549632f4776b2cdbf638ca0786adf1c58f44a2728daed9b00
d8e166157d90ed13492b8627e50c606aeab874cd0a5d6ed3b7c8a7988a3d46d3
dbfeb010a0c8acddc38dea97e228787f16ac5e30b4af96b764fa2252fe3827e4
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd26d9d88899d0587c9377964b7d1ab478a318b0fdbee7b9d6a084e4aa6425f7
dd5e60442181c68a2711c4a407db551e51e0af167f16b86775ceb7e56679a045
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2
e0d54140c9e5b41f4f5f8fd5583a8ae657452e2bec968966ab70c26d5ae77719
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6eae0251ff9d9602e618bd779c3c7234b243fb71da5afa4e502443e9c007bd4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa303262b36a12c1c28503edc4d8852388482855d729b169c9bfb1b969adf45
f0b06f5902f28b3ef029c76a5d0baa23b794870af8e4df15d542163b07714276
fdb54396c6418ecf53b3c05f4f702f634b0da3cc81c9ce69b7b1d09776fea509
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e