duo.com Open in urlscan Pro
13.224.95.24 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://duo.com/labs/research/crxcavator-malvertising-2020
Submission: On May 10 via manual (May 10th 2021, 12:36:40 pm UTC) from US

Summary HTTP 79 Redirects Links 34 Behaviour Indicators

Summary

This website contacted 26 IPs in 4 countries across 24 domains to perform 79 HTTP transactions. The main IP is 13.224.95.24, located in United States and belongs to AMAZON-02, US. The main domain is duo.com.
TLS certificate: Issued by Amazon on November 22nd 2020. Valid for: a year.

This is the only time duo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	13.224.95.24 13.224.95.24	16509 (AMAZON-02) (AMAZON-02)
3	2a02:26f0:6c0... 2a02:26f0:6c00:2a3::b33	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	68.232.35.12 68.232.35.12	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:1b:... 2a04:4e42:1b::622	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2bd::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	23.79.155.18 23.79.155.18	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
3	104.111.233.140 104.111.233.140	16625 (AKAMAI-AS) (AKAMAI-AS)
1	205.185.216.10 205.185.216.10	20446 (HIGHWINDS3) (HIGHWINDS3)
2 2	2620:119:50e1... 2620:119:50e1:101::6cae:b25	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20e... 2600:9000:20e8:be00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	185.33.221.52 185.33.221.52	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2a00:1450:400... 2a00:1450:400c:c08::9b	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
4	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700:10:... 2606:4700:10::6816:39f5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
1	3.222.61.237 3.222.61.237	14618 (AMAZON-AES) (AMAZON-AES)
79	26

30 13.224.95.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-24.zrh50.r.cloudfront.net

duo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:2a3::b33 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.cisco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.232.35.12 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2bd::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.79.155.18 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-155-18.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.233.140 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-140.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

metadata-static-files.sfo2.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e1:101::6cae:b25 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20e8:be00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.52 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:39f5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.222.61.237 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-61-237.compute-1.amazonaws.com

hn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	duo.com duo.com	1 MB
5	facebook.net connect.facebook.net	233 KB
4	facebook.com www.facebook.com	451 B
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
4	google-analytics.com www.google-analytics.com	53 KB
3	twitter.com platform.twitter.com syndication.twitter.com	132 KB
3	6sc.co j.6sc.co c.6sc.co b.6sc.co	8 KB
3	bing.com bat.bing.com	9 KB
3	bizible.com cdn.bizible.com	34 KB
3	cisco.com www.cisco.com	66 KB
2	inspectlet.com cdn.inspectlet.com hn.inspectlet.com	69 KB
2	google.de www.google.de	214 B
2	google.com www.google.com	234 B
2	doubleclick.net stats.g.doubleclick.net	152 B
2	quantserve.com secure.quantserve.com pixel.quantserve.com	9 KB
2	marketo.net munchkin.marketo.net	7 KB
1	bizibly.com cdn.bizibly.com	203 B
1	adnxs.com secure.adnxs.com	701 B
1	quantcount.com rules.quantcount.com	1 KB
1	digitaloceanspaces.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com	6 KB
1	licdn.com snap.licdn.com	2 KB
1	googletagmanager.com www.googletagmanager.com	65 KB
1	wistia.net fast.wistia.net	113 KB
1	googleapis.com ajax.googleapis.com	29 KB
79	24

	Domain	Requested by
30	duo.com	duo.com
5	connect.facebook.net	duo.com connect.facebook.net
4	www.facebook.com	duo.com connect.facebook.net
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com cdn.bizible.com
3	bat.bing.com	duo.com bat.bing.com
3	cdn.bizible.com	duo.com cdn.bizible.com
3	www.cisco.com	duo.com
2	platform.twitter.com	duo.com platform.twitter.com
2	www.google.de	duo.com
2	www.google.com	duo.com
2	stats.g.doubleclick.net	www.google-analytics.com cdn.bizible.com
2	px.ads.linkedin.com	2 redirects
2	munchkin.marketo.net	duo.com munchkin.marketo.net
1	hn.inspectlet.com	cdn.bizible.com
1	syndication.twitter.com	platform.twitter.com
1	cdn.inspectlet.com	duo.com
1	cdn.bizibly.com	duo.com
1	pixel.quantserve.com	duo.com
1	b.6sc.co	duo.com
1	secure.adnxs.com	j.6sc.co
1	c.6sc.co	j.6sc.co
1	rules.quantcount.com	secure.quantserve.com
1	px4.ads.linkedin.com	duo.com
1	www.linkedin.com	1 redirects
1	metadata-static-files.sfo2.cdn.digitaloceanspaces.com	duo.com
1	j.6sc.co	duo.com
1	secure.quantserve.com	duo.com
1	snap.licdn.com	www.googletagmanager.com
1	www.googletagmanager.com	duo.com
1	fast.wistia.net	duo.com
1	ajax.googleapis.com	duo.com
79	31

This site contains links to these domains. Also see Links.

Domain
cisco.com
admin.duosecurity.com
signup.duo.com
techpartners.duo.com
www.cisco.com
help.duo.com
community.duo.com
guide.duo.com
itunes.apple.com
play.google.com
status.duo.com
www.facebook.com
twitter.com
www.linkedin.com
crxcavator.io
www.bleepingcomputer.com
blog.malwarebytes.com
www.hybrid-analysis.com
developer.chrome.com
hackerone.com
www.instagram.com
trustportal.cisco.com

Subject Issuer	Validity	Valid
www.duosecurity.com Amazon	`2020-11-22` - `2021-12-21`	a year	crt.sh
www.cisco.com HydrantID SSL CA G3	`2021-01-15` - `2022-01-15`	a year	crt.sh
io.bizible.com DigiCert SHA2 Secure Server CA	`2020-12-14` - `2021-11-15`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
fast.wistia.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-04-12` - `2021-10-12`	6 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2021-03-09` - `2022-03-16`	a year	crt.sh
*.sfo2.cdn.digitaloceanspaces.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-30`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-18` - `2021-08-18`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
hn.inspectlet.com R3	`2021-03-06` - `2021-06-04`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://duo.com/labs/research/crxcavator-malvertising-2020
Frame ID: E50D4324382DD98745AA1C78FE6FDF2A
Requests: 77 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fduo.com
Frame ID: 43B1B3AB53A67C0A80E753CB7D9C1D20
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Inspectlet (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /cdn\.inspectlet\.com/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

79
Requests

100 %
HTTPS

68 %
IPv6

24
Domains

31
Subdomains

26
IPs

4
Countries

2001 kB
Transfer

5237 kB
Size

8
Cookies

34 Outgoing links

These are links going to different origins than the main page.

URL: https://cisco.com/

Search URL Search Domain Scan URL

URL: https://admin.duosecurity.com/
Title: Admin Login

Search URL Search Domain Scan URL

URL: https://signup.duo.com/
Title: Start a Free Trial

Search URL Search Domain Scan URL

URL: https://techpartners.duo.com/
Title: Sign-in

Search URL Search Domain Scan URL

URL: https://www.cisco.com/c/en/us/products/security/partner.html
Title: Sign-in

Search URL Search Domain Scan URL

URL: https://help.duo.com/
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: https://community.duo.com/
Title: Community Forum

Search URL Search Domain Scan URL

URL: https://guide.duo.com/
Title: End-User Guide

Search URL Search Domain Scan URL

URL: https://help.duo.com/s/topic/0TO70000000LIT2GAO/duo-mobile?language=en_US&tabset-5ba34=2
Title: Duo Mobile FAQ

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/us/app/duo-mobile/id422663827?mt=8
Title: Get Duo Mobile for iOS

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.duosecurity.duomobile&hl=en
Title: Get Duo Mobile for Android

Search URL Search Domain Scan URL

URL: https://community.duo.com/c/release-notes/
Title: Release Notes

Search URL Search Domain Scan URL

URL: https://status.duo.com/
Title: System Status

Search URL Search Domain Scan URL

URL: http://signup.duo.com/
Title: Free Trial

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/share?app_id=896409090480292&display=popup&href=https://duo.com/labs/research/crxcavator-malvertising-2020&redirect_uri=https://duo.com/labs/research/crxcavator-malvertising-2020
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://duo.com/labs/research/crxcavator-malvertising-2020&hashtags=duosec&text=Security%20Researchers%20Partner%20With%20Chrome%20To%20Take%20Down%20Browser%20Extension%20Fraud...
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://duo.com/labs/research/crxcavator-malvertising-2020&title=Security%20Researchers%20Partner%20With%20Chrome%20To%20Take%20Down%20Browser%20Extension%20Fraud%20Network%20Affecting%20Millions%20of%20Users&summary=Duo%20Labs%E2%80%99%20CRXcavator%20tool%20used%20to%20uncover%20and%20remove%20a%20large%20scale%20campaign%20of%20malvertising%20Chrome%20extensions.&source=Duo%20Security
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/Bumblebreaches
Title: @Bumblebreaches

Search URL Search Domain Scan URL

URL: https://twitter.com/crxpert
Title: @crxpert

Search URL Search Domain Scan URL

URL: https://twitter.com/bumblebreaches
Title: @bumblebreaches

Search URL Search Domain Scan URL

URL: https://crxcavator.io/
Title: CRXcavator.io

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/3ve-ad-fraud-botnet-with-billions-of-daily-ad-requests-shut-down/
Title: 3VE campaign

Search URL Search Domain Scan URL

URL: https://blog.malwarebytes.com/threat-analysis/2019/06/fake-jquery-campaign-leads-to-malvertising-and-ad-fraud-schemes/
Title: Fake JQuery campaign

Search URL Search Domain Scan URL

URL: https://www.hybrid-analysis.com/sample/0c1a8ca8ad72db5c0c3babc8d2488cc4ac7815d8158d170c5fd4c1056cd7dd87/5984bc447ca3e12189510e23
Title: Hybrid-Analysis Sandbox, Arcadeyum Malware Sample Report

Search URL Search Domain Scan URL

URL: https://www.hybrid-analysis.com/sample/ff6f8c062bb9b4b66de6929ff2921f5fd9eff4b013b32842e9e7e51f609c1f0f?environmentId=100
Title: Hybrid-Analysis Sandbox, Mapstrek Malware Sample Report

Search URL Search Domain Scan URL

URL: https://developer.chrome.com/webstore/user_data
Title: user data privacy policy and secure handling requirements

Search URL Search Domain Scan URL

URL: https://hackerone.com/ddp_reward_program
Title: Developer Data Protection Reward Program

Search URL Search Domain Scan URL

URL: https://signup.duo.com/?location=footer
Title: Start Your Free Trial

Search URL Search Domain Scan URL

URL: https://www.facebook.com/duosec/
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/duosec
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/duosec/
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/duo-security
Title:

Search URL Search Domain Scan URL

URL: https://www.cisco.com/c/en/us/about/legal/privacy.html
Title: Privacy Statement

Search URL Search Domain Scan URL

URL: https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-duo-privacy-data-sheet.pdf
Title: Duo Privacy Data Sheet

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1620650180519&url=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7540%26time%3D1620650180519%26url%3Dhttps%253A%252F%252Fduo.com%252Flabs%252Fresearch%252Fcrxcavator-malvertising-2020%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1620650180519&url=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1620650180519&url=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&liSync=true&e_ipv6=AQK0FSL4RlNmpwAAAXlWR0NS9fKsnBYjP-uvwZoEhLpUQ-_fqd5RRTieKYK68bu2aan_FDQZ

79 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request crxcavator-malvertising-2020 Show response
duo.com/labs/research/ 94 KB
24 KB 1248ms
346ms Document
text/html 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.24 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-24.zrh50.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

943396f964c45361640a73f15ddcd0bc88f81dac071e3960edb5fa51037d47f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: duo.com
:scheme: https
:path: /labs/research/crxcavator-malvertising-2020
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
content-length: 24293
cache-control: max-age=300
content-encoding: gzip
date: Mon, 10 May 2021 12:36:20 GMT
etag: W/"6095945c-1798b"
expires: Mon, 10 May 2021 12:41:20 GMT
last-modified: Fri, 07 May 2021 19:26:20 GMT
referrer-policy: no-referrer-when-downgrade
server: Duo/1.0
strict-transport-security: max-age=63072000; includeSubDomains;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=Edge,chrome=1
x-xss-protection: 1; mode=block
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: vOUqRTdPeNM099SXP85iLP5tBMW3kaMdtgQ30l0EpW8IVSgb9Q2SgA==

GET
H2 200 ctm-core.js Show response
www.cisco.com/c/dam/cdc/t/ 23 KB
7 KB 34ms
10ms Script
application/x-javascript 2a02:26f0:6c00:2a3::b33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisco.com/c/dam/cdc/t/ctm-core.js

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a02:26f0:6c00:2a3::b33 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

b7124963fb4811be34358167d06f9680370906149be2c53cb822fdb20d688809

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .cisco.com .jasper.com .ciscospark.com .ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com .webex.com .cdw.com .cdwg.com .cdw.ca .meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com .itquotes.ie dteonline.com ampito-cisco.com arkphire.com .insight.com .ccsmedia.com .ebuyer.com .lambda-tek.com .storm-technologies.com .vohkus.com .bechtle.com .rainfocus.com .broadbandbuyer.com .hardware.com shop.redpontem.com;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 503
date: Mon, 10 May 2021 12:36:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-edgeconnect-midmile-rtt: 0
vary: Accept-Encoding
content-length: 6610
x-xss-protection: 1; mode=block
pragma: no-cache
cdchost: wemxweb-publish-prod2-01
x-test-debug: nURL=www.cisco.com,realm=0,isRealm=0,realmDomain=0,shortrealm=0,upgradeTest=1
server: Apache
x-frame-options: SAMEORIGIN
etag: "5a5b-5c1af4fdef50e"
strict-transport-security: max-age=31536000
content-type: application/x-javascript
cache-control: max-age=0, no-cache, no-store
content-security-policy: upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com;
accept-ranges: bytes
expires: Mon, 10 May 2021 12:36:20 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 86 KB
33 KB 43ms
8ms Script
application/x-javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: 1c089f77f3ddbfe385e7976439283a0c61ce2c9f89c30424d31901549150d82f

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:20 GMT
content-encoding: gzip
last-modified: Thu, 06 May 2021 22:41:02 GMT
server: ECS (frb/67D4)
age: 45546
etag: "f82a59e4c842d71:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 33770

GET
H2 200 production-2018.css
duo.com/site/themes/duo/css/ 514 KB
99 KB 231ms
230ms Stylesheet
text/css 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://duo.com/site/themes/duo/css/production-2018.css?v=1616441364
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 7746b9fe29ee184e99bc91d5155f4b98767ca1d5a8e360f33a44f89d569ca034

Request headers

:path: /site/themes/duo/css/production-2018.css?v=1616441364
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 05:55:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Mar 2021 19:29:24 GMT
server: Duo/1.0
age: 24071
etag: W/"6058f014-8073a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: FLlI3qbj7ab2194RHrDI0pWnvgM3sZcjdLntJDOepIOY054uSjGB0g==
expires: Tue, 10 May 2022 05:55:08 GMT

GET
H2 200 aW1nL2Npc2NvLWxvZ28tYmxhY2stdHJhbnNwYXJlbnQucG5n
duo.com/img/asset/ 3 KB
3 KB 616ms
609ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://duo.com/img/asset/aW1nL2Npc2NvLWxvZ28tYmxhY2stdHJhbnNwYXJlbnQucG5n?w=130&s=2da847468153f1190a1873cbcfb41a7c

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.24 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-24.zrh50.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

5dc02d362c712a657f60913d6491d5d2807c8318e516175feaeb2c025a2be14c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /img/asset/aW1nL2Npc2NvLWxvZ28tYmxhY2stdHJhbnNwYXJlbnQucG5n?w=130&s=2da847468153f1190a1873cbcfb41a7c
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:04:23 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
content-length: 3038
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge,chrome=1
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 16 Oct 2020 17:55:21 GMT
server: Duo/1.0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains;
content-type: image/png
cache-control: max-age=300
x-amz-cf-id: iDJuZaUCE3CmeyUQ9BjYpBCeD_Jr-eDETuW7bCey9r9Rkxv6Wo9fdw==
expires: Mon, 10 May 2021 12:41:20 GMT

GET
H2 200 duoLogo-web.png
duo.com/assets/img/ 4 KB
5 KB 194ms
186ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/duoLogo-web.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 0aaf8fdc65024d83866292d64c2dd26ca82721abc20b77ba185519b5a1b9499e

Request headers

:path: /assets/img/duoLogo-web.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 05:55:09 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Wed, 24 Oct 2018 13:44:59 GMT
server: Duo/1.0
age: 24071
etag: "5bd0775b-10f6"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 4342
x-amz-cf-id: NdMLEb6Ta9ah2hITlzamvmrOn_h_X2JBib3lx1pNQ7PcPC3X2WTDdg==
expires: Tue, 10 May 2022 05:55:09 GMT

GET
H2 200 product_demos_graphic-1603997546.svg
duo.com/assets/img/nav/ 2 KB
1 KB 156ms
149ms Image
image/svg+xml 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/nav/product_demos_graphic-1603997546.svg
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 22f82c70a323ef6ed2c8981965a12aa369a6b7b91f90d33a016c59bd5e390f3f

Request headers

:path: /assets/img/nav/product_demos_graphic-1603997546.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 05:55:09 GMT
content-encoding: gzip
last-modified: Mon, 14 Dec 2020 17:35:13 GMT
server: Duo/1.0
age: 24071
etag: W/"5fd7a251-89f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: iJnePUg7uRg2TlGn3kj84cFGaxog62U8Dsyjzb3MJVZVFueGQ0xVcw==
expires: Tue, 10 May 2022 05:55:09 GMT

GET
H2 200 pricing_image-1603998405.jpg
duo.com/assets/img/nav/ 43 KB
43 KB 159ms
152ms Image
image/jpeg 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/nav/pricing_image-1603998405.jpg
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: d004fa4c0706682f1f30d8375996f15b658e85a03d3f454c23c239a6f1db8c86

Request headers

:path: /assets/img/nav/pricing_image-1603998405.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Tue, 04 May 2021 10:56:09 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Mon, 14 Dec 2020 17:35:13 GMT
server: Duo/1.0
age: 524410
etag: "5fd7a251-aaf4"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 43764
x-amz-cf-id: tt_qP_Gh8wnA2mgAoACOu3bWhpDOkrNya95_ad2aPAcS9fPD8J30Hg==
expires: Wed, 04 May 2022 10:56:09 GMT

GET
H2 200 solutions_passwordless_graphic.svg
duo.com/assets/img/nav/ 6 KB
3 KB 167ms
160ms Image
image/svg+xml 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/nav/solutions_passwordless_graphic.svg
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 6db42b3cd9e93ca379f914c6612ed66097e027a352340d2a87c1a40dfc302d58

Request headers

:path: /assets/img/nav/solutions_passwordless_graphic.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 05:55:09 GMT
content-encoding: gzip
last-modified: Mon, 14 Dec 2020 17:35:13 GMT
server: Duo/1.0
age: 24071
etag: W/"5fd7a251-1732"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: jrtTEruLPeWDaY2QL1JdSyBW4e-P4wwhzgZ590qacOch_M5Gs_HZgA==
expires: Tue, 10 May 2022 05:55:09 GMT

GET
H2 200 support_image_box-(1).jpg
duo.com/assets/img/nav/ 36 KB
36 KB 189ms
182ms Image
image/jpeg 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/nav/support_image_box-(1).jpg
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: bbc8f5ea9a017d056d59d05362a785c8f2326d9248e2a549113917e4feb2f81f

Request headers

:path: /assets/img/nav/support_image_box-(1).jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Tue, 04 May 2021 10:56:09 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Mon, 14 Dec 2020 17:35:13 GMT
server: Duo/1.0
age: 524410
etag: "5fd7a251-8f93"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 36755
x-amz-cf-id: 1LFB1eRA2YU9vXKIzBmJljqhcuA-VXiFatHfhDMzRE_79Yptx7otIg==
expires: Wed, 04 May 2022 10:56:09 GMT

GET
H2 200 partnerships_image.jpg
duo.com/assets/img/nav/ 30 KB
31 KB 192ms
185ms Image
image/jpeg 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/nav/partnerships_image.jpg
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: c6f27f3115c72e3e3f02ab03dbc314905a55ba33b472e25d90c6ab3df4767f97

Request headers

:path: /assets/img/nav/partnerships_image.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 05:55:09 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Mon, 14 Dec 2020 17:35:13 GMT
server: Duo/1.0
age: 24071
etag: "5fd7a251-79ad"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 31149
x-amz-cf-id: K0JYTyoj4pFNX-48PLGHqjiWQ5MvKKZc4LvclpZKn2vFdosCFZseRw==
expires: Tue, 10 May 2022 05:55:09 GMT

GET
H2 200 support_image-1607014407.jpg
duo.com/assets/img/nav/ 34 KB
35 KB 193ms
187ms Image
image/jpeg 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/nav/support_image-1607014407.jpg
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 676829f6bf31dc073e0c8ed6bf27a8197b6970441dee958d73982ffd2bc707f7

Request headers

:path: /assets/img/nav/support_image-1607014407.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 05:55:09 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Mon, 14 Dec 2020 17:35:13 GMT
server: Duo/1.0
age: 24071
etag: "5fd7a251-88dd"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 35037
x-amz-cf-id: mHq7sRT6TxM4Mf6WgPtlQmp4ICiih2q2cWJvpdugjO6T95dtdsB6iw==
expires: Tue, 10 May 2022 05:55:09 GMT

GET
H2 200 docs_image.jpg
duo.com/assets/img/ 40 KB
41 KB 163ms
157ms Image
image/jpeg 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/docs_image.jpg
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 3b25d93c9c709ddd09f2e02c075f8eb72bec69e54f63e11685e8354bcaebe870

Request headers

:path: /assets/img/docs_image.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Tue, 04 May 2021 10:56:09 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Mon, 14 Dec 2020 17:35:13 GMT
server: Duo/1.0
age: 524410
etag: "5fd7a251-a155"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 41301
x-amz-cf-id: c_a-xQpw81STcNNtRSLQ_tnNsbCof2qZ1RSP6BrJZOu4PKT63OJO4Q==
expires: Wed, 04 May 2022 10:56:09 GMT

GET
H2 200 labs_icon.svg
duo.com/assets/img/nav/ 4 KB
2 KB 194ms
187ms Image
image/svg+xml 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/nav/labs_icon.svg
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 126efda5fb974d1c8ded33cd64fd11a5cfe7d2148cb7f9539493fdde7f0a36ae

Request headers

:path: /assets/img/nav/labs_icon.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Tue, 04 May 2021 10:56:09 GMT
content-encoding: gzip
last-modified: Mon, 14 Dec 2020 17:35:13 GMT
server: Duo/1.0
age: 524410
etag: W/"5fd7a251-e7c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: FfS76b4gLqLFZJvFCoqNPiEev19VNJCFQ2OtFJiaPbIlK_wjM8EoMg==
expires: Wed, 04 May 2022 10:56:09 GMT

GET
H2 200 ebook_nav_feature(1).jpg
duo.com/assets/img/nav/ 40 KB
41 KB 191ms
184ms Image
image/jpeg 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/nav/ebook_nav_feature(1).jpg
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 90bc1e5f348c6b642ceeb047c69f316e6b69c0b1c2e613dc83a3504aae9b0448

Request headers

:path: /assets/img/nav/ebook_nav_feature(1).jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Tue, 04 May 2021 10:56:09 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 30 Mar 2021 14:40:09 GMT
server: Duo/1.0
age: 524410
etag: "60633849-a0a0"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 41120
x-amz-cf-id: cklopzcstyewherFByHJbVq0dVkTZfJtbxkqCqJEZsCcmAnhUcYwfA==
expires: Wed, 04 May 2022 10:56:09 GMT

GET
H2 200 jamila-kaya.png
duo.com/assets/img/avatars/ 70 KB
70 KB 302ms
296ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/avatars/jamila-kaya.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 9975e97322342593bff471c165befc6fc7c07b8476f69b93b75244275acdc38d

Request headers

:path: /assets/img/avatars/jamila-kaya.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 11 Feb 2020 17:05:12 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5e42dec8-11801"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 71681
x-amz-cf-id: blWWXuZRqw72HUkE0yOa4KZ_-GLCU5Zn-J2rMuf61kjSdeSzyYqejg==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 jrickerd.jpg
duo.com/assets/img/avatars/ 32 KB
32 KB 596ms
591ms Image
image/jpeg 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/avatars/jrickerd.jpg
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 63985b5d6182ed787cb906a6ecfac4c07d2f08780052072d50d4f9159aa7979f

Request headers

:path: /assets/img/avatars/jrickerd.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Wed, 20 Feb 2019 22:05:11 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5c6dcf17-7fa4"
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 32676
x-amz-cf-id: T83kThnLQ0lsZVMtGziDc0221dDLOyFm7mL8yX2QCQ85srHzYYD3zQ==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 image10.png
duo.com/assets/img/labs/research/img/malicious-chrome-extension/ 19 KB
20 KB 777ms
772ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/labs/research/img/malicious-chrome-extension/image10.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: f2e2befdc635bdfc136ab2c8c51def88023700d950d0d0b910f8bfc70ed08a6a

Request headers

:path: /assets/img/labs/research/img/malicious-chrome-extension/image10.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 11 Feb 2020 01:10:15 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5e41fef7-4df6"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 19958
x-amz-cf-id: 44sgvF220YZ1K1eB2pBYiZgsd3nVKlPw8uJYYMb1XMAWhs_rRD26yw==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 image8.png
duo.com/assets/img/labs/research/img/malicious-chrome-extension/ 30 KB
31 KB 301ms
296ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/labs/research/img/malicious-chrome-extension/image8.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: e304e5cb25a306d0ca8e90e7cd3ea9826ac0c3d2d0111ab9ab3d28a7bd349618

Request headers

:path: /assets/img/labs/research/img/malicious-chrome-extension/image8.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 11 Feb 2020 01:10:15 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5e41fef7-7856"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 30806
x-amz-cf-id: gs40tqL8tgs3izE3ADi7NMo1gDj9ROhidabaO41HU54QW2fBur1zXQ==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 image9.png
duo.com/assets/img/labs/research/img/malicious-chrome-extension/ 20 KB
20 KB 625ms
620ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/labs/research/img/malicious-chrome-extension/image9.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: e49f0d22c978f1d7375982a28b5c2308cd45ad085a9a0b2c9c85bdadd51fb8a6

Request headers

:path: /assets/img/labs/research/img/malicious-chrome-extension/image9.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 11 Feb 2020 01:10:15 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5e41fef7-4f51"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 20305
x-amz-cf-id: 8NEompSwGF7We6o5dsoZlhwPH14zAd3tAD94jE-_oOeuU9e_27JC1g==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 image1.png
duo.com/assets/img/labs/research/img/malicious-chrome-extension/ 21 KB
22 KB 787ms
782ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/labs/research/img/malicious-chrome-extension/image1.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 75b0193374d4cebff89c035cb232273506528a7f555a03f79fedcb42dfd4a0ee

Request headers

:path: /assets/img/labs/research/img/malicious-chrome-extension/image1.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 11 Feb 2020 01:10:15 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5e41fef7-5561"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 21857
x-amz-cf-id: Oy5lWFL4qNlyKqD34U3DOBZ__BRN8cWCy6nZHHR3T2AjbxUldClBWQ==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 image2.png
duo.com/assets/img/labs/research/img/malicious-chrome-extension/ 22 KB
23 KB 811ms
807ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/labs/research/img/malicious-chrome-extension/image2.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: af3d012217578f064770dc2e04fdc95e416f66d4145dade9cf7ba30cab07f42c

Request headers

:path: /assets/img/labs/research/img/malicious-chrome-extension/image2.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 11 Feb 2020 01:10:15 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5e41fef7-5883"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 22659
x-amz-cf-id: obz9AmiVdlKeikjxTJw5XxasvXuibquCH043RvVAL91xj4FroXQgTQ==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 image11.png
duo.com/assets/img/labs/research/img/malicious-chrome-extension/ 9 KB
9 KB 595ms
591ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/labs/research/img/malicious-chrome-extension/image11.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 3aeef4412cfb339fc9199f6bcad18c46bb7c0c77854171cb6ccf0a2bce35e565

Request headers

:path: /assets/img/labs/research/img/malicious-chrome-extension/image11.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 11 Feb 2020 01:10:15 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5e41fef7-23e1"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 9185
x-amz-cf-id: GQcIg3cX3AYDtYkGGT2XQWE5NYQOOnavfTK2ULjnwKMKbKSWGHCq6g==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 image3.png
duo.com/assets/img/labs/research/img/malicious-chrome-extension/ 4 KB
4 KB 624ms
621ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/labs/research/img/malicious-chrome-extension/image3.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 5c2556b8914bc72bd7dd9c0b71bb2c5213e25502d1c2230b3bbd8b0d0b4f69b0

Request headers

:path: /assets/img/labs/research/img/malicious-chrome-extension/image3.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 11 Feb 2020 01:10:15 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5e41fef7-fe8"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 4072
x-amz-cf-id: Ch3fJ3HpXzcp7NubrsDiYUP0jZJ5ZuziX9wgjk1FrfBa1PatJ4a2gg==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 image5.png
duo.com/assets/img/labs/research/img/malicious-chrome-extension/ 17 KB
18 KB 611ms
608ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/labs/research/img/malicious-chrome-extension/image5.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: dd7b5a7c36da7616975b166ddefdb90381de2346cd7c7999d69f69bd9395b8d0

Request headers

:path: /assets/img/labs/research/img/malicious-chrome-extension/image5.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 11 Feb 2020 01:10:15 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5e41fef7-4579"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 17785
x-amz-cf-id: tdhxX0D-KqIcQatQt0ij5t6pX4Ph8HKiG7cvsIJyKW3NWmjhiwoDQA==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 image6.png
duo.com/assets/img/labs/research/img/malicious-chrome-extension/ 16 KB
17 KB 308ms
305ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/labs/research/img/malicious-chrome-extension/image6.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 916f6b800d64a69e5a8ffdaaa609f901835a1c807f4db1075a95ce2fb5351c1b

Request headers

:path: /assets/img/labs/research/img/malicious-chrome-extension/image6.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 11 Feb 2020 01:10:15 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5e41fef7-412e"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 16686
x-amz-cf-id: ya3t__fFFeEKVQ6U0nahthXhyuruNbn8CTNnFaXlA-j-qv_NzP4fxw==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 image7.png
duo.com/assets/img/labs/research/img/malicious-chrome-extension/ 13 KB
13 KB 611ms
608ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/labs/research/img/malicious-chrome-extension/image7.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 4020c92ab065a96b8859d9912a78fa88a80eb5c07dd8ac2836369180b80c5fc2

Request headers

:path: /assets/img/labs/research/img/malicious-chrome-extension/image7.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 11 Feb 2020 01:10:15 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5e41fef7-336e"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 13166
x-amz-cf-id: hQJJNw-ZSx_oQslCyRB71jsDsFfZ0vUhFONp2UE3zm2WUqA5-3_Fgg==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 image4.png
duo.com/assets/img/labs/research/img/malicious-chrome-extension/ 30 KB
30 KB 611ms
608ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/labs/research/img/malicious-chrome-extension/image4.png
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 571468e1c6bf69b4d5676cbe9891daf1d343892baf2bc01e7794abe344f7b5e0

Request headers

:path: /assets/img/labs/research/img/malicious-chrome-extension/image4.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 12:36:20 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Tue, 11 Feb 2020 01:10:15 GMT
server: Duo/1.0
x-amz-cf-pop: ZRH50-C1
etag: "5e41fef7-76a7"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 30375
x-amz-cf-id: DgWUoTmFsePGeExqbi2KGspoEM1MQlp8mNRRsa9OENlic_wZxLBJcA==
expires: Tue, 10 May 2022 12:36:20 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.4/ 82 KB
29 KB 13ms
6ms Script
text/javascript 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 09:52:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 269044
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29725
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 May 2022 09:52:16 GMT

GET
H2 200 production-2018.min.js Show response
duo.com/site/themes/duo/js/build/ 753 KB
269 KB 196ms
188ms Script
application/javascript 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://duo.com/site/themes/duo/js/build/production-2018.min.js?v=1615507511
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 2bf364872a8874dcdee1e42fc37f32a3faf66867f53a5b948d8350825b2ff95f

Request headers

:path: /site/themes/duo/js/build/production-2018.min.js?v=1615507511
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 05:55:09 GMT
content-encoding: gzip
last-modified: Fri, 12 Mar 2021 00:05:11 GMT
server: Duo/1.0
age: 24071
etag: W/"604ab037-bc3dc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: _cmNEEUryOJxwfGYaC55o11ShvU7_D1Qoi0NfcPJYzrrDoMuqcwAfA==
expires: Tue, 10 May 2022 05:55:09 GMT

GET
H2 200 E-v1.js Show response
fast.wistia.net/assets/external/ 607 KB
113 KB 9ms
6ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.net/assets/external/E-v1.js

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c6e046cd2e06bc320fd21c9e216209481c9f115a1ace68615dd0d6beb01ca354

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:20 GMT
content-encoding: br
vary: Accept-Encoding
age: 1817
x-cache: HIT, HIT
content-length: 115237
x-served-by: cache-dca17767-DCA, cache-hhn4076-HHN
access-control-allow-origin: *
x-browser-version: 89
last-modified: Sun, 09 May 2021 16:03:34 GMT
x-timer: S1620650180.426770,VS0,VE0
etag: "609807d6-1c225"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 335

GET
H2 200 ctm.js Show response
www.cisco.com/c/dam/cdc/t/ 123 KB
29 KB 16ms
8ms Script
application/x-javascript 2a02:26f0:6c00:2a3::b33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisco.com/c/dam/cdc/t/ctm.js

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a02:26f0:6c00:2a3::b33 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

76cb4ceac5ef2081cdf6aed29646ee2db982899de59a98cdf37e19a2f690b301

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .cisco.com .jasper.com .ciscospark.com .ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com .webex.com .cdw.com .cdwg.com .cdw.ca .meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com .itquotes.ie dteonline.com ampito-cisco.com arkphire.com .insight.com .ccsmedia.com .ebuyer.com .lambda-tek.com .storm-technologies.com .vohkus.com .bechtle.com .rainfocus.com .broadbandbuyer.com .hardware.com shop.redpontem.com;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 598
date: Mon, 10 May 2021 12:36:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-edgeconnect-midmile-rtt: 1
vary: Accept-Encoding
content-length: 29099
x-xss-protection: 1; mode=block
pragma: no-cache
cdchost: wemxweb-publish-prod2-05
x-test-debug: nURL=www.cisco.com,realm=0,isRealm=0,realmDomain=0,shortrealm=0,upgradeTest=1
server: Apache
x-frame-options: SAMEORIGIN
etag: "1ea5f-5c1af4fe3890d"
strict-transport-security: max-age=31536000
content-type: application/x-javascript
cache-control: max-age=0, no-cache, no-store
content-security-policy: upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com;
accept-ranges: bytes
expires: Mon, 10 May 2021 12:36:20 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 244 KB
65 KB 32ms
29ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ddec5ed21aeaaa2860f16721382ba5263eae2119d902ced9643fa078e59ee5b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:20 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66755
x-xss-protection: 0
last-modified: Mon, 10 May 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 10 May 2021 12:36:20 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 568
date: Mon, 10 May 2021 12:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 10 May 2021 14:26:52 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 17ms
16ms Script
application/x-javascript 2a02:26f0:6c00:2bd::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2bd::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 10 May 2021 12:36:20 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
X-Check-Cacheable: YES
Cache-Control: max-age=41147
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 92 KB
24 KB 14ms
13ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a517525b8a7d39bcaf1cf5f9695c5be8fce7a6b920a3924c1a4f70e8ea748c05

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23959
x-fb-rlafr: 0
pragma: public
x-fb-debug: hYMdrVhfKImUcWXh2eQXYsYHMaF414cTlnl9uDFc1WlGpSZxvf+52LycziaEToQhIQiEMT3Vpfw8IlNSysvmAg==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 10 May 2021 12:36:20 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK munchkin-beta.js Show response
munchkin.marketo.net/ 1 KB
1 KB 38ms
7ms Script
application/x-javascript 23.79.155.18
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin-beta.js
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.79.155.18 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-155-18.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ab041c9c625633155ea7f9eba22f96e40b4102c3286214e54c5a5d17e8c0bf78

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 10 May 2021 12:36:20 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Apr 2021 01:05:09 GMT
Server: AkamaiNetStorage
ETag: "78268ff3ba8cffd688d6ab0b58e671e6:1617325509.205315"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 bat.js Show response
bat.bing.com/ 30 KB
9 KB 53ms
29ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 3183481f09352eade87e53d32ac3c1f6ab5b853e2b5bde4035834680b53d9299

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:20 GMT
content-encoding: gzip
last-modified: Tue, 13 Apr 2021 17:21:02 GMT
x-msedge-ref: Ref A: DB243B7FE343452E8FA04ABF458FBFE9 Ref B: FRAEDGE1414 Ref C: 2021-05-10T12:36:20Z
etag: "0d398608930d71:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8910

GET
H2 200 aquant.js Show response
secure.quantserve.com/ 23 KB
9 KB 44ms
14ms Script
application/javascript 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/aquant.js?a=p-4CduNLZtPCAtp
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8000d797097e74bfff377d2f3fca7e046ee4490ea4edb70c2c0b189575847629

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:20 GMT
content-encoding: gzip
etag: "9iaPKZLFg6XYoMRMhilE8g=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Mon, 17 May 2021 12:36:20 GMT

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 15 KB
7 KB 44ms
7ms Script
application/javascript 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/6si.min.js
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-140.deploy.static.akamaitechnologies.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 7f072dbb779b20cea6866f3f8d398af9cafe418e7e038aa0702feddf741f040c

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 10 May 2021 12:36:20 GMT
Content-Encoding: gzip
Last-Modified: Tue, 02 Feb 2021 06:46:48 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "6018f558-3ab9"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 6144

GET
H/1.1 200
OK lp.js Show response
metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/ 5 KB
6 KB 42ms
10ms Script
application/x-javascript 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

20b11d2c0012e286c38350d6c9b2ba03341667d9bc7226bf526fb47e89668fd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 10 May 2021 12:36:20 GMT
Connection: Keep-Alive
Last-Modified: Fri, 18 Dec 2020 19:31:32 GMT
x-amz-request-id: tx000000000000154bb6210-0060903e6e-5ed52e8-sfo2a
ETag: "23752d527a82df9be63eb97fe04bceb3"
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1620650180.dop106.fr8.t,1620650180.cds209.fr8.shn,1620650180.dop106.fr8.t,1620650180.cds222.fr8.c
Content-Type: application/x-javascript
Cache-Control: max-age=20522
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 5105

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1620650180519&url=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7540%26time%3D1620650180519%26url%3Dhttps%253A%252F%252Fduo.com%252Flabs%252Frese...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1620650180519&url=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1620650180519&url=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&liSync=true&e_ipv6=AQK0FSL4RlNmpwAAAXlWR0NS9fK...

0
64 B

184ms
183ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1620650180519&url=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&liSync=true&e_ipv6=AQK0FSL4RlNmpwAAAXlWR0NS9fKsnBYjP-uvwZoEhLpUQ-_fqd5RRTieKYK68bu2aan_FDQZ
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:21 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: dW+n8cC0fRbwf9QRjysAAA==

Redirect headers

date: Mon, 10 May 2021 12:36:21 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1620650180519&url=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&liSync=true&e_ipv6=AQK0FSL4RlNmpwAAAXlWR0NS9fKsnBYjP-uvwZoEhLpUQ-_fqd5RRTieKYK68bu2aan_FDQZ
x-li-proto: http/2
x-li-pop: prod-esv5
content-length: 0
x-li-uuid: /4uy4cC0fRaQHt9F/SoAAA==

GET
H2 200 aW1nL2hlYWRlci1pbWFnZXMvUmVzZWFyY2gtSGVhZGVyX0xhYnMuanBn
duo.com/img/asset/ 133 KB
134 KB 869ms
868ms Image
image/jpeg 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://duo.com/img/asset/aW1nL2hlYWRlci1pbWFnZXMvUmVzZWFyY2gtSGVhZGVyX0xhYnMuanBn?fit=crop&w=1440&h=700&s=84ffbdfbe4f561700f0ccf2d08475dea

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.24 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-24.zrh50.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

f5c678d1604399f9059a81566c2381b3e15b01e39aaef97e05b56a0998e985bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /img/asset/aW1nL2hlYWRlci1pbWFnZXMvUmVzZWFyY2gtSGVhZGVyX0xhYnMuanBn?fit=crop&w=1440&h=700&s=84ffbdfbe4f561700f0ccf2d08475dea
pragma: no-cache
cookie: _biz_uid=15a48b9361334511a9af400e856a0c3b; _biz_sid=67b19a; _biz_nA=1; _biz_pendingA=%5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3D15a48b9361334511a9af400e856a0c3b%26_biz_s%3D67b19a%26_biz_l%3Dhttps%253A%252F%252Fduo.com%252Flabs%252Fresearch%252Fcrxcavator-malvertising-2020%26_biz_t%3D1620650180435%26_biz_i%3DSecurity%2520researchers%2520partner%2520with%2520Chrome%2520to%2520take%2520down%2520browser%2520extension%2520fraud%2520network%2520affecting%2520millions%2520of%2520users.%2520%257C%2520Duo%2520Security%26_biz_n%3D0%26a%3Dduo.com%26rnd%3D416912%22%5D; _gcl_au=1.1.199295629.1620650180
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:21 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
content-length: 136066
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge,chrome=1
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 19 Oct 2020 14:30:05 GMT
server: Duo/1.0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains;
content-type: image/jpeg
cache-control: max-age=300
x-amz-cf-id: 9w4LmKSM0A1o6u-7bUVP3Tmi6k4quBOiPME5wBt346aIbXCMVz1XIw==
expires: Mon, 10 May 2021 12:41:21 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 29ms
14ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1632415669&t=pageview&_s=1&dl=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&ul=en-us&de=UTF-8&dt=Security%20researchers%20partner%20with%20Chrome%20to%20take%20down%20browser%20extension%20fraud%20network%20affecting%20millions%20of%20users.%20%7C%20Duo%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAADQAAAAC~&jid=516796762&gjid=667915440&cid=1724148818.1620650181&tid=UA-20141016-1&_gid=1552512967.1620650181&_r=1&gtm=2wg4s0MFPB9D&z=1586079988

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 10 May 2021 12:36:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 js Show response
www.google-analytics.com/gtm/ 87 KB
34 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-WV3KTWL&t=gtm3&cid=1724148818.1620650181

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5666e7b91a6e7eb1468e89d8102c57e0d1f3bfbd2a8ff3378f1af6b61fd94203

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:20 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34726
x-xss-protection: 0
last-modified: Mon, 10 May 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 10 May 2021 12:36:20 GMT

GET
H3-29 200 216127175396154 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 206ms
204ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/216127175396154?v=2.9.39&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2261fa08f74a636e182fd5c158d9168262a90d726226c6ea76536ac78d5097e6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: 9Upqj6rAnkBbiLsoyxr8VS8gg2KLc7N0xoKcuStiZDts73QxyVG5r0FxYBgXmzqOPVfkG829vEUxt6hqQ/Tnbg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 10 May 2021 12:36:20 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/160/ 11 KB
5 KB 48ms
48ms Script
application/x-javascript 23.79.155.18
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/160/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin-beta.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.79.155.18 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-155-18.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 10 May 2021 12:36:20 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Feb 2021 02:54:38 GMT
Server: AkamaiNetStorage
ETag: "19a9335fd71267d56e65bc19390f3100:1613703278.138281"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4811
Expires: Wed, 18 Aug 2021 12:36:20 GMT

GET
H2 200 rules-p-4CduNLZtPCAtp.js Show response
rules.quantcount.com/ 2 KB
1 KB 89ms
42ms Script
application/javascript 2600:9000:20e8:be00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-4CduNLZtPCAtp.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/aquant.js?a=p-4CduNLZtPCAtp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:be00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d48d4cabc9c195baa08e42be70679688d706970ddd862bd91b857109d2a8874

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:20 GMT
content-encoding: gzip
x-amz-cf-pop: TXL52-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Wed, 03 Feb 2021 00:36:24 GMT
server: AmazonS3
etag: W/"7d60bb0c5a7bdaca5a9466f9ef246056"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 8e2919534da029bb37f64b265b219373.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-id: kKUuFa-QCRKbtSuEuGZfCYME8eTuQPnYmfLE7B2KReoFlDT0YB4zFw==

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
363 B 41ms
25ms XHR
text/plain 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-140.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2210df28b3ed6e9d7b11b3550f5adb31b5b667bdba6f56348c3aee35dbf4b400

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 10 May 2021 12:36:20 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://duo.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
701 B 69ms
26ms XHR
application/json 185.33.221.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 10 May 2021 12:36:20 GMT
X-Proxy-Origin: 185.220.70.211; 185.220.70.211; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.53:80
AN-X-Request-Uuid: a4460963-1001-4b74-90c7-6615d86f0b29
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://duo.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 4006052 Show response
bat.bing.com/p/action/ 0
126 B 38ms
37ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/4006052
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ARR/3.0
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 10 May 2021 12:36:20 GMT
cache-control: private,max-age=86400
x-msedge-ref: Ref A: E2479B530D244D5C82251E67277EF9E3 Ref B: FRAEDGE1414 Ref C: 2021-05-10T12:36:20Z
x-powered-by: ARR/3.0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
82 B 33ms
33ms XHR
text/plain 2a00:1450:400c:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-20141016-1&cid=1724148818.1620650181&jid=516796762&gjid=667915440&_gid=1552512967.1620650181&_u=YEBAAAACQAAAAC~&z=1953400474

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 10 May 2021 12:36:20 GMT
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
117 B 29ms
29ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-20141016-1&cid=1724148818.1620650181&jid=516796762&_u=YEBAAAACQAAAAC~&z=3020967

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 May 2021 12:36:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
30ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-20141016-1&cid=1724148818.1620650181&jid=516796762&_u=YEBAAAACQAAAAC~&z=3020967

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 May 2021 12:36:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 7ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: duo.com
URL: https://duo.com/site/themes/duo/js/build/production-2018.min.js?v=1615507511
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6738) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 10 May 2021 12:36:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/6738)
Age: 192
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: duo.com
URL: https://duo.com/site/themes/duo/js/build/production-2018.min.js?v=1615507511

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9cf5b6b2c112942d664e9fb0fc7f18e994cfc4c91e9f1a7a04a2613f5812de1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 95xg383i8oaS9Qar44hRYQ==
cross-origin-resource-policy: cross-origin
expires: Mon, 10 May 2021 12:42:48 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1778
x-fb-rlafr: 0
x-fb-debug: ft/ipW3X7zl3TffOcGJBPG3mFh2Y+i2oeWjlzxYEDHFt99kjFChO4KVgXoMBQQ2yVqLvAsJBvSFdWYkrvSKrjQ==
x-fb-content-md5: 462fdecf04e95e6188ad7ac3df3c9d3d
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 10 May 2021 12:36:21 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "9724af8cc4048f4aedbdd77bc501a05f"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 icon-sprite.20210112.svg Show response
duo.com/site/themes/duo/fonts/ 240 KB
80 KB 158ms
158ms XHR
image/svg+xml 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://duo.com/site/themes/duo/fonts/icon-sprite.20210112.svg
Requested by: Host: duo.com
URL: https://duo.com/site/themes/duo/js/build/production-2018.min.js?v=1615507511
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: d9218d98cd999ad151e3b5ff5e2d7021b93f1c806c49ffc1f60a3f476d64747e

Request headers

:path: /site/themes/duo/fonts/icon-sprite.20210112.svg
pragma: no-cache
cookie: _biz_uid=15a48b9361334511a9af400e856a0c3b; _biz_sid=67b19a; _biz_nA=1; _biz_pendingA=%5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3D15a48b9361334511a9af400e856a0c3b%26_biz_s%3D67b19a%26_biz_l%3Dhttps%253A%252F%252Fduo.com%252Flabs%252Fresearch%252Fcrxcavator-malvertising-2020%26_biz_t%3D1620650180435%26_biz_i%3DSecurity%2520researchers%2520partner%2520with%2520Chrome%2520to%2520take%2520down%2520browser%2520extension%2520fraud%2520network%2520affecting%2520millions%2520of%2520users.%2520%257C%2520Duo%2520Security%26_biz_n%3D0%26a%3Dduo.com%26rnd%3D416912%22%5D; _gcl_au=1.1.199295629.1620650180; _ga=GA1.2.1724148818.1620650181; _gid=GA1.2.1552512967.1620650181; _gat_UA-20141016-1=1; _gd_svisitor=36bb1002cd730000c428996014020000690d0800
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: duo.com
referer: https://duo.com/labs/research/crxcavator-malvertising-2020
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 05:55:10 GMT
content-encoding: gzip
last-modified: Tue, 12 Jan 2021 21:05:19 GMT
server: Duo/1.0
age: 24071
etag: W/"5ffe0f0f-3c031"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 6D3WH1TLdIuRB5sUya9SVVR_YSeqWlQPiYODRhHN7bPjUmlrb9M81A==
expires: Tue, 10 May 2022 05:55:10 GMT

GET
H2 200 ctm.js Show response
www.cisco.com/c/dam/cdc/t/ 123 KB
29 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:6c00:2a3::b33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisco.com/c/dam/cdc/t/ctm.js

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a02:26f0:6c00:2a3::b33 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

76cb4ceac5ef2081cdf6aed29646ee2db982899de59a98cdf37e19a2f690b301

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .cisco.com .jasper.com .ciscospark.com .ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com .webex.com .cdw.com .cdwg.com .cdw.ca .meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com .itquotes.ie dteonline.com ampito-cisco.com arkphire.com .insight.com .ccsmedia.com .ebuyer.com .lambda-tek.com .storm-technologies.com .vohkus.com .bechtle.com .rainfocus.com .broadbandbuyer.com .hardware.com shop.redpontem.com;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 598
date: Mon, 10 May 2021 12:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-edgeconnect-midmile-rtt: 1
vary: Accept-Encoding
content-length: 29099
x-xss-protection: 1; mode=block
pragma: no-cache
cdchost: wemxweb-publish-prod2-05
x-test-debug: nURL=www.cisco.com,realm=0,isRealm=0,realmDomain=0,shortrealm=0,upgradeTest=1
server: Apache
x-frame-options: SAMEORIGIN
etag: "1ea5f-5c1af4fe3890d"
strict-transport-security: max-age=31536000
content-type: application/x-javascript
cache-control: max-age=0, no-cache, no-store
content-security-policy: upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com;
accept-ranges: bytes
expires: Mon, 10 May 2021 12:36:21 GMT

GET
H2 200 select-custom-arrow.png
duo.com/assets/img/background-imgs/ 5 KB
5 KB 154ms
151ms Image
image/png 13.224.95.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duo.com/assets/img/background-imgs/select-custom-arrow.png
Requested by: Host: duo.com
URL: https://duo.com/site/themes/duo/css/production-2018.css?v=1616441364
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-24.zrh50.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 2d361a56342972b826a0cff4f25c9ed1ef87b1da21e1beaa9ccc0582595a1690

Request headers

:path: /assets/img/background-imgs/select-custom-arrow.png
pragma: no-cache
cookie: _biz_uid=15a48b9361334511a9af400e856a0c3b; _biz_sid=67b19a; _biz_nA=1; _biz_pendingA=%5B%22m%2Fipv%3F_biz_r%3D%26_biz_h%3D-1906410348%26_biz_u%3D15a48b9361334511a9af400e856a0c3b%26_biz_s%3D67b19a%26_biz_l%3Dhttps%253A%252F%252Fduo.com%252Flabs%252Fresearch%252Fcrxcavator-malvertising-2020%26_biz_t%3D1620650180435%26_biz_i%3DSecurity%2520researchers%2520partner%2520with%2520Chrome%2520to%2520take%2520down%2520browser%2520extension%2520fraud%2520network%2520affecting%2520millions%2520of%2520users.%2520%257C%2520Duo%2520Security%26_biz_n%3D0%26a%3Dduo.com%26rnd%3D416912%22%5D; _gcl_au=1.1.199295629.1620650180; _ga=GA1.2.1724148818.1620650181; _gid=GA1.2.1552512967.1620650181; _gat_UA-20141016-1=1; _gd_svisitor=36bb1002cd730000c428996014020000690d0800
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: duo.com
referer: https://duo.com/site/themes/duo/css/production-2018.css?v=1616441364
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://duo.com/site/themes/duo/css/production-2018.css?v=1616441364
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 10 May 2021 05:55:10 GMT
via: 1.1 9349ae4f82564896b96f5303b030d189.cloudfront.net (CloudFront)
last-modified: Wed, 24 Oct 2018 13:44:51 GMT
server: Duo/1.0
age: 24071
etag: "5bd07753-139f"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000 public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 5023
x-amz-cf-id: PFEP8YnGqMWNEPWcmNd8_t-iPZGlGGF6loHaH9lX729ApRdDbtpxVQ==
expires: Tue, 10 May 2022 05:55:10 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 478ms
208ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=361da14e9cc9e3c3150a35780c1bec6b&svisitor=36bb1002cd730000c428996014020000690d0800&visitor=290ed9a3-3057-4faa-87b9-2b5d2951e273&session=7d473f7f-8fb5-4162-8751-8ca491c2db87&event=a_pageload&q=%7B%7D&isIframe=false&m=%7B%22description%22%3A%22Duo%20Labs%E2%80%99%20CRXcavator%20tool%20used%20to%20uncover%20and%20remove%20a%20large%20scale%20campaign%20of%20malvertising%20Chrome%20extensions.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Security%20researchers%20partner%20with%20Chrome%20to%20take%20down%20browser%20extension%20fraud%20network%20affecting%20millions%20of%20users.%20%7C%20Duo%20Security%22%7D&cb=50181172&r=&thirdParty=%7B%7D&pageURL=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 10 May 2021 12:36:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 19:02:58 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502962-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 pixel;r=1939662545;labels=_fp.event.Default;rf=0;a=p-4CduNLZtPCAtp;url=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020;uht=2;fpan=1;fpa=P0-681484020-1620650181332;pbcn=u;pbc=...
pixel.quantserve.com/ 35 B
371 B 10ms
9ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1939662545;labels=_fp.event.Default;rf=0;a=p-4CduNLZtPCAtp;url=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020;uht=2;fpan=1;fpa=P0-681484020-1620650181332;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=1558287b-20210421211215;cm=;gdpr=0;ref=;d=duo.com;je=0;sr=1600x1200x24;dst=1;et=1620650181332;tzo=-120;ogl=type.website%2Csite_name.Duo%20Security%2Curl.https%3A%2F%2Fduo%252Ecom%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020%2Ctitle.Security%20researchers%20partner%20with%20Chrome%20to%20take%20down%20browser%20extension%20fraud%20ne%2Cimage.https%3A%2F%2Fduo%252Ecom%2Fassets%2Fimg%2Fseo-images%2Fmeta-labs-research%252Ejpg%2Cimage%3Awidth.1200%2Cimage%3Aheight.630%2Cdescription.Duo%20Labs%E2%80%99%20CRXcavator%20tool%20used%20to%20uncover%20and%20remove%20a%20large%20scale%20campaign%20of%20m

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 May 2021 12:36:21 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29 200 120108061684670 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 9ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/120108061684670?v=2.9.39&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

00acedd785041957c2653165b6afbac86bf32a76b7c00ac237907c1d21c3c967

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74063
x-fb-rlafr: 0
pragma: public
x-fb-debug: seLbABGAC84fQt+nqIS/xcUkg+bMHTuyhIRnvQ2Trr9rTo9exq/HPeP0kJ3+D/sBPxTMfpfRhrkh/TgIF7gAUA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 10 May 2021 12:36:21 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
258 B 8ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=216127175396154&ev=PageView&dl=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&rl=&if=false&ts=1620650181348&sw=1600&sh=1200&v=2.9.39&r=stable&ec=0&o=30&fbp=fb.1.1620650181346.47554897&it=1620650180658&coo=false&exp=l0&rqm=GET

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:21 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 10 May 2021 12:36:21 GMT

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ 213 KB
63 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=ce86965c89b4e5b2eb36e6e8eeb38fe1&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c688dd2b43b7fe1c6dfab54e089139e1ba2a47953b36f8199c29583d665ec7fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://duo.com
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: ST7NDmgAuSqdUTq2c1fgtw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 64498
x-fb-rlafr: 0
x-fb-debug: qfpVAja3SYUy1MF77YzbeNHZHyySKEyh8nHxYmNOzkgTMNATm/2F1exp6WK8MgP0Oy4d1fsC9/QfyFUZcH8umA==
x-fb-content-md5: 10beff6291afb3d9d438ee6be69413be
x-frame-options: DENY
date: Mon, 10 May 2021 12:36:21 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "73fa77746a0b815aa18601cde405dc48"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 10 May 2022 11:53:18 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=120108061684670&ev=PageView&dl=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&rl=&if=false&ts=1620650181528&sw=1600&sh=1200&v=2.9.39&r=stable&ec=0&o=30&fbp=fb.1.1620650181346.47554897&it=1620650180658&coo=false&exp=l0&rqm=GET

Requested by

Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:21 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Mon, 10 May 2021 12:36:21 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
327 B 8ms
7ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=15a48b9361334511a9af400e856a0c3b&_biz_s=67b19a&_biz_l=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&_biz_t=1620650180435&_biz_i=Security%20researchers%20partner%20with%20Chrome%20to%20take%20down%20browser%20extension%20fraud%20network%20affecting%20millions%20of%20users.%20%7C%20Duo%20Security&_biz_n=0&a=duo.com&rnd=416912&cdn_o=a&_biz_z=1620650181535
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6739) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 May 2021 12:36:21 GMT
last-modified: Thu, 06 May 2021 23:56:27 GMT
server: ECS (frb/6739)
age: 304794
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
203 B 9ms
6ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=15a48b9361334511a9af400e856a0c3b&_biz_s=67b19a&_biz_l=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&_biz_t=1620650181541&_biz_i=Security%20researchers%20partner%20with%20Chrome%20to%20take%20down%20browser%20extension%20fraud%20network%20affecting%20millions%20of%20users.%20%7C%20Duo%20Security&a=duo.com&rnd=678231&cdn_o=a&_biz_z=1620650181541
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C2) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 May 2021 12:36:21 GMT
last-modified: Thu, 06 May 2021 23:56:28 GMT
server: ECS (frb/67C2)
age: 304793
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame 43B1 319 KB
103 KB 33ms
32ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fduo.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 153298
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 10 May 2021 12:36:21 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BA)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H2 204 0
bat.bing.com/action/ 0
170 B 28ms
27ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=4006052&Ver=2&mid=e93b6155-a414-4ce8-bf0a-2b30917f19b2&sid=535ddcb0b18c11eb94fe4b24ee4a73dc&vid=535e1880b18c11eb86553d5be4868f3d&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Security%20researchers%20partner%20with%20Chrome%20to%20take%20down%20browser%20extension%20fraud%20network%20affecting%20millions%20of%20users.%20%7C%20Duo%20Security&p=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&r=&lt=2525&evt=pageLoad&msclkid=N&sv=1&rn=631842
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Mon, 10 May 2021 12:36:21 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 6EDD3053004F4100ABB526DD7308A1F3 Ref B: FRAEDGE1414 Ref C: 2021-05-10T12:36:21Z
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 inspectlet.js Show response
cdn.inspectlet.com/ 208 KB
69 KB 39ms
14ms Script
text/javascript 2606:4700:10::6816:39f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.inspectlet.com/inspectlet.js
Requested by: Host: duo.com
URL: https://duo.com/labs/research/crxcavator-malvertising-2020
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:39f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38e7e40f686e91d031023a33128bc8688555e601828a1366fb30e14c434c24f6

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray: 64d33675f85f4e50-FRA
date: Mon, 10 May 2021 12:36:22 GMT
via: 1.1 vegur
cf-cache-status: HIT
server: cloudflare
age: 11
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: s-maxage=60, max-age=14400
content-encoding: gzip
cf-request-id: 09f7e05db700004e50f4a0f000000001

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
606 B 133ms
133ms Script
text/javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=15a48b9361334511a9af400e856a0c3b&_biz_h=-1906410348&cdn_o=a&jsVer=4.20.11.13&a=duo.com
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: 248d1906c14fb77090eba53fc8b9caf1568b13ee0911203d7c0abcfaa963c40c

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:21 GMT
content-encoding: gzip
server: ECS (frb/6711)
etag: F828C878
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: private, must-revalidate, max-age=21600
content-type: text/javascript; charset=utf-8
content-length: 218

POST
H2 200 /
www.facebook.com/tr/ 0
74 B 6ms
6ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarynP6yQICGrVASLD3m

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Mon, 10 May 2021 12:36:22 GMT
content-type: text/plain
access-control-allow-origin: https://duo.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

POST
H2 200 /
www.facebook.com/tr/ 0
31 B 6ms
6ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykglg84A0KUCA60Xk

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Mon, 10 May 2021 12:36:22 GMT
content-type: text/plain
access-control-allow-origin: https://duo.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 43B1 183 B
233 B 119ms
118ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=f51c93a3d877ba9a0db841c3b91a23eb611412d9

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fduo.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_devel /

Resource Hash

ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 12:36:21 GMT
content-encoding: gzip
last-modified: Mon, 10 May 2021 12:36:22 GMT
server: tsa_devel
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 911bbc53377a2c6fc7d6217ce437aab31c52286775955abf9792ab975bc76eb2
content-length: 152

POST
H/1.1 200
OK 679911470 Show response
hn.inspectlet.com/ginit/ 26 B
442 B 333ms
107ms XHR
application/json 3.222.61.237
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hn.inspectlet.com/ginit/679911470
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.222.61.237 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-222-61-237.compute-1.amazonaws.com
Software: Cowboy / Express
Resource Hash: d0b1cb1455ecf8ab5a7eb203460cc7ff790df097c5907eb3d27ff7344282517e

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Mon, 10 May 2021 12:36:22 GMT
Via: 1.1 vegur
Server: Cowboy
X-Powered-By: Express
Access-Control-Allow-Methods: GET, POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://duo.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 26

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
81 B 13ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1632415669&t=event&ni=1&_s=1&dl=https%3A%2F%2Fduo.com%2Flabs%2Fresearch%2Fcrxcavator-malvertising-2020&ul=en-us&de=UTF-8&dt=Security%20researchers%20partner%20with%20Chrome%20to%20take%20down%20browser%20extension%20fraud%20network%20affecting%20millions%20of%20users.%20%7C%20Duo%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=undefined&ea=undefined&_u=aHjAAAADQAAAAC~&jid=556586012&gjid=1945494130&cid=1724148818.1620650181&tid=UA-20141016-1&_gid=1711228390.1620650182&_r=1&gtm=2wg4s0MFPB9D&cd2=1724148818.1620650181&z=1828019436

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 10 May 2021 12:36:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-20141016-1&cid=1724148818.1620650181&jid=556586012&gjid=1945494130&_gid=1711228390.1620650182&_u=aHjAAAADQAAAAC~&z=1828264059

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 10 May 2021 12:36:22 GMT
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
117 B 30ms
29ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-20141016-1&cid=1724148818.1620650181&jid=556586012&_u=aHjAAAADQAAAAC~&z=595474297

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 May 2021 12:36:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 30ms
29ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-20141016-1&cid=1724148818.1620650181&jid=556586012&_u=aHjAAAADQAAAAC~&z=595474297

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://duo.com/labs/research/crxcavator-malvertising-2020
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 May 2021 12:36:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

184 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.duo.com/	1970-01-20 02:56:26	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.duo.com/	1970-01-20 02:56:26	Name: __insp_targlpt Value: U2VjdXJpdHkgcmVzZWFyY2hlcnMgcGFydG5lciB3aXRoIENocm9tZSB0byB0YWtlIGRvd24gYnJvd3NlciBleHRlbnNpb24gZnJhdWQgbmV0d29yayBhZmZlY3RpbmcgbWlsbGlvbnMgb2YgdXNlcnMuIHwgRHVvIFNlY3VyaXR5
.duo.com/	1970-01-20 02:56:26	Name: __insp_targlpu Value: aHR0cHM6Ly9kdW8uY29tL2xhYnMvcmVzZWFyY2gvY3J4Y2F2YXRvci1tYWx2ZXJ0aXNpbmctMjAyMA%3D%3D
.duo.com/	1970-01-20 02:56:26	Name: _biz_pendingA Value: %5B%5D
.duo.com/	1970-01-20 02:56:26	Name: __insp_nv Value: true
.duo.com/	1970-01-20 02:56:26	Name: __insp_wid Value: 679911470
.duo.com/	1970-01-20 02:56:26	Name: __insp_slim Value: 1620650182161
.duo.com/	1970-01-19 20:20:26	Name: _fbp Value: fb.1.1620650182063.1295366535

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://duo.com/site/themes/duo/js/build/production-2018.min.js?v=1615507511(Line 1) Message: Skipping WebGL fingerprinting because it is not supported in this browser

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.bizible.com
cdn.bizibly.com
cdn.inspectlet.com
connect.facebook.net
duo.com
fast.wistia.net
hn.inspectlet.com
j.6sc.co
metadata-static-files.sfo2.cdn.digitaloceanspaces.com
munchkin.marketo.net
pixel.quantserve.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
rules.quantcount.com
secure.adnxs.com
secure.quantserve.com
snap.licdn.com
stats.g.doubleclick.net
syndication.twitter.com
www.cisco.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
104.111.233.140
104.244.42.8
108.174.10.14
13.224.95.24
185.33.221.52
205.185.216.10
23.79.155.18
2600:9000:20e8:be00:6:44e3:f8c0:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::6816:39f5
2620:116:800d:21:36a9:ecb:e518:b308
2620:119:50e1:101::6cae:b25
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:802::200a
2a00:1450:4001:803::2003
2a00:1450:4001:808::200e
2a00:1450:4001:80f::2008
2a00:1450:4001:828::200e
2a00:1450:4001:831::2004
2a00:1450:400c:c08::9b
2a02:26f0:6c00:2a3::b33
2a02:26f0:6c00:2bd::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::622
3.222.61.237
68.232.35.12
00acedd785041957c2653165b6afbac86bf32a76b7c00ac237907c1d21c3c967
0aaf8fdc65024d83866292d64c2dd26ca82721abc20b77ba185519b5a1b9499e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
126efda5fb974d1c8ded33cd64fd11a5cfe7d2148cb7f9539493fdde7f0a36ae
1c089f77f3ddbfe385e7976439283a0c61ce2c9f89c30424d31901549150d82f
1d48d4cabc9c195baa08e42be70679688d706970ddd862bd91b857109d2a8874
20b11d2c0012e286c38350d6c9b2ba03341667d9bc7226bf526fb47e89668fd9
2210df28b3ed6e9d7b11b3550f5adb31b5b667bdba6f56348c3aee35dbf4b400
2261fa08f74a636e182fd5c158d9168262a90d726226c6ea76536ac78d5097e6
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
22f82c70a323ef6ed2c8981965a12aa369a6b7b91f90d33a016c59bd5e390f3f
248d1906c14fb77090eba53fc8b9caf1568b13ee0911203d7c0abcfaa963c40c
2bf364872a8874dcdee1e42fc37f32a3faf66867f53a5b948d8350825b2ff95f
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2d361a56342972b826a0cff4f25c9ed1ef87b1da21e1beaa9ccc0582595a1690
3183481f09352eade87e53d32ac3c1f6ab5b853e2b5bde4035834680b53d9299
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
38e7e40f686e91d031023a33128bc8688555e601828a1366fb30e14c434c24f6
3aeef4412cfb339fc9199f6bcad18c46bb7c0c77854171cb6ccf0a2bce35e565
3b25d93c9c709ddd09f2e02c075f8eb72bec69e54f63e11685e8354bcaebe870
4020c92ab065a96b8859d9912a78fa88a80eb5c07dd8ac2836369180b80c5fc2
5666e7b91a6e7eb1468e89d8102c57e0d1f3bfbd2a8ff3378f1af6b61fd94203
571468e1c6bf69b4d5676cbe9891daf1d343892baf2bc01e7794abe344f7b5e0
5c2556b8914bc72bd7dd9c0b71bb2c5213e25502d1c2230b3bbd8b0d0b4f69b0
5dc02d362c712a657f60913d6491d5d2807c8318e516175feaeb2c025a2be14c
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
63985b5d6182ed787cb906a6ecfac4c07d2f08780052072d50d4f9159aa7979f
676829f6bf31dc073e0c8ed6bf27a8197b6970441dee958d73982ffd2bc707f7
6db42b3cd9e93ca379f914c6612ed66097e027a352340d2a87c1a40dfc302d58
75b0193374d4cebff89c035cb232273506528a7f555a03f79fedcb42dfd4a0ee
76cb4ceac5ef2081cdf6aed29646ee2db982899de59a98cdf37e19a2f690b301
7746b9fe29ee184e99bc91d5155f4b98767ca1d5a8e360f33a44f89d569ca034
7f072dbb779b20cea6866f3f8d398af9cafe418e7e038aa0702feddf741f040c
8000d797097e74bfff377d2f3fca7e046ee4490ea4edb70c2c0b189575847629
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
90bc1e5f348c6b642ceeb047c69f316e6b69c0b1c2e613dc83a3504aae9b0448
916f6b800d64a69e5a8ffdaaa609f901835a1c807f4db1075a95ce2fb5351c1b
943396f964c45361640a73f15ddcd0bc88f81dac071e3960edb5fa51037d47f7
9975e97322342593bff471c165befc6fc7c07b8476f69b93b75244275acdc38d
99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1
9cf5b6b2c112942d664e9fb0fc7f18e994cfc4c91e9f1a7a04a2613f5812de1b
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a517525b8a7d39bcaf1cf5f9695c5be8fce7a6b920a3924c1a4f70e8ea748c05
ab041c9c625633155ea7f9eba22f96e40b4102c3286214e54c5a5d17e8c0bf78
af3d012217578f064770dc2e04fdc95e416f66d4145dade9cf7ba30cab07f42c
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b7124963fb4811be34358167d06f9680370906149be2c53cb822fdb20d688809
bbc8f5ea9a017d056d59d05362a785c8f2326d9248e2a549113917e4feb2f81f
c688dd2b43b7fe1c6dfab54e089139e1ba2a47953b36f8199c29583d665ec7fc
c6e046cd2e06bc320fd21c9e216209481c9f115a1ace68615dd0d6beb01ca354
c6f27f3115c72e3e3f02ab03dbc314905a55ba33b472e25d90c6ab3df4767f97
ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785
d004fa4c0706682f1f30d8375996f15b658e85a03d3f454c23c239a6f1db8c86
d0b1cb1455ecf8ab5a7eb203460cc7ff790df097c5907eb3d27ff7344282517e
d9218d98cd999ad151e3b5ff5e2d7021b93f1c806c49ffc1f60a3f476d64747e
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd7b5a7c36da7616975b166ddefdb90381de2346cd7c7999d69f69bd9395b8d0
ddec5ed21aeaaa2860f16721382ba5263eae2119d902ced9643fa078e59ee5b1
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e304e5cb25a306d0ca8e90e7cd3ea9826ac0c3d2d0111ab9ab3d28a7bd349618
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e49f0d22c978f1d7375982a28b5c2308cd45ad085a9a0b2c9c85bdadd51fb8a6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2e2befdc635bdfc136ab2c8c51def88023700d950d0d0b910f8bfc70ed08a6a
f5c678d1604399f9059a81566c2381b3e15b01e39aaef97e05b56a0998e985bb

duo.com Open in urlscan Pro 13.224.95.24 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

79 Requests

100 %HTTPS

68 %IPv6

24 Domains

31 Subdomains

26 IPs

4 Countries

2001 kBTransfer

5237 kBSize

8 Cookies

34 Outgoing links

Redirected requests

79 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

duo.com Open in urlscan Pro
13.224.95.24 Public Scan

Screenshot
Live screenshot

Full Image

79
Requests

100 %
HTTPS

68 %
IPv6

24
Domains

31
Subdomains

26
IPs

4
Countries

2001 kB
Transfer

5237 kB
Size

8
Cookies

79 HTTP transactions
0 data transactions