cyberscoop.com Open in urlscan Pro
13.249.91.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Submission: On October 29 via api (October 29th 2024, 2:13:51 am UTC) from TR — Scanned from US

Summary HTTP 126 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 29 IPs in 3 countries across 22 domains to perform 126 HTTP transactions. The main IP is 13.249.91.36, located in United States and belongs to AMAZON-02, US. The main domain is cyberscoop.com. The Cisco Umbrella rank of the primary domain is 473777.
TLS certificate: Issued by Amazon RSA 2048 M02 on December 21st 2023. Valid for: a year.

This is the only time cyberscoop.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	13.249.91.36 13.249.91.36	16509 (AMAZON-02) (AMAZON-02)
4	2600:141b:1c0... 2600:141b:1c00:8::1728:b330	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
22	142.250.65.194 142.250.65.194	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:89d1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:141b:1c0... 2600:141b:1c00:8::1728:b323	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2607:f8b0:400... 2607:f8b0:4006:80a::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4b8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9310	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.85.61.92 52.85.61.92	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
25	2607:f8b0:400... 2607:f8b0:4006:81f::2001	15169 (GOOGLE) (GOOGLE)
21	142.251.40.226 142.251.40.226	15169 (GOOGLE) (GOOGLE)
1	2600:141b:1c0... 2600:141b:1c00:6::17df:d10d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
1	108.138.106.101 108.138.106.101	16509 (AMAZON-02) (AMAZON-02)
1	18.164.101.60 18.164.101.60	16509 (AMAZON-02) (AMAZON-02)
2	31.13.80.12 31.13.80.12	32934 (FACEBOOK) (FACEBOOK)
3	2607:f8b0:400... 2607:f8b0:4006:81f::200e	15169 (GOOGLE) (GOOGLE)
1	162.159.140.229 162.159.140.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	34.194.161.83 34.194.161.83	14618 (AMAZON-AES) (AMAZON-AES)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.164.96.46 18.164.96.46	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f10... 2a03:2880:f10e:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	142.251.40.97 142.251.40.97	15169 (GOOGLE) (GOOGLE)
1	142.251.40.132 142.251.40.132	15169 (GOOGLE) (GOOGLE)
126	29

19 13.249.91.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-91-36.jfk52.r.cloudfront.net

cyberscoop.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:141b:1c00:8::1728:b330 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 142.250.65.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:89d1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:8::1728:b323 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80a::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4b8e (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9310 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.61.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-92.ewr53.r.cloudfront.net

wp-tts-cdn.api.scpnewsgrp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2607:f8b0:4006:81f::2001 (United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 142.251.40.226 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:6::17df:d10d (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.106.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-101.jfk50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.101.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-101-60.jfk50.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.13.80.12 (Toronto, Canada)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-yyz1.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81f::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.140.229 (None, )

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.194.161.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-161-83.compute-1.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.96.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-46.jfk50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f10e:83:face:b00c:0:25de (Toronto, Canada)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.97 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.132 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	googlesyndication.com 2051d403cf1e3e14dd99515bd9d57cdb.safeframe.googlesyndication.com Failed tpc.googlesyndication.com — Cisco Umbrella Rank: 163 pagead2.googlesyndication.com — Cisco Umbrella Rank: 116	934 KB
22	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 215	266 KB
19	cyberscoop.com cyberscoop.com — Cisco Umbrella Rank: 473777	181 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 321 www.linkedin.com — Cisco Umbrella Rank: 646 px4.ads.linkedin.com — Cisco Umbrella Rank: 6828	4 KB
5	typekit.net use.typekit.net — Cisco Umbrella Rank: 455 p.typekit.net — Cisco Umbrella Rank: 561	211 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34	21 KB
3	hubspot.com api.hubspot.com — Cisco Umbrella Rank: 5132 track.hubspot.com — Cisco Umbrella Rank: 2324	2 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	73 KB
2	parsely.com cdn.parsely.com — Cisco Umbrella Rank: 3432 p1.parsely.com — Cisco Umbrella Rank: 2332	22 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 877 script.hotjar.com — Cisco Umbrella Rank: 1177	61 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	194 KB
1	google.com www.google.com — Cisco Umbrella Rank: 3
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 962	392 B
1	t.co t.co — Cisco Umbrella Rank: 859	626 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 960	16 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 784	14 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2172	26 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5048	26 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2191	25 KB
1	scpnewsgrp.com wp-tts-cdn.api.scpnewsgrp.com Failed
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2500	961 B
126	22

	Domain	Requested by
26	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
22	securepubads.g.doubleclick.net	cyberscoop.com securepubads.g.doubleclick.net pagead2.googlesyndication.com
21	pagead2.googlesyndication.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
19	cyberscoop.com	cyberscoop.com
5	px.ads.linkedin.com	3 redirects snap.licdn.com
4	use.typekit.net	cyberscoop.com use.typekit.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.facebook.com	cyberscoop.com
2	connect.facebook.net	cyberscoop.com connect.facebook.net
2	api.hubspot.com	js.usemessages.com
2	www.googletagmanager.com	cyberscoop.com www.googletagmanager.com
1	www.google.com	tpc.googlesyndication.com
1	track.hubspot.com
1	script.hotjar.com	static.hotjar.com
1	px4.ads.linkedin.com	cyberscoop.com
1	www.linkedin.com	1 redirects
1	p1.parsely.com	cyberscoop.com
1	analytics.twitter.com	cyberscoop.com
1	t.co	cyberscoop.com
1	cdn.parsely.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	wp-tts-cdn.api.scpnewsgrp.com	cyberscoop.com
1	p.typekit.net	use.typekit.net
1	js.hs-scripts.com	cyberscoop.com
0	2051d403cf1e3e14dd99515bd9d57cdb.safeframe.googlesyndication.com Failed	securepubads.g.doubleclick.net
126	30

This site contains links to these domains. Also see Links.

Domain
aiscoop.com
www.fedscoop.com
defensescoop.com
statescoop.com
edscoop.com
scoopnewsgroup.com
operation-magnus.com
flare.io
www.facebook.com
www.linkedin.com
twitter.com
www.instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
aiscoop.com Amazon RSA 2048 M02	`2023-12-21` - `2025-01-18`	a year	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-27` - `2025-09-27`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
hs-scripts.com WE1	`2024-09-26` - `2024-12-25`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
hs-analytics.net WE1	`2024-10-07` - `2025-01-05`	3 months	crt.sh
usemessages.com WE1	`2024-10-06` - `2025-01-04`	3 months	crt.sh
hs-banner.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
wp-tts-cdn.api.scpnewsgrp.com Amazon RSA 2048 M03	`2024-10-01` - `2025-10-30`	a year	crt.sh
hubspot.com WE1	`2024-10-03` - `2025-01-01`	3 months	crt.sh
tpc.googlesyndication.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
*.parsely.com Amazon RSA 2048 M03	`2024-04-05` - `2025-05-04`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-08-07` - `2024-11-05`	3 months	crt.sh
t.co E5	`2024-09-28` - `2024-12-27`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-07` - `2025-10-06`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
*.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Frame ID: 4ADA9C444B04F82C094705B6FFA69710
Requests: 60 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 078844C40B984F13F7D9B2EC9444D500
Requests: 1 HTTP requests in this frame

Frame: https://2051d403cf1e3e14dd99515bd9d57cdb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F52034C51C26C3334474E8A039CDC573
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu4gY3Th1xYZn55lOfCaY_SHaigJ1ouUR4ov-enQSEAxt2tXMc8L9b6-hrHYuGURX5hejBXLOtCJsLPEuChpbEdo-I3MjyQBzTJyIEBs7hBMkurgj3LE3xwZBevisHvtM2eFS5lxuhGe128SUk09VcQU3NEALBvGxkzOiMtjw_Uke9Y98O6cijsPnkdNm6ws4XC-13o0Hs-YYvk9aVI2NYwx0dSxNU17NY3jjG5svlkVzyqchScOYDm_hKdDgpUhyeXWRfay2zsKrZSfbs9aeK_DwZl2FLYPGTvKuTgB-vdC69YDzOY5qVZSyU9jV8-qRhOXaE4o0qkbnjeKDY5L2b1Qu3QvOgX2YhjR1FpkLbtN6Lg8wKhJtxsQZRUVNrvJqi6AX6Cilj-QZZ0Fg&sai=AMfl-YReTdGI23KZx7pTIIrKjz_kVuMSrEy3IRFXuabu1Q9yAtDLX0U9fMBGVQCiqcrDrWEUBzlP6ubxQYIjtEkT_WsvDWUHMt2OByM1ChZX2Xp_4guuXV7gS9zrccF4MfrBzT2EXOrDdLioTmRU_0Qv&sig=Cg0ArKJSzALzH_k3WcadEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 5B50D6E91B0B8E653E2212C253BDE4EE
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRwagX5DwujonXLiESmhZXgNaAA0jKBi15qgLgGc-PUYtLQyOWBQCu8J5EyXIUXbreHZLXcr-sBpL3bINRWaY-L66GPv8M_HT61F6FWsFExfprz_XVdH-a8eOzEjleqt15jzW9uyDkCy0R57i1tg9JDWn_w7P2F4CQBU1WCU6nmNdExvZRxnTSuSPPaoUqPdx3oLlzASpGGufOqmNsCb24N_k83PSUHxq24eNykAQ-3frdVw8s-CwVcqf6xvZj6vPlM_37-BIOjSZlHVy_zM-Wj1-2nT89H1zGy1W_NSfgwo0HJfcnhDaMN4PoaKBKB1W4zkmOtpxR8Z7otz6wIhYjlt8pdOhY-FkdxPBAk20caZ-ZhWh_MioCf8BTXNV19AgZN4DUdNtfBow&sai=AMfl-YRLE6A_S-6YTEjrcbBPFgra7AMe9Q7pb9tDFOCJQHflOgZtJRDdzzoFdpzQS7jH_LxSb0H6Yx2IsjPXJygoZYLEVBeg04gP6dWVZbNw05IjvGb8U_AT_t5sMZouwPVdQoWtrJ-zynLRB_AtwBHMgg&sig=Cg0ArKJSzLWIvt_AXdKfEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: D59D4BBD85FE075DD6D811604FEC1D58
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssXbyxs3papYjDErmBN05F8oK568mnSygBpmuIRFO_TuRlrIPufPivrC80fS8J5EbNx1EFfJqlDdZuvfNCsuIBD2uEqmj9bP-6r4tls3hLuhULMG9xJjoxDiaH68b49Vp1Syc6YAvLROk97MZu_8lbcvtuHx8pBL5mWVJXjx4GnoA0C5xUCucUmhBiBHLX20CjNfyEJ-Uj56Ms3OpbIQl6vAvkyKD-FEOZquR0Nr_TrbUfiT0Za1-9XOkfEy6brFi9WGoZG4kNZ01v-1ZF_Zhg1wUl_1jVOZQ7XFzoMFPgb3YdpSSOKwiceOkOCgbOBpoTQldm2sp3RjtC7lB3meZOUF9OCvFPdt0l-BkhKvBtHCaUd0s_yPugTgApi4wIvOZiVG8lLmKgcm4el8agzg-djOQ&sai=AMfl-YQN9YC4W9XdsTr6jGKJajU9i5kVLsabX7BkyuQd1DJGZ3CE2o7nYaq42TaXQEijdfn9sj0mSpmYnQHOFXAdmwnLSLsB9SMyj-BIXpbgteNyl2Dx9iOdx9rR7cLM-cmdgfKrsxDGria6lffHlg80dA&sig=Cg0ArKJSzO3txybNP31mEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 5208B7841D46DE3C09CDE4E35A7C8D8F
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPNgkFyQPQMqtjGmSA6YoL3MF5eOqudvlXRpNAd8QA9EwUfnSoMJMiH8UddSvi3yUIHuEoarti74pFXNFxS-V3XMhTkpGwZ8KjL20oie42VGEOV8KYCi00fVMRRfbXzfoK9siHGXF54u96g_p-NgvwAbroMmMdZH9ZaKjbyadtfMlxRiCZ7gwdqt94oG3ofDKBHvGc-prgPVT4wWs8Y4cBEpOgoK_R7ymAOZqzzo6KrHyVu9gVj2JWaKcusTS7E1raCZ8yU7ayWct8eWEiiKYskxx6cp1_8PvYd21WYONDUlqQufS7uy04pPmOXV2QpGMkSPcb6pD4YqtTAxSRcOPslDBFFdpkPMQEcK6iWsc0gp8z3FmsbqyKNAtVOJ_iagbE1AqW8hplbT0VGi_2RK2JPg&sai=AMfl-YTu5zlOsD9eLRwFLVwf8pe8KbcSr5T8NjhoLSUdkfrc9gfsjJ8xum-aS80SEUEHHQtvuXOvk8siah8CSKNqS0Mm4ZoU8PylaCF8wOvq_RejpwzHAMjP1jlfA9idwfgUGfmap9m2RExyIDOLC8J3bg&sig=Cg0ArKJSzFRExKrgjgamEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: A1BA25791B2E95DDAE1EEA458ED2FC53
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuDYehXKqfVJHrAN56LjS8UoEwur5oTvt7ADo2-pZBksHW2QINcO7svSG7h1zWTDhA_uxZ9refQpV3-8x74Djo2i3nhQuvicfSWfnB7C7XPOi1eGhttlzb4W4RHCNI7oRu4fPvVeLVoTv-dOjSxhKYYgoA9RdYI_gSW_q9k8cOcV4MGB_QzCUjsQRhRJP3V3m7-nKL1hio2vbzQYyFsXOuFrhSUx1u6hd-tYMlBsrnS1O31X2KkgVXuTIF-YAkiCgU2b-Wf3xI0n6HWj653291QQ-UWKTlPWoeJo1go_EyQ6tcqoEuIACLMBe-ZFejNvG1-zK63mL4sK-oWWXKRabU4t4NsEo42M0i8CIajQbfFHLvYr7iS3RXMNP0xR20rhHPM_B4QFrqdwUNjLi4vtMKS_A&sai=AMfl-YSqMW64nh85Ghor4_P20aY7MB9ppJyfD_qkbd93LCnw0LeofkN5QeHwXIoZ3y3sxkrEHDkophO57qXd8DX4X7xp_9uoGr3zaWxWV6ructyMZvJxmCZcwKZB9YAq1S_No3r9UOGPi0WnzDxshTw7qw&sig=Cg0ArKJSzIgHaaSO3--bEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: D512BE5AAFA97AB33B56E00378D68855
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstxh40J91EB_h5Jbkzi2uCqyKUjAq81H5szJIalDUbdDoeSULW7UU_4m20XsbSGmaCmktFmLoDYmKoqBI9Asf_dl2DjCWXnMeVIhYqkmMa_YHfyGy5Kw72MzmUYWM2k2b4SigHQpERBNckK2Mm12e4L-Nv_vqkplP7O4yvZpBVyt1hmU199FGBGBpvwvkFG-UpZPyhxvoaBZtv4W6Q3EvLkMqSCIt-0AI1vpkd6qK0PcSY1mq92kv9EmnoGVJ9o1ON1vOu8ENCgNk4NworbiCGqSijxqQ6dbyzxNU0NAf2b-4BpC7FnZeH9Dfm_mwO6wMczAKs-LfHLzbTunfJBKgAQCboWAJcMZT94lCv2_Em02ZP-rbYTNCPtI5Co2_hgn3AgHbqJ6i9TEnnYmPw0ym14nA&sai=AMfl-YQV_gV6uLYWUJZLmmc2PHgP2TwOCEPNWOdMWQa7XL8yFraxnlbVYI5fmGR-vhTuaHhYgXxoozpDGdABZh-Z2QuynCX0ngHKB3emBiddJPVbSbaTV4ri5vQmnPQzNmLo34skItyBQjWbavdU-6uo2Q&sig=Cg0ArKJSzDe_4sX58OkhEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: D3AA268940FB19122712BFB0B4D64A89
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudq6u23ovXFGSkali3BFxtkh3Avz0Cbwui3saC-3fQaEc5TimUZ5n-emNDdtgPpyq7MtJ3gKQX0faNRig05dWfFz_0g5OZSeKYm4EQH7uG5xqyrBS2bwdClUcLNzC3CIMfOxFtQLywjzPRTpfrOaTX4dsHj4qhE8QBM1fYIVottqYeOQ8BjjXXG9WxO9mktAkztq_z1DczjcuPVTxPRB-xTX5CuGmHiY5Bj1LN5QyO8fNeRe_5IgE5FGdyLf6UCiupk4DN03EpfJ1-NIHF-40ctfN55CJmNsmlxcAlf0GVEv-JwVCnIljXPo7SonimheztJ6fdYPB_kK5nNpdFMHjF4AKvOgQOkHRRK8KUziBV4BXxRbhYjgSow4yc3c9-4Fiaz57W7UI7yDmWvo43lA&sai=AMfl-YQSWfz7XGhljrFutGaAVrUh2NX0lKR586IqtKxU8xQaNDw5vGENSohqa3YFNIc7W-2muWstKmQ6tP2YYDS0by7b_wzDAodPbgOFYl4GCCpANDoXYql6vnPeAJ4cZjTEEmJLgNEp10HRvejZW_dy_w&sig=Cg0ArKJSzBijh11D7SCnEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: BE3CB77D1A2431E72AA4F80A0DC38403
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssiSkQCEO9vek4TgVa7Qk146g1qfpmNTjDdgasXZsqKElzzGOGTNwRw4N28awnOR5-O43xfzdl25DRlBfYtZhjbMu5y0nxwNHHBolyHkaFZQFVwQRtnV9WcrwmFwOOGTfcqdOqEArPngm2fqzkMmVDPTBBsKZtBfCFEcxWFnqynjiOBQ5kcDpDM4Hmh-sGzZgUPAwn7EbPYRhkfqqIsG5WWupj2pPZFDmRQxedN2uq7PTO-z94aTkeLCN4Feygaud4ynNQfzUVJ5BAgYV9qHWF7rDzf7qI39tpaQFjRwbocvROH2Jjva0TYSQDs4Q2rX3o47EuTuLjJnx1hsSBv4uQJ0sMtdDS5VCTJkxo3x7kJjbUtcpUEJIdRNnsObpgySZm4NAUpmBXP-ZvKWCfnRw&sai=AMfl-YTKkvh68Px91R7Ybm4G5vFw-6jSow6XZEQDeMDB9hKfsiuOYphEE9YwUFpHscyGvgz2Wx94YbosUZThz2kroccOPHfaY4Z3FwK4h9CsHjM_3pvpyP7RwLnO6oe71rRh6aAatfEJiZBv24FH14goQw&sig=Cg0ArKJSzFr2WWFqt7wrEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 746C76F07DBFC4F9CFA73C2DB07BF497
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html
Frame ID: FDC7253DA26E7DD4D8995561AE74B836
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CF366B0DDBCA9ED7C43EAFD6847CFF7B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Operation Magnus targets Redline, Meta infostealers | CyberScoop

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

126
Requests

96 %
HTTPS

46 %
IPv6

22
Domains

30
Subdomains

29
IPs

3
Countries

2081 kB
Transfer

6544 kB
Size

29
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://aiscoop.com/
Title: AIScoop

Search URL Search Domain Scan URL

URL: https://www.fedscoop.com/
Title: FedScoop

Search URL Search Domain Scan URL

URL: https://defensescoop.com/
Title: DefenseScoop

Search URL Search Domain Scan URL

URL: https://statescoop.com/
Title: StateScoop

Search URL Search Domain Scan URL

URL: https://edscoop.com/
Title: EdScoop

Search URL Search Domain Scan URL

URL: https://scoopnewsgroup.com/oursolutions/
Title: Advertise

Search URL Search Domain Scan URL

URL: https://operation-magnus.com/
Title: website

Search URL Search Domain Scan URL

URL: https://flare.io/learn/resources/blog/redline-stealer-malware/
Title: which first appeared in 2020

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/cws/share?url=https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Title: Twitter

Search URL Search Domain Scan URL

URL: https://scoopnewsgroup.com/

Search URL Search Domain Scan URL

URL: https://www.fedscoop.com/wp-content/uploads/sites/5/2022/11/SNG_AdSpecs.pdf
Title: Ad specs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/cyberscoop
Title: FB

Search URL Search Domain Scan URL

URL: https://twitter.com/cyberscoopnews
Title: TW

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/4847467
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cyberscoopnews
Title: IG

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@cyberscoop_sng
Title: YT

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 116

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1730168026318&li_adsId=49192ee6-e20b-4b61-9e57-fe70b81e40ac&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1730168026318&li_adsId=49192ee6-e20b-4b61-9e57-fe70b81e40ac&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D50036%26time%3D1730168026318%26li_adsId%3D49192ee6-e20b-4b61-9e57-fe70b81e40ac%26url%3Dhttps%253A%252F%252Fcyberscoop.com%252Fredline-meta-operation-magnus-infostealers%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1730168026318&li_adsId=49192ee6-e20b-4b61-9e57-fe70b81e40ac&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1730168026318&li_adsId=49192ee6-e20b-4b61-9e57-fe70b81e40ac&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&cookiesTest=true&liSync=true&e_ipv6=AQKy9TNEOCKXMQAAAZLWDPcR6i75UTDReRf87prEdUdSsn3-vVc5FzJ8LtceMKf_12RfkMk

126 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
cyberscoop.com/redline-meta-operation-magnus-infostealers/ 108 KB
23 KB 219ms
75ms Document
text/html 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.249.91.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-249-91-36.jfk52.r.cloudfront.net

Software

nginx / WordPress VIP <https://wpvip.com>

Resource Hash

9e565e0de0bd4db6685b59300a46bbb0493321b5f859cb85f324f378ac6ff048

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
cache-control: max-age=300, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 29 Oct 2024 02:13:44 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://cyberscoop.com/wp-json/>; rel="https://api.w.org/" <https://cyberscoop.com/wp-json/wp/v2/posts/82308>; rel="alternate"; title="JSON"; type="application/json" <https://cyberscoop.com/?p=82308>; rel=shortlink
server: nginx
vary: Accept-Encoding
via: 1.1 83e921b0368805d97d43167d106203f2.cloudfront.net (CloudFront)
x-amz-cf-id: NJ2DyWqQ5ii8usg9aGy9tjlP2Nd_Ss9yToTDZWF2uS8MXcHZBi3GfQ==
x-amz-cf-pop: JFK52-P9
x-cache: Miss from cloudfront
x-distributor: yes
x-frame-options: SAMEORIGIN
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: dca5 96 185 443

GET
H2 200 style.min.css
cyberscoop.com/wp-includes/css/dist/block-library/ 110 KB
15 KB 97ms
93ms Stylesheet
text/css 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cyberscoop.com/wp-includes/css/dist/block-library/style.min.css?m=1729616464g
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: fb3a89cc6347e098063bd15f285bc90411846ddce6f17812364feedab67a67f5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Response headers

content-encoding: br
etag: W/"6717da50-1b72b"
age: 535866
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: CP0VHEE_R7RhKQiY2a3xBVNKE4Pfh_4bo1Q3XcSTvml0s3glGuqdrA==
date: Tue, 22 Oct 2024 21:22:38 GMT
content-type: text/css
last-modified: Tue, 22 Oct 2024 17:01:04 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
x-rq: dca5 96 185 443
via: 1.1 83e921b0368805d97d43167d106203f2.cloudfront.net (CloudFront)
accept-ranges: bytes
x-amz-cf-pop: JFK52-P9
server: nginx

GET
H2 200 related-posts-block-styles.min.css
cyberscoop.com/wp-content/mu-plugins/search/elasticpress/dist/css/ 222 B
590 B 98ms
94ms Stylesheet
text/css 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cyberscoop.com/wp-content/mu-plugins/search/elasticpress/dist/css/related-posts-block-styles.min.css?m=1728928671g
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: 9790593b4acafa770479511a888914881594976c5dcad980c82e781c5625ff44

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Response headers

cache-control: max-age=31536000
x-rq: dca5 96 185 443
etag: "670d5b9f-de"
age: 1164931
via: 1.1 83e921b0368805d97d43167d106203f2.cloudfront.net (CloudFront)
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 222
x-amz-cf-id: idR-UbVHgMKOv3tYgyHUTKQNsLIwiQJ4JlRbEwX3GPaFBp7ZNwWjWw==
date: Tue, 15 Oct 2024 14:38:13 GMT
content-type: text/css
last-modified: Mon, 14 Oct 2024 17:57:51 GMT
server: nginx
x-amz-cf-pop: JFK52-P9

GET
H2 200 frontend.css
cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/ 157 KB
23 KB 137ms
134ms Stylesheet
text/css 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: 96c381ae313ee177decfede923c9c9df7dd2a75c843fdfdc9d101b7977a1c3be

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Response headers

content-encoding: br
etag: W/"6710066f-272d4"
age: 1064249
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: RFpbt5T0qpB49GcHJfurxXnYqNZIx0xtpILPkgnbM6zA2ykd_KKLew==
date: Wed, 16 Oct 2024 18:36:15 GMT
content-type: text/css
last-modified: Wed, 16 Oct 2024 18:31:11 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
x-rq: dca5 96 185 443
via: 1.1 83e921b0368805d97d43167d106203f2.cloudfront.net (CloudFront)
accept-ranges: bytes
x-amz-cf-pop: JFK52-P9
server: nginx

GET
H2 200 itk2qbh.css
use.typekit.net/ 10 KB
1 KB 290ms
77ms Stylesheet
text/css 2600:141b:1c00:8::1728:b330
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/itk2qbh.css?ver=ada0ad45b21fc79c6694

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b330 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

abb51a752ad668d521944d425ca58cb18cceb95a60217a846bb5555418056dc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-encoding: gzip
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1222
date: Tue, 29 Oct 2024 02:13:44 GMT
content-type: text/css;charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H2 200 / Show response
cyberscoop.com/_static/ 99 KB
35 KB 99ms
97ms Script
application/javascript 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cyberscoop.com/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraG5kaWZoZmJmWkWAK+eIic=
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: ecf7723a32533007ede558c546fc8ba30f508283223b6e7f49c297b7c63c8b50

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Response headers

cache-control: max-age=31536000
content-encoding: br
x-rq: dca5 96 184 443
age: 535877
via: 1.1 83e921b0368805d97d43167d106203f2.cloudfront.net (CloudFront)
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: MA_l1IKWWLw1fWzpCL9jKCAEe6dLzr4WYgB-OWvEGzt3QtZR2hMfJQ==
date: Tue, 22 Oct 2024 21:22:27 GMT
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 17:01:05 GMT
server: nginx
x-amz-cf-pop: JFK52-P9
vary: Accept-Encoding

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 105 KB
33 KB 223ms
87ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

eadbfc5822a0575f4d0dc347dcfcbe45448ff075d83e3128e22a1a5c94d4a522

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 609 / 20025 / 31088507 / config-hash: 2236221321831937089
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:13:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 29 Oct 2024 02:13:44 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33615
x-xss-protection: 0
server: cafe

GET
H2 200 logo-cyber.svg
cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/ 2 KB
1 KB 172ms
170ms Image
image/svg+xml 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/logo-cyber.svg
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: b730a71a7f937b52bb8328c363a9074d3d1e7ae259f2a0b44784ccf97def2e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Response headers

cache-control: max-age=300, must-revalidate
content-encoding: br
x-rq: dca5 96 184 443
etag: W/"6710066f-8a8"
via: 1.1 83e921b0368805d97d43167d106203f2.cloudfront.net (CloudFront)
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: wQa0FnZ7ZW8msCdcanmbJWKlymShIRnizwbxtKlIBjQE37SAvKOwLg==
date: Tue, 29 Oct 2024 02:13:44 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Oct 2024 18:31:11 GMT
server: nginx
x-amz-cf-pop: JFK52-P9
vary: Accept-Encoding

GET
H2 200 mpv-shot0002.jpg
cyberscoop.com/wp-content/uploads/sites/3/2024/10/ 42 KB
43 KB 78ms
77ms Image
image/webp 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cyberscoop.com/wp-content/uploads/sites/3/2024/10/mpv-shot0002.jpg?resize=1200,675
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: ac46e86a099205af7f1368b8402169cd7b822e60251c4d80187271472c9d911e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Response headers

cache-control: max-age=31536000
x-rq: dca5 98 226 443
etag: "eb5e5b0187c6e1ba"
age: 29351
via: 1.1 83e921b0368805d97d43167d106203f2.cloudfront.net (CloudFront)
accept-ranges: bytes, bytes
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 43400
x-amz-cf-id: mm0GKbfIXHcdEsbwzhKuxUMEqZ91Ma75eUxdUbu7qDQikc_FONTnuw==
date: Mon, 28 Oct 2024 18:04:33 GMT
content-type: image/webp
last-modified: Mon, 28 Oct 2024 18:04:33 GMT
server: nginx
x-amz-cf-pop: JFK52-P9

GET
H2 200 6E1F5D43-D831-48E2-AFF4-867EB19ECF2D_1_201_a.jpeg
cyberscoop.com/wp-content/uploads/sites/3/2022/10/ 8 KB
9 KB 144ms
143ms Image
image/webp 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cyberscoop.com/wp-content/uploads/sites/3/2022/10/6E1F5D43-D831-48E2-AFF4-867EB19ECF2D_1_201_a.jpeg?w=150&h=150&crop=1
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: cfb128a65727938fcfde36e35f43732ffd2d9889acbfd5e1c35a48f21a33c780

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Response headers

cache-control: max-age=31536000
x-rq: dca5 98 226 443
etag: "720f30dcf0e9094f"
age: 4110328
via: 1.1 83e921b0368805d97d43167d106203f2.cloudfront.net (CloudFront)
accept-ranges: bytes, bytes
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 8676
x-amz-cf-id: LkdZgt7XPijdSisJaErWq2YnlR7CDj-ZslPvGuN7y1GSXCG7ZVo7vQ==
date: Wed, 11 Sep 2024 12:28:16 GMT
content-type: image/webp
last-modified: Tue, 23 Jul 2024 13:58:47 GMT
server: nginx
x-amz-cf-pop: JFK52-P9

GET aef2a7cb-be81-494b-b7de-fe64fee78d79
https://cyberscoop.com/ Frame 0
0

GET
H3 200 logo-sng.svg
cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/images/ 6 KB
2 KB 79ms
79ms Image
image/svg+xml 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/images/logo-sng.svg
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: 4e778181b46a001341499372efbad4f99a18674bce73c33dfd5021af138c1e8b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Response headers

cache-control: max-age=300, must-revalidate
content-encoding: br
x-rq: dca5 96 184 443
etag: W/"6710066f-160e"
via: 1.1 0872a9ea1fab6d5bf06432bb20551d5c.cloudfront.net (CloudFront)
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: hS5SMoxwlGA74G_fMLtmjfNyN95cuaH3wkB4UEOba_gOi5twsIRE1g==
date: Tue, 29 Oct 2024 02:13:44 GMT
content-type: image/svg+xml
x-amz-cf-pop: JFK52-P9
server: nginx
last-modified: Wed, 16 Oct 2024 18:31:11 GMT
vary: Accept-Encoding

GET
H3 200 / Show response
cyberscoop.com/_static/ 56 KB
19 KB 63ms
63ms Script
application/javascript 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cyberscoop.com/_static/??-eJx9jUEKwjAQRS9kOlQ04kI8S2imbUIyCTMZirc3FgQX6vLz3uPDVs1UqCE1qEmXQALOG8aZUdYdcUnggzSIAjPvrh+iHKCngaakHuXFlDyyTIVxyIG+GX1qC+kTv7/birlLPS+VcJOFi9aft/+rHjj1oZia3AO5R/d8Gy/Hqx3tyZ7jEyeZWvQ=
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: a9d9027e9f6ba3ce34044bfb77f27caa9842de4b9e61b711b9a80244a5c24bb1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Response headers

cache-control: max-age=31536000
content-encoding: br
x-rq: dca5 96 185 443
age: 535518
via: 1.1 0872a9ea1fab6d5bf06432bb20551d5c.cloudfront.net (CloudFront)
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 4GK6YSUggmvkqIt9vjrHeR0AfVBwsFZ6ifT6cqJufmE4BCxxbkZv3A==
date: Tue, 22 Oct 2024 21:28:26 GMT
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 17:01:05 GMT
server: nginx
x-amz-cf-pop: JFK52-P9
vary: Accept-Encoding

GET
H2 200 2153467.js Show response
js.hs-scripts.com/ 1 KB
961 B 127ms
48ms Script
application/javascript 2606:4700::6810:89d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/2153467.js

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:89d1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c4a73ace7ab090207b86cd722e25bbaf498e8ab9559e22f98fe574ef3a187b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
age: 88
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:15:14 GMT
date: Tue, 29 Oct 2024 02:13:44 GMT
x-hubspot-correlation-id: f227b372-dcd5-4a17-b625-252160882e3f
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Tue, 29 Oct 2024 02:11:17 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8d9fa5e9ec0f7428-MIA
accept-ranges: bytes
access-control-allow-origin: https://defensescoop.com
content-length: 589
server: cloudflare

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 287ms
63ms Stylesheet
text/css 2600:141b:1c00:8::1728:b323
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=itk2qbh&ht=tk&f=9871.9872.9874.14602.24539.24540.24547.24548.14032.14033.14034.14035.29382.29383&a=95056288&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/itk2qbh.css?ver=ada0ad45b21fc79c6694
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b323 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://use.typekit.net/

Response headers

cache-control: public, max-age=604800
etag: "65edab1d-5"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5
date: Tue, 29 Oct 2024 02:13:44 GMT
content-type: text/css
last-modified: Sun, 10 Mar 2024 12:44:13 GMT
server: nginx

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/ 483 KB
150 KB 61ms
60ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

346c66e4f479f4a17ed1401f493c41c4c36b694580749098da5224e7707ed994

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 2396380646379452942
age: 2700
x-content-type-options: nosniff
expires: Wed, 29 Oct 2025 01:28:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 29 Oct 2024 01:28:44 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 153075
x-xss-protection: 0
server: cafe

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 81 B
87 B 89ms
88ms XHR
application/json 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

f1ad69380b409c299d3e0066666f1ad3d47377e8577b618048db4e6bafb05978

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:13:44 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 63
date: Tue, 29 Oct 2024 02:13:44 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 266 KB
93 KB 361ms
82ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d79d7cc1f37cfaff00c38822e88261a79a4b61ca5f57e5f39c4887d43c840381

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Tue, 29 Oct 2024 02:13:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:13:45 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 00:43:33 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 94165
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 0788 0
0 293ms
60ms Document
text/html 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2242
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 29488
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 29 Oct 2024 01:36:23 GMT
expires: Tue, 29 Oct 2024 02:26:23 GMT
last-modified: Mon, 28 Oct 2024 19:44:21 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 700 KB
61 KB 162ms
162ms Fetch
text/plain 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3579344836361057&correlator=2231313069316749&eid=31088507%2C31065645%2C31084739%2C31087491%2C95340252%2C95340254&output=ldjh&gdfp_req=1&vrg=202410280101&ptt=17&impl=fifs&iu_parts=18430785%2Csng_cyberscoop%2Cap_top%2Cap_rightrail_1%2Cap_rightrail_2%2Cap_rightrail_3%2Cap_rightrail_4%2Cap_bottom%2Cap_inline_1%2Cap_inline_2%2Cap_inline_3%2Cap_inline_4&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5%2C%2F0%2F1%2F6%2C%2F0%2F1%2F7%2C%2F0%2F1%2F8%2C%2F0%2F1%2F9%2C%2F0%2F1%2F10%2C%2F0%2F1%2F11&prev_iu_szs=970x250%7C728x90%7C970x90%2C300x250%2C300x250%7C300x600%2C300x250%7C300x600%2C300x250%7C300x600%2C728x90%7C970x90%2C728x90%2C728x90%2C728x90%2C728x90&ifi=1&didk=4098715859~697783029~697783030~697783031~697783032~1941297579~450479221~450479210~450479211~450479208&sfv=1-0-40&sc=1&lrm=200&cookie_enabled=1&abxe=1&dt=1730168025137&lmt=1730168025&adxs=315%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adys=149%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&vis=1&psz=1472x250%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&msz=970x0%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&fws=4%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2&ohw=1600%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&td=1&tan=64adfd26-c2e0-44c2-9f70-1bd63602680a%2C64adfd26-c2e0-44c2-9f70-1bd63602680b%2C64adfd26-c2e0-44c2-9f70-1bd63602680c%2C64adfd26-c2e0-44c2-9f70-1bd63602680d%2C64adfd26-c2e0-44c2-9f70-1bd63602680e%2C64adfd26-c2e0-44c2-9f70-1bd63602680f%2C64adfd26-c2e0-44c2-9f70-1bd636026810%2C64adfd26-c2e0-44c2-9f70-1bd636026811%2C64adfd26-c2e0-44c2-9f70-1bd636026812%2C64adfd26-c2e0-44c2-9f70-1bd636026813&tdf=2&topics=9&tps=9&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1730168024265&idt=792&prev_scp=pos%3Dtop%7Cpos%3Drightrail_1%7Cpos%3Drightrail_2%7Cpos%3Drightrail_3%7Cpos%3Drightrail_4%7Cpos%3Dbottom%7Cpos%3Dinline_1%7Cpos%3Dinline_1%7Cpos%3Dinline_1%7Cpos%3Dinline_1&cust_params=category%3Dcybercrime%252Ccybersecurity%252Cgovernment%252Cthreats%26tags%3Dcybercrime%252Cdutch-national-police%252Cfbi-2%252Cfbi%252Cirs-ci%252Cmalware%26author%3Dcvasquez%26environment%3Dproduction%26page_type%3Darticle%26path%3D%252Fredline-meta-operation-magnus-infostealers%252F%26host%3Dcyberscoop.com%26postId%3D82308&adks=1951456962%2C4107124343%2C4015763869%2C4220772384%2C3445260293%2C564576029%2C1365302924%2C1902044552%2C2608348809%2C4241426517&frm=20&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

f57248a530cebee0ff63eabbd0128871e70a79246681fcf083c016f4050d4e90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
google-lineitem-id: 6731069964,6731069964,6733147567,6733147567,6807049853,6733147567,6807049853,6733147567,6807049853,6733147567
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2,-2,-2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 29 Oct 2024 02:13:45 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: 138488519116,138488519122,138485396391,138485396475,138493800667,138485670380,138493800691,138485670842,138493800655,138485670401
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://cyberscoop.com
content-length: 62355
x-xss-protection: 0
server: cafe

GET container.html
2051d403cf1e3e14dd99515bd9d57cdb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F520 0
0

GET
H3 200 pattern.svg
cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/ 299 B
610 B 74ms
73ms Image
image/svg+xml 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/pattern.svg
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: 3f43be92fe63af3e20c741cb5ef9fbcbe742bf78b6aafe693f31ed9720289d29

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g

Response headers

cache-control: max-age=300, must-revalidate
x-rq: dca5 96 184 443
etag: "6710066f-12b"
age: 269
via: 1.1 0872a9ea1fab6d5bf06432bb20551d5c.cloudfront.net (CloudFront)
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 299
x-amz-cf-id: U922RtzNxun5d-WQB8Bj5xvB_8zHuDeoxZCEaxCaX_Ga-KGC7AUyJQ==
date: Tue, 29 Oct 2024 02:09:16 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Oct 2024 18:31:11 GMT
server: nginx
x-amz-cf-pop: JFK52-P9

GET
H2 200 l
use.typekit.net/af/b718ff/00000000000000007735f98d/30/ 46 KB
46 KB 273ms
71ms Font
application/font-woff2 2600:141b:1c00:8::1728:b330
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/b718ff/00000000000000007735f98d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/itk2qbh.css?ver=ada0ad45b21fc79c6694
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b330 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 987ed7567466e4fc79242bded7cfac38f7cf9da6c430fe6053266ba12c1fa1b1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cyberscoop.com
Referer: https://use.typekit.net/itk2qbh.css?ver=ada0ad45b21fc79c6694

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "8eb51f23928374af36bf65f02757cd5be6775093"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 47332
date: Tue, 29 Oct 2024 02:13:45 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/4337b5/000000000000000000013144/27/ 115 KB
116 KB 290ms
88ms Font
application/font-woff2 2600:141b:1c00:8::1728:b330
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/4337b5/000000000000000000013144/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/itk2qbh.css?ver=ada0ad45b21fc79c6694
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b330 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 6413983f57c8f999761ee0f4dc99b0f1fd6293626330e60c03d65a3bc071744f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cyberscoop.com
Referer: https://use.typekit.net/itk2qbh.css?ver=ada0ad45b21fc79c6694

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "2fdf8397680527e53165122163643d633320379f"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 118028
date: Tue, 29 Oct 2024 02:13:45 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/5d97ff/00000000000000007735f999/30/ 47 KB
47 KB 419ms
217ms Font
application/font-woff2 2600:141b:1c00:8::1728:b330
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/5d97ff/00000000000000007735f999/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n8&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/itk2qbh.css?ver=ada0ad45b21fc79c6694
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b330 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 012c1c40f37b85e86f6e7629241a2bcd0ce665b41954a08d3c2c9a55c42cba89

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cyberscoop.com
Referer: https://use.typekit.net/itk2qbh.css?ver=ada0ad45b21fc79c6694

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "b4c0d041408776d043674f518c911c68d4f73f57"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 48312
date: Tue, 29 Oct 2024 02:13:45 GMT
content-type: application/font-woff2
server: nginx

GET english.openai.mp3
wp-tts-cdn.api.scpnewsgrp.com/cyberscoop/82308/ 0
0

GET
H3 200 icon-facebook.svg
cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/ 371 B
681 B 74ms
73ms Image
image/svg+xml 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/icon-facebook.svg
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: 572c153f12ece183e602325e76c01dba662552713252e6799e8e6fbf827252eb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cyberscoop.com
Referer: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g

Response headers

cache-control: max-age=300, must-revalidate
x-rq: dca5 96 185 443
etag: "6710066f-173"
age: 269
via: 1.1 0872a9ea1fab6d5bf06432bb20551d5c.cloudfront.net (CloudFront)
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 371
x-amz-cf-id: 9k50RlvU9500TMC6RzV8aZfikR7gMuf-d2WZ-dD-9bAjd90443DFjQ==
date: Tue, 29 Oct 2024 02:09:16 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Oct 2024 18:31:11 GMT
server: nginx
x-amz-cf-pop: JFK52-P9

GET
H3 200 icon-twitter.svg
cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/ 587 B
679 B 80ms
78ms Image
image/svg+xml 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/icon-twitter.svg
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: e21f3b2a0e9d2ff25f55f184242d809b2ecd045ee3fe35a4665b891b82bcb460

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cyberscoop.com
Referer: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g

Response headers

cache-control: max-age=300, must-revalidate
content-encoding: br
x-rq: dca5 96 184 443
etag: W/"6710066f-24b"
via: 1.1 0872a9ea1fab6d5bf06432bb20551d5c.cloudfront.net (CloudFront)
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: KdAYJ3UO2cSDf8TT1hVQ-foX19Q4dBEfEnRxlsd7rGXPzJs6JcnGVQ==
date: Tue, 29 Oct 2024 02:13:45 GMT
content-type: image/svg+xml
x-amz-cf-pop: JFK52-P9
server: nginx
last-modified: Wed, 16 Oct 2024 18:31:11 GMT
vary: Accept-Encoding

GET
H3 200 icon-linkedin.svg
cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/ 504 B
640 B 80ms
78ms Image
image/svg+xml 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/icon-linkedin.svg
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: 9b7aaf2c55485b05c5c57fbd95ba6d098da8f8e1583f8946d882d9b3fb8c28ce

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cyberscoop.com
Referer: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g

Response headers

cache-control: max-age=300, must-revalidate
content-encoding: br
x-rq: dca5 96 184 443
etag: W/"6710066f-1f8"
via: 1.1 0872a9ea1fab6d5bf06432bb20551d5c.cloudfront.net (CloudFront)
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: Xst_-2xzRFhQxsR5OBa36YjA3ymZo9a489UO8JUo8YeKew2B5uyf7g==
date: Tue, 29 Oct 2024 02:13:45 GMT
content-type: image/svg+xml
x-amz-cf-pop: JFK52-P9
server: nginx
last-modified: Wed, 16 Oct 2024 18:31:11 GMT
vary: Accept-Encoding

GET
H3 200 icon-instagram.svg
cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/ 378 B
688 B 76ms
75ms Image
image/svg+xml 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/icon-instagram.svg
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: be82b86d9b21780a099f969767c8bf5a3dc1221eff1c11cc5463826fdbe14f31

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cyberscoop.com
Referer: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g

Response headers

cache-control: max-age=300, must-revalidate
x-rq: dca5 96 184 443
etag: "6710066f-17a"
age: 269
via: 1.1 0872a9ea1fab6d5bf06432bb20551d5c.cloudfront.net (CloudFront)
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 378
x-amz-cf-id: 980X_loRAmHrhXetHZ8qLkfGSmIfYENeFCPZut5aPAMwowC2WS6KuA==
date: Tue, 29 Oct 2024 02:09:16 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Oct 2024 18:31:11 GMT
server: nginx
x-amz-cf-pop: JFK52-P9

GET
H3 200 icon-youtube.svg
cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/ 311 B
620 B 75ms
74ms Image
image/svg+xml 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/icon-youtube.svg
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: a02d6bcc26f9bf0bb83fb1d4b0f77b8394203a7436206d0dfea469dba4b1898a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cyberscoop.com
Referer: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g

Response headers

cache-control: max-age=300, must-revalidate
x-rq: dca5 96 184 443
etag: "6710066f-137"
age: 269
via: 1.1 0872a9ea1fab6d5bf06432bb20551d5c.cloudfront.net (CloudFront)
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 311
x-amz-cf-id: gsaIVK2gNwOdtbcj5ROqb0CcdZSyyazndYlT-TnkPb1OKXcy5rcj4g==
date: Tue, 29 Oct 2024 02:09:16 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Oct 2024 18:31:11 GMT
server: nginx
x-amz-cf-pop: JFK52-P9

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 63 KB
23 KB 117ms
116ms Fetch
text/plain 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

ba5901631a738c50356e0db579d02bd03345c5d1c74b71c34e0e797726d05e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
google-lineitem-id: 6808802377
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 29 Oct 2024 02:13:45 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: 138493258155
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://cyberscoop.com
content-length: 23589
x-xss-protection: 0
server: cafe

GET
H3 200 icon-caret.svg
cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/ 373 B
683 B 75ms
74ms Image
image/svg+xml 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/icon-caret.svg
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: 4397b39bca9ef7784f7ee354d27402a884e61e3adbf4d1e41ace0b688f8cf352

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cyberscoop.com
Referer: https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/css/frontend.css?m=1729103471g

Response headers

cache-control: max-age=300, must-revalidate
x-rq: dca5 96 184 443
etag: "6710066f-175"
age: 269
via: 1.1 0872a9ea1fab6d5bf06432bb20551d5c.cloudfront.net (CloudFront)
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 373
x-amz-cf-id: epqU7PEc9AxQQZgxixtAr32WePsDXYNUvHFDpVlnqZPmnbN1gaN44w==
date: Tue, 29 Oct 2024 02:09:16 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Oct 2024 18:31:11 GMT
server: nginx
x-amz-cf-pop: JFK52-P9

GET
H2 200 2153467.js Show response
js.hs-analytics.net/analytics/1730167800000/ 69 KB
25 KB 153ms
50ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1730167800000/2153467.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2153467.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d8b2122c9cb95cfadc5ce6af8ab8c4231ea638b9ff9cf1d7f98068cd1b46ad8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: fbe49298-a621-427e-9ee5-78d75d5b0879
content-encoding: gzip
cf-cache-status: HIT
etag: W/"c72e4b1bb69aa9489549f8e6ff446c59"
x-amz-version-id: null
age: 88
expires: Tue, 29 Oct 2024 02:16:17 GMT
x-evy-trace-listener: listener_https
date: Tue, 29 Oct 2024 02:13:45 GMT
x-hubspot-correlation-id: fbe49298-a621-427e-9ee5-78d75d5b0879
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 20:39:30 GMT
vary: origin, Accept-Encoding
x-amz-id-2: fhqRhdq5pZQ8TRYPsjz4dqe/m42iYryeWXDJYItw2mSu+GiOftMhzfUHRNhGPzZvznTngSrMyTk=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-gnlrf
x-envoy-upstream-service-time: 26
access-control-allow-credentials: false
x-amz-request-id: J865YFW44ETTKZM3
cf-ray: 8d9fa5eea879b3c1-MIA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 93 KB
26 KB 157ms
54ms Script
application/javascript 2606:4700::6810:4b8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2153467.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4b8e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4621daf70705ca4ad2cdfa8c95058ddcf4966d0146230d6abe449f49f7c8d107

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

x-evy-trace-virtual-host: all
x-request-id: 4c0e8a6a-e804-4e38-b248-2995743c66ac
content-encoding: gzip
cf-cache-status: HIT
etag: W/"efed4c800767ce92e6061f17ccc5987d"
x-amz-version-id: r.mCsQD_WlXWwN3xiO22xDXPwu0BfTog
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
age: 152
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-amz-cf-id: DLtBKfRcfpjMc-p9NEwR3fmsPkCYXBgdVq8SQFhB029awOnwvUiVoQ==
date: Tue, 29 Oct 2024 02:13:45 GMT
x-hubspot-correlation-id: 4c0e8a6a-e804-4e38-b248-2995743c66ac
content-type: application/javascript; charset=utf-8
last-modified: Thu, 24 Oct 2024 17:50:37 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7df4f6b649-jptdg
x-envoy-upstream-service-time: 7
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.18435/bundles/project.js&cfRay=8d7bde5a4d9f42e5-IAD
via: 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront)
cf-ray: 8d9fa5eea85431f0-MIA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: conversations-embed/static-1.18435/bundles/project.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/2153467/ 71 KB
26 KB 149ms
47ms Script
text/javascript 2606:4700:4400::ac40:9310
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/2153467/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2153467.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5dbdf83e6734fe53b0ecbf2a814f1a36bc44d4c2bc22493334aa3911cee81c3d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 4d4d676e-743f-4ff1-bb38-889f9a97035d
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: HIT
etag: W/"7795e0d76f9d93cbcdc11a5b70c49fbb"
x-amz-version-id: onCfh.16A6oWSE0hnba9nxFPAlDLGMli
age: 230
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Tue, 29 Oct 2024 02:12:26 GMT
x-evy-trace-listener: listener_https
date: Tue, 29 Oct 2024 02:13:45 GMT
x-hubspot-correlation-id: 4d4d676e-743f-4ff1-bb38-889f9a97035d
content-type: text/javascript; charset=UTF-8
last-modified: Mon, 08 Jul 2024 14:27:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: CzP+tFAAq9/x4BXDhX1Q9lj0WDiB2qJe4v/sdBELi2O9rZfSMRIBAPYCH1cG35yt2rhXHRSWviY=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-gfff7
x-envoy-upstream-service-time: 85
access-control-allow-credentials: true
x-amz-request-id: 5DRNSP12JWZNA8B1
cf-ray: 8d9fa5eeaae2b3e0-MIA
access-control-allow-origin: https://statescoop.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 wp-emoji-release.min.js Show response
cyberscoop.com/wp-includes/js/ 18 KB
5 KB 65ms
64ms Script
application/javascript 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cyberscoop.com/wp-includes/js/wp-emoji-release.min.js?ver=6.6.2
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Response headers

content-encoding: br
etag: W/"66e0662d-4926"
age: 4170253
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: UJ3z1Mfrix3JahdPtgKzFG4AGe2kAsbO8en3stlyTRrEYGJCC77oCQ==
date: Tue, 10 Sep 2024 19:49:32 GMT
content-type: application/javascript
last-modified: Tue, 10 Sep 2024 15:30:53 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
x-rq: dca5 96 184 443
via: 1.1 0872a9ea1fab6d5bf06432bb20551d5c.cloudfront.net (CloudFront)
accept-ranges: bytes
x-amz-cf-pop: JFK52-P9
server: nginx

GET
H2 206 english.openai.mp3
wp-tts-cdn.api.scpnewsgrp.com/cyberscoop/82308/ 83 KB
0 167ms
71ms Media
audio/mpeg 52.85.61.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://wp-tts-cdn.api.scpnewsgrp.com/cyberscoop/82308/english.openai.mp3
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-92.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://cyberscoop.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

x-amz-version-id: hA8W5_vaqhcP1yYoqDCW9seUvMYGDCRT
etag: "332a44c9d65065bbf0d6dc14c544c58f"
age: 28209
Content-Range: bytes 0-3026879/3026880
via: 1.1 c45a9630d6506aeeffefe81fbc0ed0ae.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
Content-Length: 3026880
x-amz-cf-id: nXZE10kF88cDAT6gbxnuBgyKXx5A8BGkGPT6SXz1QQnMVOpLwMhIuA==
date: Mon, 28 Oct 2024 18:23:37 GMT
content-type: audio/mpeg
last-modified: Mon, 28 Oct 2024 18:04:01 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 201 B
895 B 206ms
204ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=2153467&conversations-embed=static-1.18435&mobile=false&messagesUtk=df3af96574ea48199a9f9f02abd8d754&traceId=df3af96574ea48199a9f9f02abd8d754

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f36db75a57c0877cb108f5dd1bac82555bd0e3fd3f6fe7595286e7d0fe7ea3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
X-HubSpot-Messages-Uri: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Referer: https://cyberscoop.com/

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fjn0YwCMfq6tbrlqf3YdCe7FX5yXz1NbQnkTdpnxY06nF07B7xtx2qbb0g50NP6LNM6yAKAhcFo%2B8BEdxrBmc3M%2Fl6B3Vf9vJv%2BAjTNrIoPmdwsobye4SfovR0U7HDp%2F2lCJ9sI8WDMqE48zkA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Tue, 29 Oct 2024 02:13:45 GMT
x-hubspot-correlation-id: 39025598-8cfe-41ba-82c6-466d11049b97
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8d9fa5f07e42da27-MIA
access-control-allow-origin: https://cyberscoop.com
content-length: 201
server: cloudflare

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 208ms
126ms Preflight
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://cyberscoop.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://cyberscoop.com
allow: HEAD,GET,OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 8d9fa5efad32da27-MIA
content-length: 18
content-type: text/plain; charset=utf-8
date: Tue, 29 Oct 2024 02:13:45 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MHRTExm9YynOTM4RbvnkbWtItPjxO9ZeDI2S7SdDDmQ%2F3m%2BiFUEpRkE7y6MLP1%2FJzDozDMR7kIewjrsbZypyVpQz%2F1DEqgmfEIGN5926NjUbHXZgrkoVtF7dXX5cWDtkL1gfQ92MXj3vy2gDgA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-hubspot-correlation-id: 112e063a-7872-4430-aec4-63a3463eb2a6

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5B50 0
0 126ms
125ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu4gY3Th1xYZn55lOfCaY_SHaigJ1ouUR4ov-enQSEAxt2tXMc8L9b6-hrHYuGURX5hejBXLOtCJsLPEuChpbEdo-I3MjyQBzTJyIEBs7hBMkurgj3LE3xwZBevisHvtM2eFS5lxuhGe128SUk09VcQU3NEALBvGxkzOiMtjw_Uke9Y98O6cijsPnkdNm6ws4XC-13o0Hs-YYvk9aVI2NYwx0dSxNU17NY3jjG5svlkVzyqchScOYDm_hKdDgpUhyeXWRfay2zsKrZSfbs9aeK_DwZl2FLYPGTvKuTgB-vdC69YDzOY5qVZSyU9jV8-qRhOXaE4o0qkbnjeKDY5L2b1Qu3QvOgX2YhjR1FpkLbtN6Lg8wKhJtxsQZRUVNrvJqi6AX6Cilj-QZZ0Fg&sai=AMfl-YReTdGI23KZx7pTIIrKjz_kVuMSrEy3IRFXuabu1Q9yAtDLX0U9fMBGVQCiqcrDrWEUBzlP6ubxQYIjtEkT_WsvDWUHMt2OByM1ChZX2Xp_4guuXV7gS9zrccF4MfrBzT2EXOrDdLioTmRU_0Qv&sig=Cg0ArKJSzALzH_k3WcadEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:13:45 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/ Frame 5B50 23 KB
9 KB 357ms
204ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

187849c92554869baccf286f9a45661d5217de42ece9328be7b8fd1a19c5340c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 11914471516762554986
age: 4336
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:01:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:01:29 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 9226
x-xss-protection: 0
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/ Frame 5B50 3 KB
2 KB 213ms
62ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 16544991220582087243
age: 3327
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:18:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:18:18 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1229
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 5B50 207 KB
64 KB 182ms
58ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

24dccd731e4b42b3c3e43cb9ac9205879143ebb4de7658ab9222dd3b0458b086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 15148186343628264731
age: 547
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 03:04:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 02:04:38 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 65423
x-xss-protection: 0
server: cafe

GET
H2 200 15197939063805797208
tpc.googlesyndication.com/simgad/ Frame 5B50 132 KB
133 KB 214ms
66ms Image
image/png 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15197939063805797208

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3061e4e369a9a37ea4971584ef0e3430d422075b1d506a0eefb2b836145495d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

age: 252658
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Sun, 26 Oct 2025 04:02:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Sat, 26 Oct 2024 04:02:47 GMT
last-modified: Thu, 17 Oct 2024 18:17:40 GMT
content-type: image/png
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 135594
x-xss-protection: 0
server: sffe

GET
DATA 200
OK truncated
/ Frame 5B50 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 773fc2009a8b716297135fab8a414d134cc407b367371b301e74bc9117891f7a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D59D 0
0 123ms
123ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRwagX5DwujonXLiESmhZXgNaAA0jKBi15qgLgGc-PUYtLQyOWBQCu8J5EyXIUXbreHZLXcr-sBpL3bINRWaY-L66GPv8M_HT61F6FWsFExfprz_XVdH-a8eOzEjleqt15jzW9uyDkCy0R57i1tg9JDWn_w7P2F4CQBU1WCU6nmNdExvZRxnTSuSPPaoUqPdx3oLlzASpGGufOqmNsCb24N_k83PSUHxq24eNykAQ-3frdVw8s-CwVcqf6xvZj6vPlM_37-BIOjSZlHVy_zM-Wj1-2nT89H1zGy1W_NSfgwo0HJfcnhDaMN4PoaKBKB1W4zkmOtpxR8Z7otz6wIhYjlt8pdOhY-FkdxPBAk20caZ-ZhWh_MioCf8BTXNV19AgZN4DUdNtfBow&sai=AMfl-YRLE6A_S-6YTEjrcbBPFgra7AMe9Q7pb9tDFOCJQHflOgZtJRDdzzoFdpzQS7jH_LxSb0H6Yx2IsjPXJygoZYLEVBeg04gP6dWVZbNw05IjvGb8U_AT_t5sMZouwPVdQoWtrJ-zynLRB_AtwBHMgg&sig=Cg0ArKJSzLWIvt_AXdKfEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/ Frame D59D 23 KB
0 215ms
215ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

187849c92554869baccf286f9a45661d5217de42ece9328be7b8fd1a19c5340c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 11914471516762554986
age: 4336
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:01:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:01:29 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 9226
x-xss-protection: 0
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/ Frame D59D 3 KB
0 73ms
73ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 16544991220582087243
age: 3327
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:18:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:18:18 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1229
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame D59D 207 KB
0 42ms
41ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

24dccd731e4b42b3c3e43cb9ac9205879143ebb4de7658ab9222dd3b0458b086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 15148186343628264731
age: 547
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 03:04:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 02:04:38 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 65423
x-xss-protection: 0
server: cafe

GET
H2 200 11864741835082343691
tpc.googlesyndication.com/simgad/ Frame D59D 142 KB
142 KB 248ms
240ms Image
image/png 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11864741835082343691

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

852c954c81d53389801acf429e4f6eb04daa3a761cda493124bb60fadfa3357d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

age: 443674
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Thu, 23 Oct 2025 22:59:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Wed, 23 Oct 2024 22:59:11 GMT
last-modified: Tue, 03 Sep 2024 21:18:10 GMT
content-type: image/png
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 145487
x-xss-protection: 0
server: sffe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5208 0
0 125ms
124ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssXbyxs3papYjDErmBN05F8oK568mnSygBpmuIRFO_TuRlrIPufPivrC80fS8J5EbNx1EFfJqlDdZuvfNCsuIBD2uEqmj9bP-6r4tls3hLuhULMG9xJjoxDiaH68b49Vp1Syc6YAvLROk97MZu_8lbcvtuHx8pBL5mWVJXjx4GnoA0C5xUCucUmhBiBHLX20CjNfyEJ-Uj56Ms3OpbIQl6vAvkyKD-FEOZquR0Nr_TrbUfiT0Za1-9XOkfEy6brFi9WGoZG4kNZ01v-1ZF_Zhg1wUl_1jVOZQ7XFzoMFPgb3YdpSSOKwiceOkOCgbOBpoTQldm2sp3RjtC7lB3meZOUF9OCvFPdt0l-BkhKvBtHCaUd0s_yPugTgApi4wIvOZiVG8lLmKgcm4el8agzg-djOQ&sai=AMfl-YQN9YC4W9XdsTr6jGKJajU9i5kVLsabX7BkyuQd1DJGZ3CE2o7nYaq42TaXQEijdfn9sj0mSpmYnQHOFXAdmwnLSLsB9SMyj-BIXpbgteNyl2Dx9iOdx9rR7cLM-cmdgfKrsxDGria6lffHlg80dA&sig=Cg0ArKJSzO3txybNP31mEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/ Frame 5208 23 KB
0 200ms
200ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

187849c92554869baccf286f9a45661d5217de42ece9328be7b8fd1a19c5340c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 11914471516762554986
age: 4336
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:01:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:01:29 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 9226
x-xss-protection: 0
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/ Frame 5208 3 KB
0 63ms
63ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 16544991220582087243
age: 3327
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:18:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:18:18 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1229
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 5208 207 KB
0 31ms
30ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

24dccd731e4b42b3c3e43cb9ac9205879143ebb4de7658ab9222dd3b0458b086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 15148186343628264731
age: 547
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 03:04:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 02:04:38 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 65423
x-xss-protection: 0
server: cafe

GET
H2 200 8947048344264363196
tpc.googlesyndication.com/simgad/ Frame 5208 41 KB
41 KB 292ms
291ms Image
image/png 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8947048344264363196

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe764fffd200ed7b7a03fd6d436f1848d9ce2d0446e57d08b8f4dd0559568f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

age: 449580
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Thu, 23 Oct 2025 21:20:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Wed, 23 Oct 2024 21:20:45 GMT
last-modified: Tue, 15 Oct 2024 17:43:06 GMT
content-type: image/png
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 41570
x-xss-protection: 0
server: sffe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A1BA 0
0 127ms
126ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPNgkFyQPQMqtjGmSA6YoL3MF5eOqudvlXRpNAd8QA9EwUfnSoMJMiH8UddSvi3yUIHuEoarti74pFXNFxS-V3XMhTkpGwZ8KjL20oie42VGEOV8KYCi00fVMRRfbXzfoK9siHGXF54u96g_p-NgvwAbroMmMdZH9ZaKjbyadtfMlxRiCZ7gwdqt94oG3ofDKBHvGc-prgPVT4wWs8Y4cBEpOgoK_R7ymAOZqzzo6KrHyVu9gVj2JWaKcusTS7E1raCZ8yU7ayWct8eWEiiKYskxx6cp1_8PvYd21WYONDUlqQufS7uy04pPmOXV2QpGMkSPcb6pD4YqtTAxSRcOPslDBFFdpkPMQEcK6iWsc0gp8z3FmsbqyKNAtVOJ_iagbE1AqW8hplbT0VGi_2RK2JPg&sai=AMfl-YTu5zlOsD9eLRwFLVwf8pe8KbcSr5T8NjhoLSUdkfrc9gfsjJ8xum-aS80SEUEHHQtvuXOvk8siah8CSKNqS0Mm4ZoU8PylaCF8wOvq_RejpwzHAMjP1jlfA9idwfgUGfmap9m2RExyIDOLC8J3bg&sig=Cg0ArKJSzFRExKrgjgamEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/ Frame A1BA 23 KB
0 186ms
186ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

187849c92554869baccf286f9a45661d5217de42ece9328be7b8fd1a19c5340c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 11914471516762554986
age: 4336
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:01:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:01:29 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 9226
x-xss-protection: 0
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/ Frame A1BA 3 KB
0 53ms
53ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 16544991220582087243
age: 3327
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:18:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:18:18 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1229
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame A1BA 207 KB
0 17ms
17ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

24dccd731e4b42b3c3e43cb9ac9205879143ebb4de7658ab9222dd3b0458b086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 15148186343628264731
age: 547
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 03:04:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 02:04:38 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 65423
x-xss-protection: 0
server: cafe

GET
H2 200 12759268455202112985
tpc.googlesyndication.com/simgad/ Frame A1BA 230 KB
230 KB 284ms
283ms Image
image/png 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12759268455202112985

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f916f4fb34b823d3c33659634cb8e5151a549fcba910fd00976d465d17cf0538

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

age: 438748
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Fri, 24 Oct 2025 00:21:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Thu, 24 Oct 2024 00:21:17 GMT
last-modified: Tue, 13 Aug 2024 13:16:44 GMT
content-type: image/png
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 235422
x-xss-protection: 0
server: sffe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D512 0
0 126ms
123ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuDYehXKqfVJHrAN56LjS8UoEwur5oTvt7ADo2-pZBksHW2QINcO7svSG7h1zWTDhA_uxZ9refQpV3-8x74Djo2i3nhQuvicfSWfnB7C7XPOi1eGhttlzb4W4RHCNI7oRu4fPvVeLVoTv-dOjSxhKYYgoA9RdYI_gSW_q9k8cOcV4MGB_QzCUjsQRhRJP3V3m7-nKL1hio2vbzQYyFsXOuFrhSUx1u6hd-tYMlBsrnS1O31X2KkgVXuTIF-YAkiCgU2b-Wf3xI0n6HWj653291QQ-UWKTlPWoeJo1go_EyQ6tcqoEuIACLMBe-ZFejNvG1-zK63mL4sK-oWWXKRabU4t4NsEo42M0i8CIajQbfFHLvYr7iS3RXMNP0xR20rhHPM_B4QFrqdwUNjLi4vtMKS_A&sai=AMfl-YSqMW64nh85Ghor4_P20aY7MB9ppJyfD_qkbd93LCnw0LeofkN5QeHwXIoZ3y3sxkrEHDkophO57qXd8DX4X7xp_9uoGr3zaWxWV6ructyMZvJxmCZcwKZB9YAq1S_No3r9UOGPi0WnzDxshTw7qw&sig=Cg0ArKJSzIgHaaSO3--bEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/ Frame D512 23 KB
0 174ms
174ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

187849c92554869baccf286f9a45661d5217de42ece9328be7b8fd1a19c5340c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 11914471516762554986
age: 4336
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:01:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:01:29 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 9226
x-xss-protection: 0
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/ Frame D512 3 KB
0 46ms
46ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 16544991220582087243
age: 3327
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:18:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:18:18 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1229
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame D512 207 KB
0 6ms
6ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

24dccd731e4b42b3c3e43cb9ac9205879143ebb4de7658ab9222dd3b0458b086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 15148186343628264731
age: 547
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 03:04:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 02:04:38 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 65423
x-xss-protection: 0
server: cafe

GET
H2 200 13638745232107482142
tpc.googlesyndication.com/simgad/ Frame D512 55 KB
55 KB 278ms
275ms Image
image/png 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13638745232107482142

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a75cfea5f5b6f846605d0f8c240195f92b8000e55ea9e585e7686c6588e36b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

age: 449580
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Thu, 23 Oct 2025 21:20:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Wed, 23 Oct 2024 21:20:45 GMT
last-modified: Tue, 03 Sep 2024 21:18:10 GMT
content-type: image/png
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 56451
x-xss-protection: 0
server: sffe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D3AA 0
0 124ms
123ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstxh40J91EB_h5Jbkzi2uCqyKUjAq81H5szJIalDUbdDoeSULW7UU_4m20XsbSGmaCmktFmLoDYmKoqBI9Asf_dl2DjCWXnMeVIhYqkmMa_YHfyGy5Kw72MzmUYWM2k2b4SigHQpERBNckK2Mm12e4L-Nv_vqkplP7O4yvZpBVyt1hmU199FGBGBpvwvkFG-UpZPyhxvoaBZtv4W6Q3EvLkMqSCIt-0AI1vpkd6qK0PcSY1mq92kv9EmnoGVJ9o1ON1vOu8ENCgNk4NworbiCGqSijxqQ6dbyzxNU0NAf2b-4BpC7FnZeH9Dfm_mwO6wMczAKs-LfHLzbTunfJBKgAQCboWAJcMZT94lCv2_Em02ZP-rbYTNCPtI5Co2_hgn3AgHbqJ6i9TEnnYmPw0ym14nA&sai=AMfl-YQV_gV6uLYWUJZLmmc2PHgP2TwOCEPNWOdMWQa7XL8yFraxnlbVYI5fmGR-vhTuaHhYgXxoozpDGdABZh-Z2QuynCX0ngHKB3emBiddJPVbSbaTV4ri5vQmnPQzNmLo34skItyBQjWbavdU-6uo2Q&sig=Cg0ArKJSzDe_4sX58OkhEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/ Frame D3AA 23 KB
0 158ms
158ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

187849c92554869baccf286f9a45661d5217de42ece9328be7b8fd1a19c5340c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 11914471516762554986
age: 4336
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:01:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:01:29 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 9226
x-xss-protection: 0
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/ Frame D3AA 3 KB
0 36ms
36ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 16544991220582087243
age: 3327
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:18:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:18:18 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1229
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame D3AA 207 KB
0 2ms
2ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

24dccd731e4b42b3c3e43cb9ac9205879143ebb4de7658ab9222dd3b0458b086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 15148186343628264731
age: 547
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 03:04:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 02:04:38 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 65423
x-xss-protection: 0
server: cafe

GET
H2 200 1956301465136781730
tpc.googlesyndication.com/simgad/ Frame D3AA 123 KB
124 KB 271ms
266ms Image
image/png 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1956301465136781730

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8cf64c209cd328329fd13c7f965b21b478ec0796fb44408e2f9a32b1b4f3417e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

age: 451092
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Thu, 23 Oct 2025 20:55:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Wed, 23 Oct 2024 20:55:33 GMT
last-modified: Tue, 13 Aug 2024 13:16:44 GMT
content-type: image/png
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 126438
x-xss-protection: 0
server: sffe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame BE3C 0
0 126ms
123ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudq6u23ovXFGSkali3BFxtkh3Avz0Cbwui3saC-3fQaEc5TimUZ5n-emNDdtgPpyq7MtJ3gKQX0faNRig05dWfFz_0g5OZSeKYm4EQH7uG5xqyrBS2bwdClUcLNzC3CIMfOxFtQLywjzPRTpfrOaTX4dsHj4qhE8QBM1fYIVottqYeOQ8BjjXXG9WxO9mktAkztq_z1DczjcuPVTxPRB-xTX5CuGmHiY5Bj1LN5QyO8fNeRe_5IgE5FGdyLf6UCiupk4DN03EpfJ1-NIHF-40ctfN55CJmNsmlxcAlf0GVEv-JwVCnIljXPo7SonimheztJ6fdYPB_kK5nNpdFMHjF4AKvOgQOkHRRK8KUziBV4BXxRbhYjgSow4yc3c9-4Fiaz57W7UI7yDmWvo43lA&sai=AMfl-YQSWfz7XGhljrFutGaAVrUh2NX0lKR586IqtKxU8xQaNDw5vGENSohqa3YFNIc7W-2muWstKmQ6tP2YYDS0by7b_wzDAodPbgOFYl4GCCpANDoXYql6vnPeAJ4cZjTEEmJLgNEp10HRvejZW_dy_w&sig=Cg0ArKJSzBijh11D7SCnEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/ Frame BE3C 23 KB
0 141ms
141ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

187849c92554869baccf286f9a45661d5217de42ece9328be7b8fd1a19c5340c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 11914471516762554986
age: 4336
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:01:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:01:29 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 9226
x-xss-protection: 0
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/ Frame BE3C 3 KB
0 28ms
28ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 16544991220582087243
age: 3327
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:18:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:18:18 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1229
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame BE3C 207 KB
0 5ms
5ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

24dccd731e4b42b3c3e43cb9ac9205879143ebb4de7658ab9222dd3b0458b086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 15148186343628264731
age: 547
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 03:04:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 02:04:38 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 65423
x-xss-protection: 0
server: cafe

GET
H2 200 13363721566547478961
tpc.googlesyndication.com/simgad/ Frame BE3C 79 KB
79 KB 289ms
281ms Image
image/png 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13363721566547478961

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69acc83ede0c2181b8800537cfdc4203d5efde1d0e9f0d6a5f1c9e986ed09129

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

age: 449355
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Thu, 23 Oct 2025 21:24:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Wed, 23 Oct 2024 21:24:30 GMT
last-modified: Tue, 13 Aug 2024 20:14:34 GMT
content-type: image/png
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 80518
x-xss-protection: 0
server: sffe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 746C 0
0 130ms
123ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssiSkQCEO9vek4TgVa7Qk146g1qfpmNTjDdgasXZsqKElzzGOGTNwRw4N28awnOR5-O43xfzdl25DRlBfYtZhjbMu5y0nxwNHHBolyHkaFZQFVwQRtnV9WcrwmFwOOGTfcqdOqEArPngm2fqzkMmVDPTBBsKZtBfCFEcxWFnqynjiOBQ5kcDpDM4Hmh-sGzZgUPAwn7EbPYRhkfqqIsG5WWupj2pPZFDmRQxedN2uq7PTO-z94aTkeLCN4Feygaud4ynNQfzUVJ5BAgYV9qHWF7rDzf7qI39tpaQFjRwbocvROH2Jjva0TYSQDs4Q2rX3o47EuTuLjJnx1hsSBv4uQJ0sMtdDS5VCTJkxo3x7kJjbUtcpUEJIdRNnsObpgySZm4NAUpmBXP-ZvKWCfnRw&sai=AMfl-YTKkvh68Px91R7Ybm4G5vFw-6jSow6XZEQDeMDB9hKfsiuOYphEE9YwUFpHscyGvgz2Wx94YbosUZThz2kroccOPHfaY4Z3FwK4h9CsHjM_3pvpyP7RwLnO6oe71rRh6aAatfEJiZBv24FH14goQw&sig=Cg0ArKJSzFr2WWFqt7wrEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/ Frame 746C 23 KB
0 128ms
127ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

187849c92554869baccf286f9a45661d5217de42ece9328be7b8fd1a19c5340c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 11914471516762554986
age: 4336
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:01:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:01:29 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 9226
x-xss-protection: 0
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/ Frame 746C 3 KB
0 19ms
19ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20241023/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 16544991220582087243
age: 3327
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 01:18:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 01:18:18 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1229
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 746C 207 KB
0 7ms
7ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

24dccd731e4b42b3c3e43cb9ac9205879143ebb4de7658ab9222dd3b0458b086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: 15148186343628264731
age: 547
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 03:04:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 29 Oct 2024 02:04:38 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 65423
x-xss-protection: 0
server: cafe

GET
H2 200 13726868086245931231
tpc.googlesyndication.com/simgad/ Frame 746C 37 KB
37 KB 274ms
260ms Image
image/png 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13726868086245931231

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5791382b907fcf70d94bdf5476a52190890c293a1ff3bb789a79c732b753c22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

age: 451087
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Thu, 23 Oct 2025 20:55:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Wed, 23 Oct 2024 20:55:38 GMT
last-modified: Tue, 15 Oct 2024 17:43:06 GMT
content-type: image/png
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 37651
x-xss-protection: 0
server: sffe

GET
DATA 200
OK truncated
/ Frame D59D 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae5e7038a2bce0e8087ecc50fc43ec092f24dfaa14521bf72a8463ee57fa445b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 5208 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc484ef370829d6b79b46acde2e469824a9bfa5270203998503fa72c7e808166

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A1BA 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b9e885a2894eefa464bde235ee6466b304eb32c29e898b26a627f4f0d3711164

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D512 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68db802a1621aedcc52969aaa0d800512a27450ee45fd99cdd62e45f4b17f677

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D3AA 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc1a7282f60acd105f92a65340c458b8a016759e3efdb23a41dec57b2a18f8a7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame BE3C 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdc0743c7a5b3cdfdfb02a5157538d18fb2f94e661ef272da1dd6e213661a467

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 746C 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a030c3411a34a4d5a20ccbed7ccb40ec75ce1c433740bf5f16f901703fc42485

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 298 KB
102 KB 91ms
84ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-T6DX9FEHNM&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

82e83015aa48cd3a700b349b8ac602d5201c12a819cfb6da81656d926f9f4416

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 29 Oct 2024 02:13:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:13:45 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 103640
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 231ms
74ms Script
application/javascript 2600:141b:1c00:6::17df:d10d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:6::17df:d10d Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: max-age=69809
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Tue, 29 Oct 2024 02:13:46 GMT
last-modified: Thu, 22 Aug 2024 11:06:54 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 57 KB
16 KB 194ms
60ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "4328e910de583ad53b3a7a76455af005+gzip"
accept-ranges: bytes
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15926
date: Tue, 29 Oct 2024 02:13:45 GMT
x-tw-cdn: FT
last-modified: Tue, 29 Oct 2024 01:22:31 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kiad7000112-IAD
x-amz-server-side-encryption: AES256

GET
H2 200 hotjar-3095877.js Show response
static.hotjar.com/c/ 13 KB
5 KB 247ms
66ms Script
application/javascript 108.138.106.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3095877.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.106.101 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-106-101.jfk50.r.cloudfront.net

Software

Resource Hash

ea88300106063a2e9ef5e22183affd8d9219ed7ed1eefff91449e61803d4e208

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: br
etag: W/879de70d65e3c7f735e83d9659e5a805
age: 23
x-content-type-options: nosniff
x-cache-hit: 1
x-cache: Hit from cloudfront
x-amz-cf-id: -rfhdOZ3cxjN0AZflSwN66W6hjaD8ezLdbsWh-KRY_W3QwPutd5r2w==
date: Tue, 29 Oct 2024 02:13:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
via: 1.1 c790ffcab27717f283a6e87f31c6d65a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: JFK50-P3

GET
H2 200 p.js Show response
cdn.parsely.com/keys/cyberscoop.com/ 59 KB
22 KB 212ms
66ms Script
application/javascript 18.164.101.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/cyberscoop.com/p.js?gtm_ver=3.1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.101.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-101-60.jfk50.r.cloudfront.net
Software: nginx /
Resource Hash: 7a7b85930f08110f3b6b6105b21ceaf3304d48c431b71963ce0b1dc346374225

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: max-age=86400, public
content-encoding: gzip
pragma: public
etag: W/"66b3b9b2-eb58"
age: 62798
via: 1.1 241db89625f6ef70a00b0e19e0cfc332.cloudfront.net (CloudFront)
expires: Tue, 29 Oct 2024 08:47:08 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: ki9_JE4K2vSVj4kqyrHyl_K3YD0L1dtEZ1u90JlQjIbOIeGUEx_NSg==
date: Mon, 28 Oct 2024 08:47:08 GMT
content-type: application/javascript
last-modified: Wed, 07 Aug 2024 18:15:14 GMT
server: nginx
x-amz-cf-pop: JFK50-P5

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 229 KB
58 KB 142ms
70ms Script
application/x-javascript 31.13.80.12
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.80.12 Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-yyz1.fbcdn.net

Software

Resource Hash

668c6828672fa8600b7a0632cb328ee63a31361be6734987b04985fcd9d08d4f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-jkLnbCFR' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 29 Oct 2024 02:13:45 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-jkLnbCFR' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=64, rtx=0, c=23, mss=1232, tbw=4419, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: ebM+YoWnvavB+hum6bqqQZMkwTcPINUC7zleVNkx1Td94vMvpyEGZ7PbV5ZNs+V1QsB33YMK1Vxw8cf6X1duXA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
content-length: 59722
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5B50 0
0 132ms
131ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstG5JX0KIU-R6VRc5fXDu7YL9147npd5jzueTwwr1d539MG18Z16P3Sf4hu3cDWlrsfYSoztaYlArOQ7IaphShQWQBrYH7MlcA1tUcLFggfrb0YV9TRP5QVW3km3P7KD2HWodjjQOWA0PDgog2padehlSmku2wO8AkrzRL2TQmQHiABQR6lPvLmdhXWMlunYj485zoUlEPbkgRyOkU_Yf1q6JiTOLJs3Y6uq7OoUJvXGSSx8s2HsQaVbzrKSZ71LJBxhcEDIunzHl5HJJNF8jD-uVvI_9TaZ-F2IItOfAAEeMECwUJeudbukNlJm7ysR0tGltqkmO5TNBqEDgqBcinBBFVtoiYGMBCI9UBy1LbrkGbt1ZLYW5VTY-vf6c4u9cJcfhzg9pxg2R1CST1c&sai=AMfl-YSvmMCrZxriTuhsIOV4_ou_-TIKclbM0HCsTzoK7raLWT3QagauLueasN61ZExpUehZO_O0ZD7yEOr2okcJPxXukjD0CZun7CGbU--W9h-_-xNWxDOs3DOTYQOHho2OhSb_e57BouFsi3x3Qv1r&sig=Cg0ArKJSzAZJkCCEQKOwEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:13:45 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D59D 0
0 123ms
123ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu4d0o9y87dhhccDc--1AFgR0MVm9NEuV8FBl_fku4E4_VidbDWJBJmNoQGtNItjCaYJFVHbqYK2_x9wlZOaw3rbCmyMl7KYjH7DvSVI8bZ4WFEb3R8Kv61jM4l_L8Ncc6eAsbchWBPpC_FAn_OXusXmJowtniMSQRv8SkMZcruFJu56qzuPnMkFfihBoU_UiolEHVnMfuWO1wHCPCDxUNLdJdq0-rl9SbIhP3RUxXd1P1oVAh_YmX7nPhH7EUg0HEEZEDCegALo9y_PRHLJ3xeFgRb44PfOkXl5J7Qp29mduORVIE0VdvfAYBMcgB-RY9NJ4oIhyH-CV6txOLuKEAKjZTKMpPWCXcLC0nH76WTzML0NbDvsjn38jYV_yVyEzlPkfQ1tMdNBdtkGw&sai=AMfl-YSp5IZ2RokwiFKWrvL44o-HlGt_RXcBUNiptyujqHA-4uYfYBMyUfLsHlHKpyXdPcreziMdtLLChtgJogo3CIUSlibCVV6v0g44DXUIYDZ2Gt8ewGovMyMtcZbMjPutm9BYi6fTXMXtYWKpB3ecsQ&sig=Cg0ArKJSzEADOPJtIc3yEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:13:46 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5208 0
0 123ms
123ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuSaVWA2q6Jc4UIGSNuyYIlQrXTCfky1WQJSt0ZKLqgG3uzTlLBwXiNQSuuccN2ON5r69-TbhEV-fEVf2e1vF1aN_V4KDGm2kzDcCbOq93Ir_YOaT-yJ138u5KqJ0xER7_Sl3t5-6wzHPx5oA50K2eTA8nAhhWe-oU9DW-lQfdeMdvCya5j_P6iGKu1xZ9rF1voR27g3LvlY4KSLn6Bdh82HW3wTqtdjrBJA6XmVwrCPwudWTATu0I6iVJeBowSCQPhkDSdU9Dv-_XUKCWRIEZwDFgDgUJN_zWhMqsNA-7vRWhZiOKBjENaahnpvF1NR2DG63noXfYlWYXq3najuyPXcMVdKyp7jf7a-XAlPEChpGXUYGq2YnBfjF2mzLqyZMy6zdCEYne-DsGv7i01jZ7SLD7p&sai=AMfl-YTBMPELq8G3Zb4spLHnuLfXJnPTQXeulCj4ADEmfspVfef-4t0UODwVizhi45Y7mQl7FJq7geLg-UEBh0SQE4OAUnoUwvV2rG2_XY3snkQU_63NoyiEUKBLDenM9cGobFtbX_6Ym9wLc5Dmqr202w&sig=Cg0ArKJSzPKr9dUAutZhEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:13:46 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D3AA 0
0 121ms
121ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss57c9tAcZqD5COOSZCR1DfrpcvlCrFPa3xwWA2syVKfeix-cP170_7M6MvDBvqJFLgbAnXig0WHdXgVCXGda--Y84LYCkIyMWnchECC-cqQK2Dzj6tb4Bln8JORYuRaV-gKxhaVWZirG3NpptMqTqS5SQ90RQ1uJ76Oprh3p25tC1vBVQmrqaacgzCNJjxe1dNIfNyXBkS12Ljm4Mu9jFFz1qB1NiMx_aCnbzI_XV-NdLG6-MwtVD_qhwiOuEdj6VGw5wb46fPSgp8bOIwZIyow7ZSvC4GRDQNpkc4z-OO6meqKnEPhh1ZfQI8VVT_riHYhFnK_hZvUVS_USP1dMdJzYiYermIg8N4tJwR2lwo8p-pQsMjJK4BDK617CjyxLRGV1gbLSR9Hm4unHszRMtDpWNt&sai=AMfl-YQXDvdycD7LiiQmy0kRFw6KWFkU45MrDM_LgGxPbF4G6gwalAFJgYHF4INvLJEQYvd7pTqHeT0gTvjtIFOC5gwTY99LtGWlfTH6bZojnu2aVz_-8P-HaKiJG1TVzCQrhhS0U1-aMSw68JMaUZzVOQ&sig=Cg0ArKJSzKhpWV5qSxQPEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:13:46 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A1BA 0
0 122ms
122ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss5XX3jbBTi3Z7DhQE-2vw3Jpse6BYBcIaHX4FgOVr8Hv_FgYjq59TNRzCIyt-o9EuJUEs9JIH6XemaHeOndT7hfd73kBQ-dPrc99KOYXSLwWGmbZY4KfDd5HcRijUh6_GPyibhPjCv2yRmfxfGUvepnDf9YYrsclmXawyBGWEejiLcaGXd-N_ycwijtTpUuk5fyTNzK384wfQvXMijf1ZnghCUIU8RPzDJUmB903SIsC-mpWIPwj5-rw21Hs3csLXGY7Q8uz9sbPrvXuzxwt1VsoEiEX_mqlDvLPdzg3d0u1imUoFJFN_Xa1al32xxwsG4OUQjC4i0lPtRZTJtTeOTKjMdLlDKFI4FPY53QCo6JygNDS7PeYzA6EhB0niSRcoN7KWf5otStAzginSKDPTumY7Y&sai=AMfl-YSNmQRjQlX3A4acP1RuVO4oZtCbyCmBmNTeL16H5qLI3N2SK1ggVgbrpXVlVVAQcAq87oVLVinjnVDe2BA6f_C8ZmfE4kZyk_E109ReuB9y4h5RpzaCHCULSziEZ5_WLnW8Skgyg5i5vhZwtgi7XA&sig=Cg0ArKJSzPoI9X_Rrxv8EAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:13:46 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 746C 0
0 123ms
122ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssnU311bTP-2y8t3kvbxK8AuHqRU7T39T9-kl-fYMJz8BOlSuZ_rY4VnrS3z39KHm-NF41uS6LA_Be6KLE3E0bjlfMy3z0nTrRzqyJhKDnmVna-xrdQ9i4Iwpse3YhCylarjva7iMtP3TOENFl1sRzyz06A2hZymLiPVESNwHb4-rccXEPzX-yjY5jBv_GZvI6ISAIyeaKRB2JbOWz1raOE4eqZ-h_ATnI39ooJ048qMVCS9JANQ83Ik2Y7M12duybVK-oU5B6Q4AKx0U-eP4FYvkYAZByqmGHJIMahy1CcYN_pC5NDDqP0Ckrw12A9WF6IGSDWp7ykogclG39_zy0EZKIFPv3oIAqy4yKOFPK2n6mC__gflXPCzyZrxCrcddNn9vWxXxdT50sflDtjFjQq&sai=AMfl-YRdXPEjmgLdfFSwXRR_7E9FbahFg9m2ProrGKYhm3t3cAiVIkq7ceyFhLA_yDjYd5OPJ7Y58BtGJZAht6aBAwjeR6wh4drt6I3rpxpCU9VRvZRb8tD9aBcfzhXFYWKQ7-Z_8aYukE1eIdVv-8j92Q&sig=Cg0ArKJSzIXc-CaGH8rhEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:13:46 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B50 0
0 125ms
123ms Fetch
image/gif 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D512 0
0 196ms
83ms Fetch
image/gif 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D59D 0
0 273ms
80ms Fetch
image/gif 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5208 0
0 350ms
81ms Fetch
image/gif 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D512 0
0 122ms
121ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvikHRnnVhZt6Pek_0GszsyaBD0GGaUE6k8ta4BEICINeJdNAs0kYyj7ZfhUR4aqRKzZww7t0QLuJma-aPPTF-FIMzArdWKcUJtLLfOzyw5ZcFDwhKsksnBMjSdIiagIHDg4mr2NVbF3bdotPXfjHL6g7PKMlXxZ6IeGXqqzH3F8VofjnJN674RG_zov_55mDaeUhqmRKTODCzYXYjYvXBb_h88KJpxeofOEttvTeolBiIPDGIa9kmma14sHRufgbSbbRcGg5xJMGESLdM3DfztA6tzDLw_w31gJ3jYEocwG-UEI5wN5UmhPwr2S5oOddMlgqUFIUXOmSrBPuH3xTxZI9wEepLpmCSnV6xdw_IhXar79V1jzJ8YeQT9rJwsLzBLOgljmrK4YV6QUwFRIzkwaHI9&sai=AMfl-YSmoYVv7RDyfTr1v0PsyhQi_lkd3XC1XXAlwVBmAPYLCOjsLcDew643dcyG3Zs7geVvE_UfOCpJGLFL3i_EBeruX45MQqQKYn82Ku3g1f8DK1IjaFOK40Cd1zClY0WmZET9pVF3jlMRTlq6GJ74jg&sig=Cg0ArKJSzMnqYbOmJSE5EAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:13:46 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BE3C 0
0 419ms
80ms Fetch
image/gif 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D3AA 0
0 494ms
78ms Fetch
image/gif 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame BE3C 0
0 124ms
123ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsthEjo4QRg-w2-knPgv2IqDDXfc26NtRtzyP0buNlAHAhC_v11lwcVdkWt7yDnDAaKLe4CVY3c39gbX6ARbob8z-id_bbICh7ri6O-osJcZUfFP5skXa6bmkpUoyTCl9E4BIX2OAh0RUDlPmh5SQY_cfiMMKNzAAZS11ekxyyu6hTN-yroGHdWxWJdT9pzjIFlgU9ZdhfV5lz3xg1-GgPql3zr9k3eGfOLPQsHVHd6XeL3khVPGufmPcI7LldWK1V4BDFI8JaSZO8fL3mgd4tpeJ_AINlK4Du4WRc-wSzXzw1ibWZsNImFS7M8tDgO2kye3m9-IcYBQKZv21dRLJ_-6lMHPS09KHohDiJspilNuIw3-2TbWksDuAbjtvE9svirRzJQ_wCuzUP0TkOxrP9Jd&sai=AMfl-YTtdSBPwBqj-yVuQXVJEr03k5ryrBALUJvn538sUdxcXm0rd6usfev_Q5dXtyN-IQGc2-cmI5dJaw9oOWo1YsvQlht217PaTbJlE51BojIE81NPMf7mc_AXnxhv-Gd3_uFl7c2iJ-zEM4rPTEZZsw&sig=Cg0ArKJSzI1SHrf83m6zEAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: private
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:13:46 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A1BA 0
0 558ms
81ms Fetch
image/gif 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 746C 0
0 635ms
80ms Fetch
image/gif 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 262ms
124ms Script
text/javascript 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: gzip
age: 462
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 04:06:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:06:04 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 216ms
127ms Fetch
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-T6DX9FEHNM&gtm=45je4ao0v898526277z8831877454za200zb831877454&_p=1730168025092&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533422~101823848~101925629&cid=1690507733.1730168026&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1730168026&sct=1&seg=0&dl=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&dt=Operation%20Magnus%20targets%20Redline%2C%20Meta%20infostealers%20%7C%20CyberScoop&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2224
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-T6DX9FEHNM&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cyberscoop.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:13:46 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 adsct
t.co/i/ 43 B
626 B 154ms
71ms Image
image/gif 162.159.140.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=101b271b-40bf-404e-8602-16ada4355d30&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d9ac2125-1090-436f-95b9-1ced8a6567f1&tw_document_href=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv8sr&type=javascript&version=2.3.31

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

strict-transport-security: max-age=0
x-transaction-id: 21e65042505064a0
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 94005db71d2d5bd2eb7f7b421ad8d6bc47bbaebcc9a59a3e0bf87fe9a3b0ca22
cf-cache-status: DYNAMIC
cf-ray: 8d9fa5f4ebd40992-MIA
x-response-time: 6
content-length: 43
date: Tue, 29 Oct 2024 02:13:46 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_b

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
392 B 156ms
49ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=101b271b-40bf-404e-8602-16ada4355d30&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d9ac2125-1090-436f-95b9-1ced8a6567f1&tw_document_href=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv8sr&type=javascript&version=2.3.31

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: ae406fd0cc1d99ab
cache-control: no-cache, no-store, max-age=0
x-connection-hash: d26b75b5be2c9ee6872f3635b3c69ba110758cf75bd65f9e063527fb8eb32177
x-response-time: 5
content-length: 43
date: Tue, 29 Oct 2024 02:13:45 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_b

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
258 B 241ms
57ms Image
image/gif 34.194.161.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1730168026297&plid=2b4a980b-d186-4210-b38f-e8473e652194&idsite=cyberscoop.com&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&sref=&sts=1730168026295&slts=0&title=Operation+Magnus+targets+Redline%2C+Meta+infostealers+%7C+CyberScoop&date=Mon+Oct+28+2024+16%3A13%3A46+GMT-1000+(Hawaii-Aleutian+Standard+Time)&action=pageview&pvid=98897437-1112-4f00-824f-70c11fede6a9&u=pid%3D5efc219a-013d-4503-a413-4d034f341509
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.161.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-161-83.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

Cache-Control: no-cache
Content-Length: 43
Date: Tue, 29 Oct 2024 02:13:46 GMT
Content-Type: image/gif
Last-Modified: Tuesday, 29-Oct-2024 02:13:46 GMT
Server: nginx
Connection: keep-alive

GET
H3 200 896395920528126 Show response
connect.facebook.net/signals/config/ 76 KB
15 KB 166ms
166ms Script
application/x-javascript 31.13.80.12
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/896395920528126?v=2.9.174&r=stable&domain=cyberscoop.com&hme=ead923021ccd3483ef3b9b04703d0a78b943fbdc01e8d7cec21c5059f1f4a5e9&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C194%2C193%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.80.12 Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-yyz1.fbcdn.net

Software

Resource Hash

ade4a396b294e1a6cc9553b86f4e92f34fca4c1450fd7fc59f7d950918468f66

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-N7sSANMo' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 29 Oct 2024 02:13:46 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-N7sSANMo' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=65, rtx=0, c=75, mss=1232, tbw=67875, tp=63, tpl=0, uplat=98, ullat=0
pragma: public
x-fb-debug: 5FmpqtBsWaR1Kdymh1UMtI5aGcq6VnbI16mPFIc/5vfj2LbT8gxi6SnNq+4OZhr0eVHyU2fF/NGNoogVPaOauw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
785 B 217ms
121ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=50036&time=1730168026318&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: *
Referer: https://cyberscoop.com/

Response headers

x-li-pop: afd-prod-lva1-x
content-encoding: gzip
x-fs-uuid: 00062594229e399589fa082d36df118c
x-msedge-ref: Ref A: 66B0C774622D4D4D98E495F8723979D6 Ref B: MIAEDGE1913 Ref C: 2024-10-29T02:13:46Z
x-li-fabric: prod-ltx1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYllCKeOZWJ+ggtNt8RjA==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
x-li-source-fabric: prod-lva1
date: Tue, 29 Oct 2024 02:13:46 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1730168026318&li_adsId=49192ee6-e20b-4b61-9e57-fe70b81e40ac&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infosteale...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1730168026318&li_adsId=49192ee6-e20b-4b61-9e57-fe70b81e40ac&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infosteale...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D50036%26time%3D1730168026318%26li_adsId%3D49192ee6-e20b-4b61-9e57-fe70b81e40ac%26...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1730168026318&li_adsId=49192ee6-e20b-4b61-9e57-fe70b81e40ac&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infosteale...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1730168026318&li_adsId=49192ee6-e20b-4b61-9e57-fe70b81e40ac&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infosteal...

0
489 B

218ms
121ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1730168026318&li_adsId=49192ee6-e20b-4b61-9e57-fe70b81e40ac&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&cookiesTest=true&liSync=true&e_ipv6=AQKy9TNEOCKXMQAAAZLWDPcR6i75UTDReRf87prEdUdSsn3-vVc5FzJ8LtceMKf_12RfkMk
Requested by: Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 12DE39D8D55649B28EE05523E7ADEED2 Ref B: MIA301000103025 Ref C: 2024-10-29T02:13:47Z
x-li-fabric: prod-lor1
x-li-uuid: AAYllCKoW4gU31OIuuePjA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1730168026318&li_adsId=49192ee6-e20b-4b61-9e57-fe70b81e40ac&url=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&cookiesTest=true&liSync=true&e_ipv6=AQKy9TNEOCKXMQAAAZLWDPcR6i75UTDReRf87prEdUdSsn3-vVc5FzJ8LtceMKf_12RfkMk
x-msedge-ref: Ref A: 05AD4BB3C01E4766BBC8C91E7687DD77 Ref B: MIA301000101023 Ref C: 2024-10-29T02:13:46Z
x-li-fabric: prod-lor1
x-li-uuid: AAYllCKlAi8zDw64WT+/1w==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT

GET
H2 200 modules.625495a901d247c3e8d4.js Show response
script.hotjar.com/ 221 KB
55 KB 210ms
70ms Script
application/javascript 18.164.96.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.625495a901d247c3e8d4.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3095877.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.96.46 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-96-46.jfk50.r.cloudfront.net

Software

Resource Hash

c0d57eff0936a57e0c8d6bc93314585c734e5ade88d6de970e1e305ae5d87224

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

x-robots-tag: none
content-encoding: br
etag: "862c1be6e71cd836a43ce679991261fd"
age: 36639
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: eeJufb73cprf1fr-dcoQJt8pzs0keKUSbR5HSqu7Sqv3VvZrPfrSDA==
date: Mon, 28 Oct 2024 16:03:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 28 Oct 2024 16:02:55 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 98bc8180e0431e8f05afc9802305f1d2.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56056
x-amz-cf-pop: JFK50-P5

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
306 B 77ms
76ms XHR
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=640275152&t=pageview&_s=1&dl=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&dp=%2Fwelcome%2Fredline-meta-operation-magnus-infostealers%2F&ul=en-us&de=UTF-8&dt=Operation%20Magnus%20targets%20Redline%2C%20Meta%20infostealers%20%7C%20CyberScoop&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1718807503&gjid=1914603620&cid=1690507733.1730168026&tid=UA-80491860-1&_gid=765866044.1730168026&_r=1&_slc=1&gtm=45He4ao0n81KR697BFv831877454za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101823848~101878899~101878944~101925629&z=956922799

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://cyberscoop.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:13:46 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://cyberscoop.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

GET
H2 200 /
www.facebook.com/tr/ 0
269 B 233ms
73ms Image
text/plain 2a03:2880:f10e:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=896395920528126&ev=PageView&dl=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&rl=&if=false&ts=1730168026509&sw=1600&sh=1200&v=2.9.174&r=stable&ec=0&o=4126&fbp=fb.1.1730168026505.243692422741920336&cs_est=true&ler=empty&cdl=API_unavailable&it=1730168026315&coo=false&rqm=GET

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=70, rtx=0, c=10, mss=1297, tbw=2908, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 29 Oct 2024 02:13:46 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 339ms
180ms Image
image/png 2a03:2880:f10e:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=896395920528126&ev=PageView&dl=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&rl=&if=false&ts=1730168026509&sw=1600&sh=1200&v=2.9.174&r=stable&ec=0&o=4126&fbp=fb.1.1730168026505.243692422741920336&cs_est=true&ler=empty&cdl=API_unavailable&it=1730168026315&coo=false&rqm=FGET

Requested by

Host: cyberscoop.com
URL: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7431015088648909311"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 29 Oct 2024 02:13:46 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: b0r96lAdDEviW3Kolmluag6u9dNq0wVqx6T4AYNL7R+9N/3JrCyjYP3qO3EkHBCt5EpgDDGf0u3wXz29MzQ1Cw==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7431015088648909311", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=70, rtx=0, c=10, mss=1297, tbw=3221, tp=-1, tpl=-1, uplat=103, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5B50 42 B
65 B 132ms
131ms Fetch
image/gif 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstdLrObC50q2HduY26Q0PLJJwQnLfuT9tpcsxvfIe9nzKbca1mVmEahU6RV_84qhIKjv_TtM4aZVNcBtC2a2WEoinJiMwiptg86iTH_Jqh_Z1fuxfcv9riTOQ_e0dfBDP7FqcLqwUXvR11zjw9lrhM2jk3dXKwIUQRnXeCR2nWkcWBzbzqKvJEvhzKQ--bAn271JQ&sig=Cg0ArKJSzPPqQfk1PiBVEAE&id=lidar2&mcvt=1000&p=362,480,842,1120&tm=1018.1999998092651&tu=18.59999942779541&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20241023&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=145983194&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=2610082500&rst=1730168025494&rpt=405&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 29 Oct 2024 02:13:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D59D 42 B
65 B 133ms
132ms Fetch
image/gif 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssiZ5UErDHTXHWEPDXSCSy4mi6gUJXLZD4lWQxX1GF8Z6sWi_bhZF6qsHM6QNikIm8mL2xMoYGLS--O1tGHVhx8f8MQPSPlcidf0Qtfm_b_hS5qH3wl7NhJpc-ExQaM71fAMKQtl6Tror1byayvQS6Mahv0_3a96GnSS0z_qziAdNcINAuv6cFsDUoYBtbmuHPmqA&sig=Cg0ArKJSzFDBk6ZLtPGBEAE&id=lidar2&mcvt=1001&p=24,315,274,1285&tm=1035.8000001907349&tu=34.80000019073486&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20241023&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=1951456962&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=2610082500&rst=1730168025652&rpt=333&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 29 Oct 2024 02:13:47 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D3AA 42 B
65 B 131ms
130ms Fetch
image/gif 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstRc7x5Sze4D4ocw5bybiya_8zlvp41dnfpRnYHznm8tHVmTD0gqmf8OjKgTUpK9audP97GbNQAylFkKLTx-ZJAj7OvannfcABp6G2kRNeaGDUMsK8hxJ6vW0pCKa96bmCPHIPJTXrEc9nHSdYXMusyqjUhtt2u6pEKyyiOs-4fTxakP9DuFboM_IK7WfG0RM_eNA&sig=Cg0ArKJSzIi8LWmfRF7-EAE&id=lidar2&mcvt=1000&p=806,1143,1056,1443&tm=1061.3000001907349&tu=61.60000038146973&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20241023&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=4015763869&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=2610082600&rst=1730168025710&rpt=359&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 29 Oct 2024 02:13:47 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
195 B 125ms
121ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cyberscoop.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 222672F1D8A54C09AFC8650856D744A6 Ref B: MIA301000101023 Ref C: 2024-10-29T02:13:47Z
x-li-fabric: prod-lor1
access-control-allow-credentials: true
x-li-uuid: AAYllCKqTFfusST3q/wBag==
x-li-proto: http/2
access-control-allow-origin: https://cyberscoop.com
x-cache: CONFIG_NOCACHE
date: Tue, 29 Oct 2024 02:13:46 GMT
vary: Origin

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 17 KB
13 KB 94ms
94ms XHR
application/json 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202410280101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

9fcd406128831fed6bcbc156e8efb25851cac110b4886e0e41be64d159373ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 12923
date: Tue, 29 Oct 2024 02:13:47 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 186ms
98ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1639347869&v=1.1&a=2153467&rcu=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&pu=https%3A%2F%2Fcyberscoop.com%2Fredline-meta-operation-magnus-infostealers%2F&t=Operation+Magnus+targets+Redline%2C+Meta+infostealers+%7C+CyberScoop&cts=1730168027190&vi=cc6603612b5089e57c44b085382e3066&nc=true&u=143679850.cc6603612b5089e57c44b085382e3066.1730168027185.1730168027185.1730168027185.1&b=143679850.1.1730168027185&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

x-robots-tag: none
x-request-id: aea2f0a6-7653-4da9-bcba-245bbe62f180
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kQxhra9HLsOG9E%2Fpl7SdZI5BBsfm0yiDj8GD0mTIHQiH1AISRKPObV2DIUX2yhg%2BNtKvNzk4OLbDVxCelEHyml%2FqMvO2aPgbNPdFzbzCvAxNtQcjLARGnYVFRgNn6%2F6SfxEe8MS69O%2FZX5HGjfFE"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Tue, 29 Oct 2024 02:13:47 GMT
x-hubspot-correlation-id: aea2f0a6-7653-4da9-bcba-245bbe62f180
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-746d57b5c6-44p5c
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8d9fa5fa9d36a55a-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cropped-cs_favicon-2.png
cyberscoop.com/wp-content/uploads/sites/3/2023/01/ 368 B
667 B 82ms
81ms Other
image/webp 13.249.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cyberscoop.com/wp-content/uploads/sites/3/2023/01/cropped-cs_favicon-2.png?w=32
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 13.249.91.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-36.jfk52.r.cloudfront.net
Software: nginx /
Resource Hash: 792f09e55879f45045a85cc0cb1cc97fe647f26dd63e69ec79baf984055045d8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/redline-meta-operation-magnus-infostealers/

Response headers

cache-control: max-age=31536000
x-rq: dca5 99 172 443
etag: "3e93d175bee9a1a0"
via: 1.1 0872a9ea1fab6d5bf06432bb20551d5c.cloudfront.net (CloudFront)
accept-ranges: bytes, bytes
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
content-length: 368
x-amz-cf-id: FQX8tjOs1rxzMWM-lyGG3F2jlAkpRwjh04YPgK6refmmY40MUwfFFA==
date: Tue, 29 Oct 2024 02:13:47 GMT
content-type: image/webp
last-modified: Mon, 16 Sep 2024 16:46:36 GMT
server: nginx
x-amz-cf-pop: JFK52-P9

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D512 42 B
65 B 134ms
133ms Fetch
image/gif 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstRvrbktA5TcvzuK68WZAcy1Ly_vAR9GIU4nDBt7HsXh4dhE7USYzwpeal19omUY1j1_R4eXrs2f2yvv0h0dBQapD6QoQAG0F0funcQvnlm-Zxv8lAUI__KLDQL7MwXuhsQxmpplw7WFgstiDvistQlfSiKFf7FPTNKGTYuK6yzHdfSYiCmnk9ApEUB76qR2X5sQw&sig=Cg0ArKJSzBVby1ewgSaZEAE&id=lidar2&mcvt=1000&p=524,1143,774,1443&tm=1252.5&tu=252.80000019073486&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20241023&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=4107124343&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=2610082500&rst=1730168025694&rpt=474&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 29 Oct 2024 02:13:47 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 18 KB
6 KB 172ms
171ms Script
text/javascript 142.251.40.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.97 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f1.1e100.net

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cyberscoop.com/

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:13:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:13:47 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/232/ Frame FDC7 0
0 189ms
62ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 29 Oct 2024 01:48:43 GMT
expires: Tue, 29 Oct 2024 02:38:43 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame CF36 0
0 208ms
85ms Document
text/html 142.251.40.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.132 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-BBLYdo2JIcnstsnGuZlmRw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-BBLYdo2JIcnstsnGuZlmRw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Tue, 29 Oct 2024 02:13:47 GMT
expires: Tue, 29 Oct 2024 02:13:47 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET sodar
pagead2.googlesyndication.com/pagead/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cyberscoop.com
URL: blob:https://cyberscoop.com/aef2a7cb-be81-494b-b7de-fe64fee78d79

Domain: 2051d403cf1e3e14dd99515bd9d57cdb.safeframe.googlesyndication.com
URL: https://2051d403cf1e3e14dd99515bd9d57cdb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Domain: wp-tts-cdn.api.scpnewsgrp.com
URL: https://wp-tts-cdn.api.scpnewsgrp.com/cyberscoop/82308/english.openai.mp3

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202410280101&jk=3579344836361057&bg=!OzilOHfNAAZ-RxQpXkc7ADQBe5WfOC4u-YdneONNb7RiayP57xxIrLRtVstM1luRfXqkrz4B4dt5CcQTC5oTQN-0mC1PAgAAAElSAAAAA2gBB34ANpqz_CuZ0ajlrafLIHVIluWIkxY__dji1NkTf6yYZ7ALaTea1VeXUZbyIRdURX0MhBMpQCQzTpkCipfp7V4lfb5jB2T5NjNH7XeMVW6OMqPDfu_GNBW7NB1eqHsu8QtMa4jJ_tzDRPa_eIImO7aRZ4ZuHfYzOGL5QWdLyTilqqu0rqtADFgPqEZiaBvd0iSfSRD6hQqIsrdWXg1LOVNLrKHx8UE-AViwj-_38CENoMQLUP1WsAgxVHWiqwW2i0ksX6G9LEwl5SrVYpCXpA-GBJ4qk480owbewM8zajn9blxT1czv0zQNm6dqlLsVQENyuxe-9nPpZ7dIl-v7fpdh995cvjZhBvq2ia3KPbxnvuIvyWmXb4i_Rsi90pvzwx-IDoDYD2-amvXvq1s3TU1u4xPVs531M0E9oRMXm-RczfxBKVLGbgLFizBN8XFeHxgnrEqHNdWYhNPflZEC2RBu8y81vMZ_91OfHEiT3D7_4eIAByA-1bU2dunDSvwaojuf3eA6R2_gcDjHgNc07dTxVx0xpJm0p10O3emx2Gy_NAG5rQfgarwBdOG5SmE7fin2AADr8jis8LFhAXCe7EnTGstnr5XyN_hV-PJWclDDZ0lQmMsIMLUVXn9oQz9G-8A2coEjhr6HFGMsQ2gYptbdzFDk3uhkxG-2L7WXdvff_4hBqmMcfvccSQ2O8u3UrhzeTmCFkiNbeO96JjMKi5f-9EtjzSW6B8zPrxzPye7__KqbKKa9CzESZ4zITOquWEtYM4OjjzO7N7AIBOh7ODUFK_ggMO5v9h051GOgQ34HzrnIV6o6XckmdGo2Qxk_r3BV3vnXXVojg_l7UcLKMbebWBkebrtYjKcNv5TWzVb1acpEnfhmGaTjq3QyF1YOZSESUH7UW32XjQMPWDlsA_i2PI3bqgHOwwYr4cIhLXzlUIUUct6H

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cyberscoop.com/	1970-01-21 00:37:34	Name: sng_interstitial Value: 1
.cyberscoop.com/	1970-01-21 09:57:44	Name: __gads Value: ID=9292fcf37716d58d:T=1730168025:RT=1730168025:S=ALNI_Ma6vTCkcB1Jt4VzN49lE84ci8CTog
.cyberscoop.com/	1970-01-21 09:57:44	Name: __gpi Value: UID=00000f3b960672cf:T=1730168025:RT=1730168025:S=ALNI_MYcUEmwPVk2VREa-be2b2sxXypBwg
.cyberscoop.com/	1970-01-21 04:55:20	Name: __eoi Value: ID=cdb7ccaeebca0c08:T=1730168025:RT=1730168025:S=AA-Afja4YzvJm9ZGfVKfZHJCbIPI
.doubleclick.net/	1970-01-21 10:12:08	Name: IDE Value: AHWqTUl8RPgX5J0pJ2rcejNro5JQC--cNUczOiSC7AXwc6nF-WJWMQI_zuswLSjkDuI
.cyberscoop.com/	1970-01-21 10:12:08	Name: _ga_T6DX9FEHNM Value: GS1.1.1730168026.1.0.1730168026.0.0.0
.cyberscoop.com/	1970-01-21 00:36:09	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://cyberscoop.com/redline-meta-operation-magnus-infostealers/%22%2C%22sref%22:%22%22%2C%22sts%22:1730168026295%2C%22slts%22:0}
.cyberscoop.com/	1970-01-21 10:05:32	Name: _parsely_visitor Value: {%22id%22:%22pid=5efc219a-013d-4503-a413-4d034f341509%22%2C%22session_count%22:1%2C%22last_session_ts%22:1730168026295}
.t.co/	1970-01-21 10:12:08	Name: muc_ads Value: a2de1c2b-9090-4692-8e3f-ddf8096d695c
.t.co/	1970-01-21 00:36:09	Name: __cf_bm Value: a45m7Hk4RUoNUcR43l7t.iDcVq.i1fB47kwtvjVmIMQ-1730168026-1.0.1.1-GOfh5dCpqoX9NpsigsqGcmJzMQQ.Wy.xv0GKGEC4JSBoVNGoraYr8TXnSpwzV2fgx4FPZDmuwQJsf9qfIvGfIQ
.twitter.com/	1970-01-21 10:12:08	Name: personalization_id Value: "v1_ajfcPnVR2sqUOveKj20D4w=="
.cyberscoop.com/	1970-01-21 10:12:08	Name: _ga Value: GA1.2.1690507733.1730168026
.cyberscoop.com/	1970-01-21 00:37:34	Name: _gid Value: GA1.2.765866044.1730168026
.cyberscoop.com/	1970-01-21 00:36:08	Name: _gat_UA-80491860-1 Value: 1
.cyberscoop.com/	1970-01-21 02:45:44	Name: _fbp Value: fb.1.1730168026505.243692422741920336
.linkedin.com/	1970-01-21 02:45:44	Name: li_sugr Value: a0d675f8-cbe9-4d72-8121-f6d795182c89
.linkedin.com/	1970-01-21 09:21:44	Name: bcookie Value: "v=2&b5076c71-41af-4b8d-89ab-348d96419e06"
.linkedin.com/	1970-01-21 00:37:34	Name: lidc Value: "b=OGST04:s=O:r=O:a=O:p=O:g=3340:u=1:x=1:i=1730168026:t=1730254426:v=2:sig=AQHRJEuXqP1pV1Yr3dHgkSrg40w4v0bT"
.cyberscoop.com/	1970-01-21 09:21:44	Name: _hjSessionUser_3095877 Value: eyJpZCI6IjVkMDc3MTEzLTg1Y2UtNTgzYS1hNmJkLTA5ZGExZjczYWFhNSIsImNyZWF0ZWQiOjE3MzAxNjgwMjY2MzQsImV4aXN0aW5nIjpmYWxzZX0=
.cyberscoop.com/	1970-01-21 00:36:09	Name: _hjSession_3095877 Value: eyJpZCI6ImViNWEyOWRmLTJkMjEtNDc0MC04NzYyLTUzMzMyYjgwYzMyMSIsImMiOjE3MzAxNjgwMjY2MzUsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.linkedin.com/	1970-01-21 01:19:20	Name: UserMatchHistory Value: AQLDKixNHRjjqQAAAZLWDPXqy5aNGiC4IPDMTKmIPUGMR_ymebXMO86PmJv5vh8rEvWW7IK9MW8B7g
.linkedin.com/	1970-01-21 01:19:20	Name: AnalyticsSyncHistory Value: AQJm8TmItC1FfwAAAZLWDPXq_DsZen5VfaxLfBH_gs7KP2yIlpfTmECJxQW_eES9ZFxWVXhGPOFiNYSz-6MS4g
.www.linkedin.com/	1970-01-21 09:21:44	Name: bscookie Value: "v=1&2024102902134663d29dc3-18e7-433f-8a87-cd2cb146989dAQEdn0l-OKsPQm37l39VX209cBHLBCW8"
.cyberscoop.com/	1970-01-21 04:55:20	Name: __hstc Value: 143679850.cc6603612b5089e57c44b085382e3066.1730168027185.1730168027185.1730168027185.1
.cyberscoop.com/	1970-01-21 04:55:20	Name: hubspotutk Value: cc6603612b5089e57c44b085382e3066
.cyberscoop.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cyberscoop.com/	1970-01-21 00:36:09	Name: __hssc Value: 143679850.1.1730168027185
.hubspot.com/	1970-01-21 00:36:09	Name: __cf_bm Value: JxriC49rSxz17yZLMaw8M0c21fVfFlOKfKyBbLkl1Ro-1730168027-1.0.1.1-N1BKPY_kgDs.di38qDUHWEqgXsTJYOK2xxv5Io3H75zKrwOIuyDI.7zKuFXDKBl9VZk_bt9W_S.ltyOP_V36gQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: qeGKwJuDb4VIES1YvwXWjfcbDlUEElHr7_PEPgHqev4-1730168027356-0.0.1.1-604800000

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js(Line 10) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js(Line 10) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410280101/pubads_impl.js?cb=31088507, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2051d403cf1e3e14dd99515bd9d57cdb.safeframe.googlesyndication.com
analytics.twitter.com
api.hubspot.com
cdn.parsely.com
connect.facebook.net
cyberscoop.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.usemessages.com
p.typekit.net
p1.parsely.com
pagead2.googlesyndication.com
px.ads.linkedin.com
px4.ads.linkedin.com
script.hotjar.com
securepubads.g.doubleclick.net
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
t.co
tpc.googlesyndication.com
track.hubspot.com
use.typekit.net
wp-tts-cdn.api.scpnewsgrp.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.linkedin.com
2051d403cf1e3e14dd99515bd9d57cdb.safeframe.googlesyndication.com
cyberscoop.com
pagead2.googlesyndication.com
wp-tts-cdn.api.scpnewsgrp.com
104.244.42.195
108.138.106.101
13.107.42.14
13.249.91.36
142.250.65.194
142.251.40.132
142.251.40.226
142.251.40.97
146.75.28.157
162.159.140.229
18.164.101.60
18.164.96.46
2600:141b:1c00:6::17df:d10d
2600:141b:1c00:8::1728:b323
2600:141b:1c00:8::1728:b330
2606:4700:4400::ac40:9310
2606:4700::6810:4b8e
2606:4700::6810:7574
2606:4700::6810:89d1
2606:4700::6811:afc9
2607:f8b0:4006:80a::2008
2607:f8b0:4006:81f::2001
2607:f8b0:4006:81f::200e
2620:1ec:21::14
2a03:2880:f10e:83:face:b00c:0:25de
31.13.80.12
34.194.161.83
52.85.61.92
012c1c40f37b85e86f6e7629241a2bcd0ce665b41954a08d3c2c9a55c42cba89
187849c92554869baccf286f9a45661d5217de42ece9328be7b8fd1a19c5340c
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
24dccd731e4b42b3c3e43cb9ac9205879143ebb4de7658ab9222dd3b0458b086
3061e4e369a9a37ea4971584ef0e3430d422075b1d506a0eefb2b836145495d3
346c66e4f479f4a17ed1401f493c41c4c36b694580749098da5224e7707ed994
3f43be92fe63af3e20c741cb5ef9fbcbe742bf78b6aafe693f31ed9720289d29
4397b39bca9ef7784f7ee354d27402a884e61e3adbf4d1e41ace0b688f8cf352
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4621daf70705ca4ad2cdfa8c95058ddcf4966d0146230d6abe449f49f7c8d107
4d8b2122c9cb95cfadc5ce6af8ab8c4231ea638b9ff9cf1d7f98068cd1b46ad8
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
4e778181b46a001341499372efbad4f99a18674bce73c33dfd5021af138c1e8b
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
4f36db75a57c0877cb108f5dd1bac82555bd0e3fd3f6fe7595286e7d0fe7ea3e
572c153f12ece183e602325e76c01dba662552713252e6799e8e6fbf827252eb
5dbdf83e6734fe53b0ecbf2a814f1a36bc44d4c2bc22493334aa3911cee81c3d
6413983f57c8f999761ee0f4dc99b0f1fd6293626330e60c03d65a3bc071744f
668c6828672fa8600b7a0632cb328ee63a31361be6734987b04985fcd9d08d4f
66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a
68db802a1621aedcc52969aaa0d800512a27450ee45fd99cdd62e45f4b17f677
69acc83ede0c2181b8800537cfdc4203d5efde1d0e9f0d6a5f1c9e986ed09129
773fc2009a8b716297135fab8a414d134cc407b367371b301e74bc9117891f7a
792f09e55879f45045a85cc0cb1cc97fe647f26dd63e69ec79baf984055045d8
7a7b85930f08110f3b6b6105b21ceaf3304d48c431b71963ce0b1dc346374225
82e83015aa48cd3a700b349b8ac602d5201c12a819cfb6da81656d926f9f4416
852c954c81d53389801acf429e4f6eb04daa3a761cda493124bb60fadfa3357d
8c4a73ace7ab090207b86cd722e25bbaf498e8ab9559e22f98fe574ef3a187b6
8cf64c209cd328329fd13c7f965b21b478ec0796fb44408e2f9a32b1b4f3417e
96c381ae313ee177decfede923c9c9df7dd2a75c843fdfdc9d101b7977a1c3be
9790593b4acafa770479511a888914881594976c5dcad980c82e781c5625ff44
987ed7567466e4fc79242bded7cfac38f7cf9da6c430fe6053266ba12c1fa1b1
9b7aaf2c55485b05c5c57fbd95ba6d098da8f8e1583f8946d882d9b3fb8c28ce
9e565e0de0bd4db6685b59300a46bbb0493321b5f859cb85f324f378ac6ff048
9fcd406128831fed6bcbc156e8efb25851cac110b4886e0e41be64d159373ab6
a02d6bcc26f9bf0bb83fb1d4b0f77b8394203a7436206d0dfea469dba4b1898a
a030c3411a34a4d5a20ccbed7ccb40ec75ce1c433740bf5f16f901703fc42485
a75cfea5f5b6f846605d0f8c240195f92b8000e55ea9e585e7686c6588e36b40
a9d9027e9f6ba3ce34044bfb77f27caa9842de4b9e61b711b9a80244a5c24bb1
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abb51a752ad668d521944d425ca58cb18cceb95a60217a846bb5555418056dc3
ac46e86a099205af7f1368b8402169cd7b822e60251c4d80187271472c9d911e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ade4a396b294e1a6cc9553b86f4e92f34fca4c1450fd7fc59f7d950918468f66
ae5e7038a2bce0e8087ecc50fc43ec092f24dfaa14521bf72a8463ee57fa445b
b730a71a7f937b52bb8328c363a9074d3d1e7ae259f2a0b44784ccf97def2e49
b9e885a2894eefa464bde235ee6466b304eb32c29e898b26a627f4f0d3711164
ba5901631a738c50356e0db579d02bd03345c5d1c74b71c34e0e797726d05e33
be82b86d9b21780a099f969767c8bf5a3dc1221eff1c11cc5463826fdbe14f31
c0d57eff0936a57e0c8d6bc93314585c734e5ade88d6de970e1e305ae5d87224
cdc0743c7a5b3cdfdfb02a5157538d18fb2f94e661ef272da1dd6e213661a467
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfb128a65727938fcfde36e35f43732ffd2d9889acbfd5e1c35a48f21a33c780
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60
d5791382b907fcf70d94bdf5476a52190890c293a1ff3bb789a79c732b753c22
d79d7cc1f37cfaff00c38822e88261a79a4b61ca5f57e5f39c4887d43c840381
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e21f3b2a0e9d2ff25f55f184242d809b2ecd045ee3fe35a4665b891b82bcb460
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea88300106063a2e9ef5e22183affd8d9219ed7ed1eefff91449e61803d4e208
eadbfc5822a0575f4d0dc347dcfcbe45448ff075d83e3128e22a1a5c94d4a522
ebe764fffd200ed7b7a03fd6d436f1848d9ce2d0446e57d08b8f4dd0559568f4
ecf7723a32533007ede558c546fc8ba30f508283223b6e7f49c297b7c63c8b50
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1ad69380b409c299d3e0066666f1ad3d47377e8577b618048db4e6bafb05978
f57248a530cebee0ff63eabbd0128871e70a79246681fcf083c016f4050d4e90
f916f4fb34b823d3c33659634cb8e5151a549fcba910fd00976d465d17cf0538
fb3a89cc6347e098063bd15f285bc90411846ddce6f17812364feedab67a67f5
fc1a7282f60acd105f92a65340c458b8a016759e3efdb23a41dec57b2a18f8a7
fc484ef370829d6b79b46acde2e469824a9bfa5270203998503fa72c7e808166
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

cyberscoop.com Open in urlscan Pro 13.249.91.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

126 Requests

96 %HTTPS

46 %IPv6

22 Domains

30 Subdomains

29 IPs

3 Countries

2081 kBTransfer

6544 kBSize

29 Cookies

18 Outgoing links

Redirected requests

126 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cyberscoop.com Open in urlscan Pro
13.249.91.36 Public Scan

Screenshot
Live screenshot

Full Image

126
Requests

96 %
HTTPS

46 %
IPv6

22
Domains

30
Subdomains

29
IPs

3
Countries

2081 kB
Transfer

6544 kB
Size

29
Cookies

126 HTTP transactions
8 data transactions