devcondetect.com Open in urlscan Pro
198.49.23.145 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Submission: On April 11 via automatic, source hackernews (April 11th 2019, 9:04:04 pm UTC)

Summary HTTP 60 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 22 IPs in 4 countries across 20 domains to perform 60 HTTP transactions. The main IP is 198.49.23.145, located in New York, United States and belongs to SQUARESPACE - Squarespace, Inc., US. The main domain is devcondetect.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 9th 2019. Valid for: 3 months.

This is the only time devcondetect.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	198.49.23.145 198.49.23.145	53831 (SQUARESPACE) (SQUARESPACE - Squarespace)
14	23.45.98.72 23.45.98.72	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
4 16	151.101.0.238 151.101.0.238	54113 (FASTLY) (FASTLY - Fastly)
1	2606:4700::68... 2606:4700::6811:d4cc	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:816::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:818::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6811:46b0	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700::68... 2606:4700::6811:70b0	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700::68... 2606:4700::6811:edcc	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700::68... 2606:4700::6811:7fab	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	2606:4700::68... 2606:4700::6810:fd05	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a03:2880:f01... 2a03:2880:f01a:1:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK - Facebook)
1 2	2620:109:c002... 2620:109:c002::6cae:a0a	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1	151.101.0.84 151.101.0.84	54113 (FASTLY) (FASTLY - Fastly)
2	2606:4700::68... 2606:4700::6810:f905	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2 3	2620:119:50e1... 2620:119:50e1:105::6cae:b25	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1	2606:4700::68... 2606:4700::6811:c9cc	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
60	22

7 198.49.23.145 (New York, United States)

ASN53831 (SQUARESPACE - Squarespace, Inc., US)

devcondetect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 23.45.98.72 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-98-72.deploy.static.akamaitechnologies.com

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 151.101.0.238 (San Francisco, United States) 4 redirects

ASN54113 (FASTLY - Fastly, US)

static.squarespace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static1.squarespace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.squarespace-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d4cc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:818::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28c::25ea (European Union)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:46b0 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:70b0 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:edcc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:7fab (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:fd05 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01a:1:face:b00c:0:1 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:109:c002::6cae:a0a (United States) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.0.84 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

widgets.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:f905 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:119:50e1:105::6cae:b25 (United States) 2 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c9cc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	typekit.net use.typekit.net p.typekit.net	324 KB
12	squarespace.com 4 redirects static.squarespace.com static1.squarespace.com	791 KB
7	devcondetect.com devcondetect.com	125 KB
5	linkedin.com 3 redirects www.linkedin.com px.ads.linkedin.com	3 KB
5	hubspot.com api.hubspot.com forms.hubspot.com app.hubspot.com track.hubspot.com	3 KB
4	squarespace-cdn.com images.squarespace-cdn.com	435 KB
3	facebook.com graph.facebook.com www.facebook.com	1 KB
3	gstatic.com fonts.gstatic.com	47 KB
2	facebook.net connect.facebook.net	57 KB
2	google-analytics.com www.google-analytics.com	17 KB
1	hubapi.com api.hubapi.com	579 B
1	pinterest.com widgets.pinterest.com	422 B
1	hscollectedforms.net js.hscollectedforms.net	14 KB
1	usemessages.com js.usemessages.com	14 KB
1	hsadspixel.net js.hsadspixel.net	2 KB
1	hs-analytics.net js.hs-analytics.net	25 KB
1	licdn.com snap.licdn.com	5 KB
1	googletagmanager.com www.googletagmanager.com
1	hs-scripts.com js.hs-scripts.com	1 KB
1	googleapis.com fonts.googleapis.com	945 B
60	20

	Domain	Requested by
13	use.typekit.net	devcondetect.com use.typekit.net
7	static1.squarespace.com	4 redirects devcondetect.com
7	devcondetect.com	devcondetect.com static.squarespace.com
5	static.squarespace.com	devcondetect.com static.squarespace.com
4	images.squarespace-cdn.com	devcondetect.com
3	px.ads.linkedin.com	2 redirects
3	fonts.gstatic.com	devcondetect.com
2	www.facebook.com	connect.facebook.net
2	connect.facebook.net	js.hsadspixel.net connect.facebook.net
2	www.linkedin.com	1 redirects static.squarespace.com
2	api.hubspot.com	js.usemessages.com devcondetect.com
2	www.google-analytics.com	devcondetect.com
1	track.hubspot.com
1	api.hubapi.com	static.squarespace.com
1	app.hubspot.com	js.usemessages.com
1	widgets.pinterest.com	static.squarespace.com
1	graph.facebook.com	static.squarespace.com
1	forms.hubspot.com	js.hscollectedforms.net
1	p.typekit.net	devcondetect.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	snap.licdn.com	devcondetect.com
1	www.googletagmanager.com	devcondetect.com
1	js.hs-scripts.com	devcondetect.com
1	fonts.googleapis.com	devcondetect.com
60	27

This site contains links to these domains. Also see Links.

Domain
devcon.technology
twitter.com
www.facebook.com
www.linkedin.com
www.stumbleupon.com
www.reddit.com
www.tumblr.com
www.pinterest.com

Subject Issuer	Validity	Valid
devcondetect.com Let's Encrypt Authority X3	`2019-04-09` - `2019-07-08`	3 months	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2018-07-20` - `2020-01-03`	a year	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
static.squarespace.com DigiCert SHA2 High Assurance Server CA	`2018-08-03` - `2020-09-13`	2 years	crt.sh
ssl817718.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-05` - `2019-09-11`	6 months	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.squarespace-cdn.com DigiCert SHA2 High Assurance Server CA	`2019-01-25` - `2021-01-29`	2 years	crt.sh
ssl803670.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-12-19` - `2019-06-27`	6 months	crt.sh
ssl803643.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-12-19` - `2019-06-27`	6 months	crt.sh
ssl817703.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-05` - `2019-09-11`	6 months	crt.sh
ssl803673.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-12-19` - `2019-06-27`	6 months	crt.sh
hubspot.com CloudFlare Inc ECC CA-2	`2019-01-04` - `2020-01-04`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-03-08` - `2019-06-06`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2018-05-30` - `2020-09-01`	2 years	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2019-01-11` - `2019-06-26`	5 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2017-06-06` - `2019-06-11`	2 years	crt.sh
ssl817724.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-05` - `2019-09-11`	6 months	crt.sh

This page contains 3 frames:

Primary Page: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Frame ID: D73A97A7BDE270539DC4D5DE709C9544
Requests: 58 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/2699781/threads/utk/885693be4f80491397cc655509fcaa34?uuid=14ffd00feaf4442bb069afdc139c57d6&mobile=false&mobileSafari=false&open=false&hideWelcomeMessage=false&domain=devcondetect.com&inApp53=false&messagesUtk=885693be4f80491397cc655509fcaa34&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&inline=false
Frame ID: F7BF576D43BF047BA7A2DA060C6F426A
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: ADEC9826138672A2910884C776C90BF9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Squarespace (CMS) Expand

Overall confidence: 100%
Detected patterns

env /^Squarespace/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

HubSpot (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

env /^(?:_hsq|hubspot)$/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^Modernizr$/i

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

env /^Typekit$/i

webpack (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

env /^webpackJsonp$/i

Piwik () Expand

Overall confidence: 100%
Detected patterns

env /^_paq$/i

Page Statistics

60
Requests

100 %
HTTPS

82 %
IPv6

20
Domains

27
Subdomains

22
IPs

4
Countries

1862 kB
Transfer

5439 kB
Size

6
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://devcon.technology/login/
Title: Log In

Search URL Search Domain Scan URL

URL: https://twitter.com/devcondetect
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/DevConDetect/
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/17875339
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far
Title: Facebook16

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&text=Over+the+last+two+weeks%2C+DEVCON%E2%80%99s+web+security+platform+as+observed+and+...
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&source=DEVCON+%7C+Ad+Fraud+Security%C2%AE&summary=Over+the+last+two+weeks%2C+DEVCON%E2%80%99s+web+security+platform+as+observed+and+...&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far
Title: LinkedIn0

Search URL Search Domain Scan URL

URL: https://www.stumbleupon.com/badge/?url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far
Title: StumbleUpon

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far
Title: Reddit

Search URL Search Domain Scan URL

URL: https://www.tumblr.com/share/link?url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far
Title: Tumblr

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/link/?description=Over+the+last+two+weeks%2C+DEVCON%E2%80%99s+web+security+platform+as+observed+and+...&media=https://static1.squarespace.com/static/5c4752bd7c9327814573cd04/5c4f0b1b4fa51a7413bfd005/5cacd9ac08522943cb7d03c3/1555002555135/man_holding_partycry_phone_titlecrop.jpg&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far
Title: Pinterest0

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 22

https://static1.squarespace.com/static/5c4752bd7c9327814573cd04/t/5cacdeaf8165f530c22e126c/1554833072988/man_holding_partycry_phone_titlecrop.jpg?format=1500w HTTP 301
https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554833071833-U6CNV2MAQAALOOSXKGSA/man_holding_partycry_phone_titlecrop.jpg?format=1500w&content-type=image%2Fjpeg

Request Chain 23

https://static1.squarespace.com/static/5c4752bd7c9327814573cd04/t/5caced26eb3931518909eaa4/1554836779564/attacksbyday.png?format=1000w HTTP 301
https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554836775335-TN9YOIDMTOVOP0G8RMHT/attacksbyday.png?content-type=image%2Fpng

Request Chain 24

https://static1.squarespace.com/static/5c4752bd7c9327814573cd04/t/5cacf6344785d311f5068cf4/1554839097860/attacksbyexploit.png?format=1000w HTTP 301
https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554839092271-K6TPKPPFTE1H4APHVKEI/attacksbyexploit.png?content-type=image%2Fpng

Request Chain 25

https://static1.squarespace.com/static/5c4752bd7c9327814573cd04/t/5cacf9cfeb393151890a99b0/1554840029523/img_7019.png?format=500w HTTP 301
https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554840015548-ISAKU7YN3H0E4KJG7D76/img_7019.png?content-type=image%2Fpng

Request Chain 52

https://px.ads.linkedin.com/collect/?time=1555016628599&pid=964681&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&fmt=js&s=1 HTTP 302
https://px.ads.linkedin.com/collect/?time=1555016628599&pid=964681&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&fmt=js&s=1&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1555016628599%26pid%3D964681%26url%3Dhttps%253A%252F%252Fdevcondetect.com%252Fblog%252F2019%252F4%252F9%252Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far%26fmt%3Djs%26s%3D1%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?time=1555016628599&pid=964681&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&fmt=js&s=1&cookiesTest=true&liSync=true

60 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request major-uptick-in-exploit-activity-heres-what-we-know-so-far Show response
devcondetect.com/blog/2019/4/9/ 69 KB
17 KB 406ms
101ms Document
text/html 198.49.23.145
Squarespace

General

Check archive.org

Show headers Download Go to

Full URL

https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.49.23.145 New York, United States, ASN53831 (SQUARESPACE - Squarespace, Inc., US),

Reverse DNS

Software

envoy /

Resource Hash

5dbb39659d4a1d894da07139ef2e377b68328592cf0af17caba1778109c501f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

:method: GET
:authority: devcondetect.com
:scheme: https
:path: /blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Thu, 11 Apr 2019 20:45:00 GMT
x-servedby: web017
strict-transport-security: max-age=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-type: text/html; charset=UTF-8
x-pc-appver: 17576
x-pc-date: Thu, 11 Apr 2019 19:14:11 GMT
x-pc-host: 10.122.33.26
last-modified: Thu, 11 Apr 2019 20:36:38 GMT
content-encoding: gzip
etag: W/"5c073f78e9c739d2cbb23f89be82323d"
x-pc-key: NHiUEv0SR9IGOxyc_LT_sAgTaVQ-blueberry-porcupine-5b2d
x-pc-hit: true
content-length: 16866
server: envoy
vary: Accept-Encoding
age: 1125
x-varnish: varnish-web002
set-cookie: crumb=BTPyqkuQUv8xMzg3M2EwYTVmMzE0YjY1MDE2MGZkMjY1MTAyNjcy;Path=/
accept-ranges: bytes
x-contextid: 3gshGCOI/6wqQk0ua
x-via: 1.1 echo015

GET
H2 200 n0XXL0lpokWK54i5GbykLNfp6Hs5eDD-1psATTk3UnSfeGM2fFHN4UJLFRbh52jhWDmRF2Suwc4qFhwowDJa52IXFQSDjhb3Fg73MPG0jcUuZA48S14oOWgzScFuSe80ZPXujR4qO1FUiABkZWF3jAF8OcFzdPUKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBuj... Show response
use.typekit.net/ik/ 21 KB
8 KB 25ms
23ms Script
text/javascript 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/ik/n0XXL0lpokWK54i5GbykLNfp6Hs5eDD-1psATTk3UnSfeGM2fFHN4UJLFRbh52jhWDmRF2Suwc4qFhwowDJa52IXFQSDjhb3Fg73MPG0jcUuZA48S14oOWgzScFuSe80ZPXujR4qO1FUiABkZWF3jAF8OcFzdPUKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOes8icFzdcs8iemRifoRdhXCdeNRjAUGdaFXOYiaikoKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOYiaikoqZWZRdhoqZWs8jab0jhNlJ6ykiAFnShBR-kJBS1m0ZeIKfAZuiYmkjPu3ifGHfF2IMsMMeMb6MKG4f5CNIMIjMkMfH6qJoQXbMs6IJMJ7fbR1VsMgeM96MKG4f5qNIMIjgkMfH6qJ_2XbMs6FJMJ7fbRcVsMgeMt6MKG4f5GNIMIjIPMfH6qJy89bMy62JMJ7fbKImsMfeMb6MKG4f54oIMJjgKMfH6qJ6m9bMy6YJMHbMid1N0JB.js

Requested by

Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-45-98-72.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

891139542b61ad256c450a5dced0b5bdb4fd263ea7bfbfcf0b9b97d6fedfca50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
access-control-allow-origin: *
date: Thu, 11 Apr 2019 21:03:46 GMT
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
status: 200
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 7714

GET
H2 200 css
fonts.googleapis.com/ 11 KB
945 B 19ms
17ms Stylesheet
text/css 2a00:1450:4001:80b::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:700|Rubik:700,700i,400i,400,500,300i,300

Requested by

Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:80b::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

885af539009d2f2d57639f970b9faa084f839a80be3afafcced230ceac971ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 11 Apr 2019 21:03:46 GMT
server: ESF
access-control-allow-origin: *
date: Thu, 11 Apr 2019 21:03:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 1; mode=block
expires: Thu, 11 Apr 2019 21:03:46 GMT

GET
H2 200 common-d24e18cba3e7725dac94-min.en-US.js Show response
static.squarespace.com/universal/scripts-compressed/ 1 MB
328 KB 63ms
17ms Script
text/javascript 151.101.0.238
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.squarespace.com/universal/scripts-compressed/common-d24e18cba3e7725dac94-min.en-US.js
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.238 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: envoy /
Resource Hash: 1e8b0e42cdff0b27529ebfd5bc64417cfe7df6bc423ab58e3269837c75c714c1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:46 GMT
content-encoding: gzip
age: 2323
x-cache: HIT, HIT
x-via: 1.1 echo011
status: 200
x-contextid: QRTO648x/dI84DV1U
content-length: 335851
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-dfw18633-DFW, cache-hhn1531-HHN
pragma: cache
server: envoy
x-timer: S1555016627.710494,VS0,VE0
tracepoint: Fastly
etag: site-server-js-common-d24e18cba3e7725dac94-en-u-gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-servedby: cdn015
accept-ranges: bytes
x-cache-hits: 1, 222

GET
H2 200 performance-a866b4a81e6ca81f130e-min.en-US.js Show response
static.squarespace.com/universal/scripts-compressed/ 45 KB
12 KB 54ms
8ms Script
text/javascript 151.101.0.238
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.squarespace.com/universal/scripts-compressed/performance-a866b4a81e6ca81f130e-min.en-US.js
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.238 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: envoy /
Resource Hash: 547d9993459047ab0d4dbfc03fbb376b22d6c42a3e8341548d4f7ff3a7047612

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:46 GMT
content-encoding: gzip
age: 104962
x-cache: HIT, HIT
x-via: 1.1 echo006
status: 200
x-contextid: ievWPr0n/J0CzOhLw
content-length: 12085
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-dfw18626-DFW, cache-hhn1531-HHN
pragma: cache
server: envoy
x-timer: S1555016627.710539,VS0,VE0
tracepoint: Fastly
etag: site-server-js-performance-a866b4a81e6ca81f130e-en-u-gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-servedby: cdn025
accept-ranges: bytes
x-cache-hits: 5, 18889

GET
H2 200 site.css
static1.squarespace.com/static/sitecss/5c4752bd7c9327814573cd04/42/55f0aac0e4b0f0a5b7e0b22e/5c475a1caa4a995fe6c251af/324-05142015/1553040897858/ 875 KB
79 KB 67ms
26ms Stylesheet
text/css 151.101.0.238
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://static1.squarespace.com/static/sitecss/5c4752bd7c9327814573cd04/42/55f0aac0e4b0f0a5b7e0b22e/5c475a1caa4a995fe6c251af/324-05142015/1553040897858/site.css?&filterFeatures=false

Requested by

Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.238 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

envoy /

Resource Hash

668ad51e5e0698357e164d655e462d401d05ac63b48c1283025ea9922b09ff71

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264517
x-cache: HIT, HIT
x-via: 1.1 echo029
status: 200
x-contextid: I75YwM6U/4sSbIyH7
content-length: 80539
x-served-by: cache-dfw18639-DFW, cache-hhn1535-HHN
pragma: cache
server: envoy
x-timer: S1555016627.705995,VS0,VE1
tracepoint: Fastly
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=94608000
x-servedby: cdn013
accept-ranges: bytes
timing-allow-origin: *.squarespace.com
x-cache-hits: 1, 1

GET
H2 200 /
static1.squarespace.com/static/5c4752bd7c9327814573cd04/t/5c475a4a2b6a28fe67091e97/1554839928036/ 60 KB
60 KB 50ms
9ms Image
image/png 151.101.0.238
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static1.squarespace.com/static/5c4752bd7c9327814573cd04/t/5c475a4a2b6a28fe67091e97/1554839928036/?format=1500w
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.238 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: envoy /
Resource Hash: 07dc8dca170a11f27838f8f240fe96bbccfacc2e3af470a2f23bab34d7cab65b

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:46 GMT
via: 1.1 varnish, 1.1 varnish
age: 176668
x-cache: HIT, HIT
x-via: 1.1 echo134
status: 200
x-contextid: UEDQBawZ/0zFZOmbm
x-identifier: static1
content-length: 61242
x-served-by: cache-dfw18627-DFW, cache-hhn1535-HHN
pragma: cache
server: envoy
x-timer: S1555016627.706005,VS0,VE1
tracepoint: Fastly
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=94608000
x-servedby: cdn007
accept-ranges: bytes
timing-allow-origin: *.squarespace.com
x-cache-hits: 1, 1

GET
H2 200 site-bundle.js Show response
static1.squarespace.com/static/ta/55f0a9b0e4b0f3eb70352f6d/324/scripts/ 131 KB
41 KB 9ms
7ms Script
application/javascript 151.101.0.238
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://static1.squarespace.com/static/ta/55f0a9b0e4b0f3eb70352f6d/324/scripts/site-bundle.js

Requested by

Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.238 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

envoy /

Resource Hash

5aee928d73b5d060530037b8e3c373c09122bc11e8fa03e52ffb310a5325dcee

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264520
x-cache: HIT, HIT
x-via: 1.1 echo023
status: 200
x-contextid: Ju1Sfnap/maceNJaH
content-length: 42217
x-served-by: cache-dfw18647-DFW, cache-hhn1535-HHN
pragma: cache
server: envoy
x-timer: S1555016627.766941,VS0,VE0
tracepoint: Fastly
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=94608000
x-servedby: cdn022
accept-ranges: bytes
timing-allow-origin: *.squarespace.com
x-cache-hits: 3, 8600

GET
H2 200 2699781.js Show response
js.hs-scripts.com/ 2 KB
1 KB 208ms
164ms Script
application/javascript 2606:4700::6811:d4cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/2699781.js
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8a7ed423a27fb12754e2bb54731866758ab27235a5988407bb36891563a16de

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:46 GMT
content-encoding: gzip
cf-cache-status: EXPIRED
server: cloudflare
access-control-allow-origin: https://devcondetect.com
x-trace: 2BA46D4B6DD56C64ECB0A04CD3A49B82EBFBA4A373000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent
content-type: application/javascript; charset=utf-8
status: 200
access-control-max-age: 3600
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 4c5fe8bd8c9fc2a1-FRA
expires: Thu, 11 Apr 2019 21:04:46 GMT

GET
H2 404 gtm.js
www.googletagmanager.com/ 0
0 17ms
17ms Script
text/html 2a00:1450:4001:816::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.googletagmanager.com/gtm.js?id=GTM-593WC9C
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a00:1450:4001:816::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:818::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:818::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 20:01:45 GMT
server: Golfe2
age: 4610
date: Thu, 11 Apr 2019 19:46:56 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 17543
expires: Thu, 11 Apr 2019 21:46:56 GMT

GET
H2 200 ui-icons.svg
devcondetect.com/assets/ 8 KB
8 KB 101ms
101ms Other
image/svg+xml 198.49.23.145
Squarespace

General

Check archive.org

Show headers Download Go to

Full URL

https://devcondetect.com/assets/ui-icons.svg

Requested by

Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.49.23.145 New York, United States, ASN53831 (SQUARESPACE - Squarespace, Inc., US),

Reverse DNS

Software

envoy /

Resource Hash

ded1e2af9a5d3937cc8d26fbb6d0212702f611ca62607c4eb3e7b4dc3b196d9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

:path: /assets/ui-icons.svg
pragma: no-cache
cookie: crumb=BTPyqkuQUv8xMzg3M2EwYTVmMzE0YjY1MDE2MGZkMjY1MTAyNjcy
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: devcondetect.com
referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
:scheme: https
:method: GET
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 19:14:13 GMT
x-content-type-options: nosniff
age: 6573
x-via: 1.1 echo015
status: 200
x-contextid: TbL1quw7/c9CH15c8
x-pc-hit: false
content-length: 8459
x-pc-key: 6E2v79UPBTHiHUi1DOq3bUyBSkc-blueberry-porcupine-5b2d
pragma: cache
server: envoy
etag: W/"e3cbfe25719976eb92c61056eba6c191"
strict-transport-security: max-age=0
x-varnish: varnish-web002
access-control-allow-origin: *
cache-control: public, max-age=94608000
x-servedby: web017
accept-ranges: bytes
content-type: image/svg+xml
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 social-accounts.svg
devcondetect.com/universal/svg/ 99 KB
99 KB 101ms
100ms Other
image/svg+xml 198.49.23.145
Squarespace

General

Check archive.org

Show headers Download Go to

Full URL: https://devcondetect.com/universal/svg/social-accounts.svg
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.49.23.145 New York, United States, ASN53831 (SQUARESPACE - Squarespace, Inc., US),
Reverse DNS
Software: /
Resource Hash: e308f31835293f9e7aa25c1fc228af6997a245dd4f1bc9ac5498648aae56c760

Request headers

:path: /universal/svg/social-accounts.svg
pragma: no-cache
cookie: crumb=BTPyqkuQUv8xMzg3M2EwYTVmMzE0YjY1MDE2MGZkMjY1MTAyNjcy
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: devcondetect.com
referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
:scheme: https
:method: GET
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 11 Mar 2019 22:41:35 GMT
timing-allow-origin: *.squarespace.com
age: 2672531
x-via: 1.1 echo015
status: 200
x-contextid: Rs9r4GKn/i0au0mtl
content-length: 101021
pragma: cache
surrogate-key: universal
last-modified: Mon, 11 Mar 2019 20:43:56 GMT
etag: "33e601e65631c30154876b10d97360bb"
x-varnish: varnish-web005
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-servedby: web005
accept-ranges: bytes
content-type: image/svg+xml
expires: Wed, 11 Mar 2020 22:41:35 GMT

GET
H2 200 l
use.typekit.net/af/99ae80/00000000000000003b9afc2c/27/ 17 KB
17 KB 54ms
8ms Font
application/font-woff2 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/99ae80/00000000000000003b9afc2c/27/l?subset_id=2&fvd=n5&v=3
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: ecaff571ec8013c3109416f873984d52aba680c2110b8e49359cea9ca95bdd15

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: nginx
access-control-allow-origin: *
etag: "eb17884bccdf7dd4d11c8049519acc00fcd46a03"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16904

GET
H2 200 l
use.typekit.net/af/33ece3/00000000000000003b9afc27/27/ 16 KB
16 KB 56ms
14ms Font
application/font-woff2 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/33ece3/00000000000000003b9afc27/27/l?subset_id=2&fvd=n3&v=3
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 981e7e2e93820c47273ae85c5b7d70509c05c29022d4becd43645fcb47d3db8e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: nginx
access-control-allow-origin: *
etag: "e5f51e52f72af8f12843c405cc458d055c0ffee3"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16104

GET
H2 200 iJWKBXyIfDnIV7nBrXyw023e.woff2
fonts.gstatic.com/s/rubik/v8/ 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v8/iJWKBXyIfDnIV7nBrXyw023e.woff2

Requested by

Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:808::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c8aa337fc37713d6c02cdbb773733509a0d5186d4185d6cefe101467797dd815

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Montserrat:700|Rubik:700,700i,400i,400,500,300i,300
Origin: https://devcondetect.com

Response headers

date: Sat, 09 Mar 2019 00:52:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 19 Feb 2019 22:43:09 GMT
server: sffe
age: 2923895
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 16268
x-xss-protection: 1; mode=block
expires: Sun, 08 Mar 2020 00:52:12 GMT

GET
H2 200 iJWHBXyIfDnIV7F6iGmd8WD07oB-.woff2
fonts.gstatic.com/s/rubik/v8/ 16 KB
16 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v8/iJWHBXyIfDnIV7F6iGmd8WD07oB-.woff2

Requested by

Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:808::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

817f9ddf55f874b27bb1934c13b2f2b200a2854de5daf285c96f33ffdb35b3f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Montserrat:700|Rubik:700,700i,400i,400,500,300i,300
Origin: https://devcondetect.com

Response headers

date: Sat, 09 Mar 2019 04:17:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 19 Feb 2019 22:42:24 GMT
server: sffe
age: 2911566
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 16320
x-xss-protection: 1; mode=block
expires: Sun, 08 Mar 2020 04:17:41 GMT

GET
H2 200 l
use.typekit.net/af/0180d8/00000000000000003b9afc2a/27/ 16 KB
16 KB 46ms
15ms Font
application/font-woff2 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/0180d8/00000000000000003b9afc2a/27/l?subset_id=2&fvd=n4&v=3
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: afea8d9bea2182f4ad958af13f03bd44a26a8f136e5fdc745fa1ab69d01b3204

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: nginx
access-control-allow-origin: *
etag: "ddf21222da76c1f7ea6297dc69fb1354124376d0"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16392

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 17ms
13ms Image
image/gif 2a00:1450:4001:818::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j73&a=1894990624&t=pageview&_s=1&dl=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&ul=en-us&de=UTF-8&dt=Major%20Uptick%20in%20Exploit%20Activity%3A%20Here%27s%20What%20We%20Know%20So%20Far%20%E2%80%94%20DEVCON%20%7C%20Ad%20Fraud%20Security%C2%AE&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=1616992569&gjid=62358566&cid=1723558395.1555016627&tid=UA-85519707-5&_gid=114564440.1555016627&_r=1&z=1459170721

Requested by

Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:818::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Apr 2019 21:03:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 15 KB
5 KB 151ms
104ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 11 Apr 2019 21:03:47 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Dec 2018 23:03:30 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=63854
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4571

POST
H2 200 RecordHit Show response
devcondetect.com/api/census/ 17 B
303 B 314ms
313ms XHR
application/json 198.49.23.145
Squarespace

General

Check archive.org

Show headers Download Go to

Full URL

https://devcondetect.com/api/census/RecordHit?crumb=BTPyqkuQUv8xMzg3M2EwYTVmMzE0YjY1MDE2MGZkMjY1MTAyNjcy

Requested by

Host: static.squarespace.com
URL: https://static.squarespace.com/universal/scripts-compressed/common-d24e18cba3e7725dac94-min.en-US.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.49.23.145 New York, United States, ASN53831 (SQUARESPACE - Squarespace, Inc., US),

Reverse DNS

Software

envoy /

Resource Hash

f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

:path: /api/census/RecordHit?crumb=BTPyqkuQUv8xMzg3M2EwYTVmMzE0YjY1MDE2MGZkMjY1MTAyNjcy
pragma: no-cache
cookie: crumb=BTPyqkuQUv8xMzg3M2EwYTVmMzE0YjY1MDE2MGZkMjY1MTAyNjcy; _ga=GA1.2.1723558395.1555016627; _gid=GA1.2.114564440.1555016627; _gat=1; ss_cvr=59d5ed89-a0cb-4ef4-b854-d74d63b1eaa8|1555016627099|1555016627099|1555016627099|1; ss_cvt=1555016627099
origin: https://devcondetect.com
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
cache-control: no-cache
:authority: devcondetect.com
x-requested-with: XMLHttpRequest
:scheme: https
referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
content-length: 967
:method: POST
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 11 Apr 2019 21:03:46 GMT
x-content-type-options: nosniff
server: envoy
strict-transport-security: max-age=0
x-via: 1.1 echo015
status: 200
x-contextid: CN1zbxGt/1qFFrjgd
set-cookie: ss_cid=06d3838b-8034-45eb-a4ae-4b0be695e1bd;Path=/;Expires=Sat, 10-Apr-2021 21:03:47 GMT ss_cvisit=1555016627210;Path=/;Expires=Thu, 11-Apr-2019 21:33:47 GMT ss_cpvisit=1555016627210;Path=/;Expires=Sat, 10-Apr-2021 21:03:47 GMT
content-type: application/json; charset=UTF-8
x-servedby: analytics001
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 announcement-bar-d41d8cd98f00b204e9800998ecf8427e-min.css
static.squarespace.com/universal/styles-compressed/ 0
301 B 8ms
7ms Stylesheet
text/css 151.101.0.238
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.squarespace.com/universal/styles-compressed/announcement-bar-d41d8cd98f00b204e9800998ecf8427e-min.css
Requested by: Host: static.squarespace.com
URL: https://static.squarespace.com/universal/scripts-compressed/common-d24e18cba3e7725dac94-min.en-US.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.238 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
via: 1.1 varnish, 1.1 varnish
age: 15691919
x-cache: HIT, HIT
x-via: 1.1 echo129
status: 200
x-contextid: p19rgk76/xghvdh6t
content-length: 0
x-served-by: cache-dfw18629-DFW, cache-hhn1535-HHN
pragma: cache
x-timer: S1555016627.137135,VS0,VE0
tracepoint: Fastly
etag: site-server-css-announcement-bar-d41d8cd98f00b204e9800998ecf8427e
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
x-servedby: cdn021
accept-ranges: bytes
x-cache-hits: 361, 4553

GET
H2 200 announcement-bar-33970f26f049800f79ac-min.en-US.js Show response
static.squarespace.com/universal/scripts-compressed/ 710 KB
138 KB 9ms
8ms Script
text/javascript 151.101.0.238
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.squarespace.com/universal/scripts-compressed/announcement-bar-33970f26f049800f79ac-min.en-US.js
Requested by: Host: static.squarespace.com
URL: https://static.squarespace.com/universal/scripts-compressed/common-d24e18cba3e7725dac94-min.en-US.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.238 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: envoy /
Resource Hash: fcb4aa4232f3e6c602799944831e01aeed7a38f8a9ec12cf25722af3afff72c8

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
content-encoding: gzip
age: 529651
x-cache: HIT, HIT
x-via: 1.1 echo022
status: 200
x-contextid: 0GzqPe4R/VNIZbdrF
content-length: 141282
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-dfw18628-DFW, cache-hhn1535-HHN
pragma: cache
server: envoy
x-timer: S1555016627.137147,VS0,VE0
tracepoint: Fastly
etag: site-server-js-announcement-bar-33970f26f049800f79ac-en-u-gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-servedby: v6-site-cdn-76dc6c8d78-sf7nt
accept-ranges: bytes
x-cache-hits: 4, 4174

GET
H2

200

man_holding_partycry_phone_titlecrop.jpg
images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554833071833-U6CNV2MAQAALOOSXKGSA/
Redirect Chain

https://static1.squarespace.com/static/5c4752bd7c9327814573cd04/t/5cacdeaf8165f530c22e126c/1554833072988/man_holding_partycry_phone_titlecrop.jpg?format=1500w
https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554833071833-U6CNV2MAQAALOOSXKGSA/man_holding_partycry_phone_titlecrop.jpg?format=1500w&content-type=image%2Fjpeg

176 KB
176 KB

12ms
12ms

Image
image/jpeg

151.101.0.238
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554833071833-U6CNV2MAQAALOOSXKGSA/man_holding_partycry_phone_titlecrop.jpg?format=1500w&content-type=image%2Fjpeg
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.238 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 4e8c1cef4205835fa4bcd3c53e09f444eb0b34a933075fb254f82d4b043bc2cc

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
via: 1.1 google, 1.1 varnish, 1.1 varnish
age: 4739
tracepoint: Fastly
vary: Accept-Encoding
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1555016627.387418,VS0,VE4
content-length: 179714
x-served-by: cache-iad2143-IAD, cache-hhn1539-HHN

Redirect headers

date: Thu, 11 Apr 2019 21:03:47 GMT
via: 1.1 varnish, 1.1 varnish
age: 12898
x-cache: HIT, MISS
x-via: 1.1 echo014
status: 301
x-contextid: 1bcS98Le/BAaZ1db9
x-identifier: static1
content-length: 0
x-served-by: cache-dfw18634-DFW, cache-hhn1535-HHN
pragma: cache
server: envoy
x-timer: S1555016627.140539,VS0,VE122
tracepoint: Fastly
vary: Accept-Encoding
content-type: image/jpeg
location: https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554833071833-U6CNV2MAQAALOOSXKGSA/man_holding_partycry_phone_titlecrop.jpg?format=1500w&content-type=image%2Fjpeg
cache-control: public, max-age=604800
x-servedby: cdn026
accept-ranges: bytes
timing-allow-origin: *.squarespace.com
x-cache-hits: 1, 0

GET
H2

200

attacksbyday.png
images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554836775335-TN9YOIDMTOVOP0G8RMHT/
Redirect Chain

https://static1.squarespace.com/static/5c4752bd7c9327814573cd04/t/5caced26eb3931518909eaa4/1554836779564/attacksbyday.png?format=1000w
https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554836775335-TN9YOIDMTOVOP0G8RMHT/attacksbyday.png?content-type=image%2Fpng

53 KB
53 KB

83ms
12ms

Image
image/png

151.101.0.238
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554836775335-TN9YOIDMTOVOP0G8RMHT/attacksbyday.png?content-type=image%2Fpng
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.238 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 6c9a29fb16462a055f757cf236536c29f249ba643945159fee74f528d788a813

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
via: 1.1 google, 1.1 varnish, 1.1 varnish
age: 10728
tracepoint: Fastly
vary: Accept-Encoding
x-cache: HIT, HIT
content-type: image/png
status: 200
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1555016627.246338,VS0,VE1
content-length: 53767
x-served-by: cache-iad2129-IAD, cache-hhn1539-HHN

Redirect headers

date: Thu, 11 Apr 2019 21:03:47 GMT
via: 1.1 varnish, 1.1 varnish
age: 14026
x-cache: HIT, HIT
x-via: 1.1 echo027
status: 301
x-contextid: 2TIKFpAi/NGPmSDkc
x-identifier: static1
content-length: 0
x-served-by: cache-dfw18644-DFW, cache-hhn1535-HHN
pragma: cache
server: envoy
x-timer: S1555016627.140609,VS0,VE1
tracepoint: Fastly
vary: Accept-Encoding
content-type: image/png
location: https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554836775335-TN9YOIDMTOVOP0G8RMHT/attacksbyday.png?content-type=image%2Fpng
cache-control: public, max-age=604800
x-servedby: v6-site-cdn-697d8f479-2zdst
accept-ranges: bytes
timing-allow-origin: *.squarespace.com
x-cache-hits: 4, 1

GET
H2

200

attacksbyexploit.png
images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554839092271-K6TPKPPFTE1H4APHVKEI/
Redirect Chain

https://static1.squarespace.com/static/5c4752bd7c9327814573cd04/t/5cacf6344785d311f5068cf4/1554839097860/attacksbyexploit.png?format=1000w
https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554839092271-K6TPKPPFTE1H4APHVKEI/attacksbyexploit.png?content-type=image%2Fpng

100 KB
100 KB

104ms
34ms

Image
image/png

151.101.0.238
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554839092271-K6TPKPPFTE1H4APHVKEI/attacksbyexploit.png?content-type=image%2Fpng
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.238 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: d0799d51cf864c896614837999e9f976a7c546862cf8bf568b37e0fa49fc8667

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
via: 1.1 google, 1.1 varnish, 1.1 varnish
age: 10728
tracepoint: Fastly
vary: Accept-Encoding
x-cache: HIT, HIT
content-type: image/png
status: 200
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1555016627.246350,VS0,VE2
content-length: 102424
x-served-by: cache-iad2142-IAD, cache-hhn1539-HHN

Redirect headers

date: Thu, 11 Apr 2019 21:03:47 GMT
via: 1.1 varnish, 1.1 varnish
age: 14027
x-cache: HIT, HIT
x-via: 1.1 echo132
status: 301
x-contextid: 6WwTi65r/WIlEDIKq
x-identifier: static1
content-length: 0
x-served-by: cache-dfw18631-DFW, cache-hhn1535-HHN
pragma: cache
server: envoy
x-timer: S1555016627.140619,VS0,VE1
tracepoint: Fastly
vary: Accept-Encoding
content-type: image/png
location: https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554839092271-K6TPKPPFTE1H4APHVKEI/attacksbyexploit.png?content-type=image%2Fpng
cache-control: public, max-age=604800
x-servedby: cdn015
accept-ranges: bytes
timing-allow-origin: *.squarespace.com
x-cache-hits: 1, 1

GET
H2

200

img_7019.png
images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554840015548-ISAKU7YN3H0E4KJG7D76/
Redirect Chain

https://static1.squarespace.com/static/5c4752bd7c9327814573cd04/t/5cacf9cfeb393151890a99b0/1554840029523/img_7019.png?format=500w
https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554840015548-ISAKU7YN3H0E4KJG7D76/img_7019.png?content-type=image%2Fpng

106 KB
106 KB

96ms
26ms

Image
image/png

151.101.0.238
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554840015548-ISAKU7YN3H0E4KJG7D76/img_7019.png?content-type=image%2Fpng
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.238 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 33e0d72486ff935790e3b0d63081cac41cda2b9b38ab14919d979a6a1d07e004

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
via: 1.1 google, 1.1 varnish, 1.1 varnish
age: 10728
tracepoint: Fastly
vary: Accept-Encoding
x-cache: HIT, HIT
content-type: image/png
status: 200
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1555016627.246312,VS0,VE1
content-length: 108730
x-served-by: cache-iad2140-IAD, cache-hhn1539-HHN

Redirect headers

date: Thu, 11 Apr 2019 21:03:47 GMT
via: 1.1 varnish, 1.1 varnish
age: 22841
x-cache: HIT, HIT
x-via: 1.1 echo135
status: 301
x-contextid: Go3vK8ng/txPDKNfZ
x-identifier: static1
content-length: 0
x-served-by: cache-dfw18621-DFW, cache-hhn1535-HHN
pragma: cache
server: envoy
x-timer: S1555016627.140683,VS0,VE1
tracepoint: Fastly
vary: Accept-Encoding
content-type: image/png
location: https://images.squarespace-cdn.com/content/5c4752bd7c9327814573cd04/1554840015548-ISAKU7YN3H0E4KJG7D76/img_7019.png?content-type=image%2Fpng
cache-control: public, max-age=604800
x-servedby: cdn010
accept-ranges: bytes
timing-allow-origin: *.squarespace.com
x-cache-hits: 1, 1

GET
H2 200 v7-user-sites Show response
devcondetect.com/api/1/wp-rum/settings/ 230 B
345 B 274ms
265ms XHR
application/json 198.49.23.145
Squarespace

General

Check archive.org

Show headers Download Go to

Full URL: https://devcondetect.com/api/1/wp-rum/settings/v7-user-sites
Requested by: Host: static.squarespace.com
URL: https://static.squarespace.com/universal/scripts-compressed/performance-a866b4a81e6ca81f130e-min.en-US.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.49.23.145 New York, United States, ASN53831 (SQUARESPACE - Squarespace, Inc., US),
Reverse DNS
Software: /
Resource Hash: 99e1c19131323592b0d5a419a1a3c54fc4ed4b43f76aab30de8b9e0973cfaa58

Request headers

:path: /api/1/wp-rum/settings/v7-user-sites
pragma: no-cache
cookie: crumb=BTPyqkuQUv8xMzg3M2EwYTVmMzE0YjY1MDE2MGZkMjY1MTAyNjcy; _ga=GA1.2.1723558395.1555016627; _gid=GA1.2.114564440.1555016627; _gat=1; ss_cvr=59d5ed89-a0cb-4ef4-b854-d74d63b1eaa8|1555016627099|1555016627099|1555016627099|1; ss_cvt=1555016627099
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: devcondetect.com
referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
:scheme: https
:method: GET
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
vary: Accept-Encoding, User-Agent
x-via: 1.1 echo015
status: 200
x-contextid: T835PQ4q/ynpBPd9z
x-servedby: wp-rum001
content-type: application/json
content-length: 230

GET
H2 200 l
use.typekit.net/af/9018b1/000000000000000000017742/27/ 14 KB
14 KB 16ms
10ms Font
application/font-woff2 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/9018b1/000000000000000000017742/27/l?subset_id=2&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ik/n0XXL0lpokWK54i5GbykLNfp6Hs5eDD-1psATTk3UnSfeGM2fFHN4UJLFRbh52jhWDmRF2Suwc4qFhwowDJa52IXFQSDjhb3Fg73MPG0jcUuZA48S14oOWgzScFuSe80ZPXujR4qO1FUiABkZWF3jAF8OcFzdPUKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOes8icFzdcs8iemRifoRdhXCdeNRjAUGdaFXOYiaikoKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOYiaikoqZWZRdhoqZWs8jab0jhNlJ6ykiAFnShBR-kJBS1m0ZeIKfAZuiYmkjPu3ifGHfF2IMsMMeMb6MKG4f5CNIMIjMkMfH6qJoQXbMs6IJMJ7fbR1VsMgeM96MKG4f5qNIMIjgkMfH6qJ_2XbMs6FJMJ7fbRcVsMgeMt6MKG4f5GNIMIjIPMfH6qJy89bMy62JMJ7fbKImsMfeMb6MKG4f54oIMJjgKMfH6qJ6m9bMy6YJMHbMid1N0JB.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: d900454ba2fb9745e6b2ce75af9b18ff30107b0a1d4439592370b8cde8be2796

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: nginx
access-control-allow-origin: *
etag: "61ff7518713127ebd6f550b0ac1cdb1c6e87d5be"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 13952

GET
H2 200 l
use.typekit.net/af/ef9342/00000000000000003b9afc2d/27/ 17 KB
17 KB 17ms
11ms Font
application/font-woff2 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/ef9342/00000000000000003b9afc2d/27/l?subset_id=2&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ik/n0XXL0lpokWK54i5GbykLNfp6Hs5eDD-1psATTk3UnSfeGM2fFHN4UJLFRbh52jhWDmRF2Suwc4qFhwowDJa52IXFQSDjhb3Fg73MPG0jcUuZA48S14oOWgzScFuSe80ZPXujR4qO1FUiABkZWF3jAF8OcFzdPUKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOes8icFzdcs8iemRifoRdhXCdeNRjAUGdaFXOYiaikoKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOYiaikoqZWZRdhoqZWs8jab0jhNlJ6ykiAFnShBR-kJBS1m0ZeIKfAZuiYmkjPu3ifGHfF2IMsMMeMb6MKG4f5CNIMIjMkMfH6qJoQXbMs6IJMJ7fbR1VsMgeM96MKG4f5qNIMIjgkMfH6qJ_2XbMs6FJMJ7fbRcVsMgeMt6MKG4f5GNIMIjIPMfH6qJy89bMy62JMJ7fbKImsMfeMb6MKG4f54oIMJjgKMfH6qJ6m9bMy6YJMHbMid1N0JB.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 2609835d03f978b61445cd730e5f9509e2c7db7148a9712e25977cded842d117

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: nginx
access-control-allow-origin: *
etag: "b9c98b39f7529d315161b1e23b041fbba04f42fd"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16912

GET
H2 200 l
use.typekit.net/af/0f81df/00000000000000003b9afc28/27/ 16 KB
16 KB 17ms
11ms Font
application/font-woff2 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/0f81df/00000000000000003b9afc28/27/l?subset_id=2&fvd=i3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ik/n0XXL0lpokWK54i5GbykLNfp6Hs5eDD-1psATTk3UnSfeGM2fFHN4UJLFRbh52jhWDmRF2Suwc4qFhwowDJa52IXFQSDjhb3Fg73MPG0jcUuZA48S14oOWgzScFuSe80ZPXujR4qO1FUiABkZWF3jAF8OcFzdPUKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOes8icFzdcs8iemRifoRdhXCdeNRjAUGdaFXOYiaikoKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOYiaikoqZWZRdhoqZWs8jab0jhNlJ6ykiAFnShBR-kJBS1m0ZeIKfAZuiYmkjPu3ifGHfF2IMsMMeMb6MKG4f5CNIMIjMkMfH6qJoQXbMs6IJMJ7fbR1VsMgeM96MKG4f5qNIMIjgkMfH6qJ_2XbMs6FJMJ7fbRcVsMgeMt6MKG4f5GNIMIjIPMfH6qJy89bMy62JMJ7fbKImsMfeMb6MKG4f54oIMJjgKMfH6qJ6m9bMy6YJMHbMid1N0JB.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 35294cf6daa539d94bce8f1886d639dbb5dc8ede9222622defe3a72b04298d72

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: nginx
access-control-allow-origin: *
etag: "0c24000d9b0aebde54534045f1939f57529baebe"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16492

GET
H2 200 l
use.typekit.net/af/62ef57/00000000000000003b9afc29/27/ 17 KB
17 KB 21ms
15ms Font
application/font-woff2 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/62ef57/00000000000000003b9afc29/27/l?subset_id=2&fvd=i4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ik/n0XXL0lpokWK54i5GbykLNfp6Hs5eDD-1psATTk3UnSfeGM2fFHN4UJLFRbh52jhWDmRF2Suwc4qFhwowDJa52IXFQSDjhb3Fg73MPG0jcUuZA48S14oOWgzScFuSe80ZPXujR4qO1FUiABkZWF3jAF8OcFzdPUKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOes8icFzdcs8iemRifoRdhXCdeNRjAUGdaFXOYiaikoKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOYiaikoqZWZRdhoqZWs8jab0jhNlJ6ykiAFnShBR-kJBS1m0ZeIKfAZuiYmkjPu3ifGHfF2IMsMMeMb6MKG4f5CNIMIjMkMfH6qJoQXbMs6IJMJ7fbR1VsMgeM96MKG4f5qNIMIjgkMfH6qJ_2XbMs6FJMJ7fbRcVsMgeMt6MKG4f5GNIMIjIPMfH6qJy89bMy62JMJ7fbKImsMfeMb6MKG4f54oIMJjgKMfH6qJ6m9bMy6YJMHbMid1N0JB.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: d1084329cbdddbabbb15524f5af4008fe53caa66a25f414f7ba06d3dd4afc075

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: nginx
access-control-allow-origin: *
etag: "e5b48ce25caaf4e9da132fa40c3d82c2065824ac"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 17540

GET
H2 200 l
use.typekit.net/af/ec4ef2/00000000000000003b9afc2e/27/ 17 KB
17 KB 17ms
12ms Font
application/font-woff2 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/ec4ef2/00000000000000003b9afc2e/27/l?subset_id=2&fvd=i7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ik/n0XXL0lpokWK54i5GbykLNfp6Hs5eDD-1psATTk3UnSfeGM2fFHN4UJLFRbh52jhWDmRF2Suwc4qFhwowDJa52IXFQSDjhb3Fg73MPG0jcUuZA48S14oOWgzScFuSe80ZPXujR4qO1FUiABkZWF3jAF8OcFzdPUKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOes8icFzdcs8iemRifoRdhXCdeNRjAUGdaFXOYiaikoKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOYiaikoqZWZRdhoqZWs8jab0jhNlJ6ykiAFnShBR-kJBS1m0ZeIKfAZuiYmkjPu3ifGHfF2IMsMMeMb6MKG4f5CNIMIjMkMfH6qJoQXbMs6IJMJ7fbR1VsMgeM96MKG4f5qNIMIjgkMfH6qJ_2XbMs6FJMJ7fbRcVsMgeMt6MKG4f5GNIMIjIPMfH6qJy89bMy62JMJ7fbKImsMfeMb6MKG4f54oIMJjgKMfH6qJ6m9bMy6YJMHbMid1N0JB.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 29943888a4a7d204db526eaba465e78a33fde54f36c7373f75988a4a0f6180b9

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: nginx
access-control-allow-origin: *
etag: "273c088a334d6c97797fc90ba18c9fe3698f05da"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 17220

GET
H2 200 l
use.typekit.net/af/ae4f6c/000000000000000000010096/27/ 67 KB
67 KB 23ms
18ms Font
application/font-woff2 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/ae4f6c/000000000000000000010096/27/l?subset_id=2&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ik/n0XXL0lpokWK54i5GbykLNfp6Hs5eDD-1psATTk3UnSfeGM2fFHN4UJLFRbh52jhWDmRF2Suwc4qFhwowDJa52IXFQSDjhb3Fg73MPG0jcUuZA48S14oOWgzScFuSe80ZPXujR4qO1FUiABkZWF3jAF8OcFzdPUKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOes8icFzdcs8iemRifoRdhXCdeNRjAUGdaFXOYiaikoKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOYiaikoqZWZRdhoqZWs8jab0jhNlJ6ykiAFnShBR-kJBS1m0ZeIKfAZuiYmkjPu3ifGHfF2IMsMMeMb6MKG4f5CNIMIjMkMfH6qJoQXbMs6IJMJ7fbR1VsMgeM96MKG4f5qNIMIjgkMfH6qJ_2XbMs6FJMJ7fbRcVsMgeMt6MKG4f5GNIMIjIPMfH6qJy89bMy62JMJ7fbKImsMfeMb6MKG4f54oIMJjgKMfH6qJ6m9bMy6YJMHbMid1N0JB.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 98305cffbf19855e4f15bedafe9ab8d46b785986db849b30ea7e72eef99696de

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: nginx
access-control-allow-origin: *
etag: "dcb4afde1e053f9caf987fd66290b8eca72ab6f0"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 68520

GET
H2 200 l
use.typekit.net/af/9b05f3/000000000000000000013365/27/ 46 KB
46 KB 24ms
19ms Font
application/font-woff2 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/9b05f3/000000000000000000013365/27/l?subset_id=2&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ik/n0XXL0lpokWK54i5GbykLNfp6Hs5eDD-1psATTk3UnSfeGM2fFHN4UJLFRbh52jhWDmRF2Suwc4qFhwowDJa52IXFQSDjhb3Fg73MPG0jcUuZA48S14oOWgzScFuSe80ZPXujR4qO1FUiABkZWF3jAF8OcFzdPUKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOes8icFzdcs8iemRifoRdhXCdeNRjAUGdaFXOYiaikoKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOYiaikoqZWZRdhoqZWs8jab0jhNlJ6ykiAFnShBR-kJBS1m0ZeIKfAZuiYmkjPu3ifGHfF2IMsMMeMb6MKG4f5CNIMIjMkMfH6qJoQXbMs6IJMJ7fbR1VsMgeM96MKG4f5qNIMIjgkMfH6qJ_2XbMs6FJMJ7fbRcVsMgeMt6MKG4f5GNIMIjIPMfH6qJy89bMy62JMJ7fbKImsMfeMb6MKG4f54oIMJjgKMfH6qJ6m9bMy6YJMHbMid1N0JB.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: ee3fde9fdf61686caeb22b22b988373b456a4aaa90ebf6eb1b01d1143754d311

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: nginx
access-control-allow-origin: *
etag: "0ffa5e8c8eb076cc21ede9987250dfa4f2af4438"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 46644

GET
H2 200 l
use.typekit.net/af/c4c302/000000000000000000012192/27/ 33 KB
33 KB 27ms
22ms Font
application/font-woff2 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/c4c302/000000000000000000012192/27/l?subset_id=2&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ik/n0XXL0lpokWK54i5GbykLNfp6Hs5eDD-1psATTk3UnSfeGM2fFHN4UJLFRbh52jhWDmRF2Suwc4qFhwowDJa52IXFQSDjhb3Fg73MPG0jcUuZA48S14oOWgzScFuSe80ZPXujR4qO1FUiABkZWF3jAF8OcFzdPUKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOes8icFzdcs8iemRifoRdhXCdeNRjAUGdaFXOYiaikoKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOYiaikoqZWZRdhoqZWs8jab0jhNlJ6ykiAFnShBR-kJBS1m0ZeIKfAZuiYmkjPu3ifGHfF2IMsMMeMb6MKG4f5CNIMIjMkMfH6qJoQXbMs6IJMJ7fbR1VsMgeM96MKG4f5qNIMIjgkMfH6qJ_2XbMs6FJMJ7fbRcVsMgeMt6MKG4f5GNIMIjIPMfH6qJy89bMy62JMJ7fbKImsMfeMb6MKG4f54oIMJjgKMfH6qJ6m9bMy6YJMHbMid1N0JB.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: fc46fe1bf249e485fa61aa7a2902411991d6f554244a3b4f8b67f5037e72cdf0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: nginx
access-control-allow-origin: *
etag: "9d5008d041639c6d4922c710a6aaeb2b11526a89"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 34052

GET
H2 200 l
use.typekit.net/af/309dfe/000000000000000000010091/27/ 39 KB
40 KB 31ms
26ms Font
application/font-woff2 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/309dfe/000000000000000000010091/27/l?subset_id=2&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ik/n0XXL0lpokWK54i5GbykLNfp6Hs5eDD-1psATTk3UnSfeGM2fFHN4UJLFRbh52jhWDmRF2Suwc4qFhwowDJa52IXFQSDjhb3Fg73MPG0jcUuZA48S14oOWgzScFuSe80ZPXujR4qO1FUiABkZWF3jAF8OcFzdPUKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOes8icFzdcs8iemRifoRdhXCdeNRjAUGdaFXOYiaikoKdYm8jcmkS1qlSeNkjam3-Ao8OQmKwcb0SaBujW48Sagyjh90jhNlOYiaikoqZWZRdhoqZWs8jab0jhNlJ6ykiAFnShBR-kJBS1m0ZeIKfAZuiYmkjPu3ifGHfF2IMsMMeMb6MKG4f5CNIMIjMkMfH6qJoQXbMs6IJMJ7fbR1VsMgeM96MKG4f5qNIMIjgkMfH6qJ_2XbMs6FJMJ7fbRcVsMgeMt6MKG4f5GNIMIjIPMfH6qJy89bMy62JMJ7fbKImsMfeMb6MKG4f54oIMJjgKMfH6qJ6m9bMy6YJMHbMid1N0JB.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: d37e4ca1e1902ac258dedafe9e7ee1bc8e7ac887a3d2f0babc143dede00dfd32

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: nginx
access-control-allow-origin: *
etag: "78f589bb61056c7dc2c42601e2fd59aa96941141"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 40336

GET
H2 200 2699781.js Show response
js.hs-analytics.net/analytics/1555016400000/ 72 KB
25 KB 192ms
123ms Script
text/javascript 2606:4700::6811:46b0
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1555016400000/2699781.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2699781.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:46b0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 240617a92a751a49e6649add3f84a1a571c3bfaf3dc67b62532e33f2b4f92173

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: 5D40C734EA09B19A
status: 200
content-type: text/javascript
x-amz-id-2: d3S/mSW8In3UfeTMIn37A7Hzhd/80AHBWaKcc0H8pSZf5KMQfnD9lHElI/Au+8fkDfVV5IYIL5Y=
last-modified: Mon, 18 Mar 2019 18:54:16 GMT
server: cloudflare
etag: W/"c677d66cb8ea28574503209805533935"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-ray: 4c5fe8c04b5f9ad0-FRA
expires: Thu, 11 Apr 2019 21:08:47 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 4 KB
2 KB 79ms
11ms Script
application/javascript 2606:4700::6811:70b0
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2699781.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:70b0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83f0568d44d6151864a2921696af9d5460c47e955dbc79c1df5be58097b317ef

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
via: 1.1 a97d638d4e395a6f27b927572cf3bfda.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: gzip
x-amz-version-id: r..JH0ehXuvcXwce9WramFZgEXYgVmJB
last-modified: Fri, 01 Mar 2019 01:16:27 GMT
server: cloudflare
etag: W/"6ac55f60220e99f26ae7ebdc1d99c061"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=600
cf-ray: 4c5fe8c049389780-FRA
x-amz-cf-id: oq-dyPFem5ddMSthKIX3ZHEEdvkzV_SBeMYTen4WktH_puyFZgqwPg==

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 56 KB
14 KB 80ms
12ms Script
application/javascript 2606:4700::6811:edcc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2699781.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:edcc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 424940dce8c0679c7a180a95991a5b34824d05b0373dfbc803ea9e15eff9b694

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
via: 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
cf-cache-status: HIT
cf-ray: 4c5fe8c04cb9bf02-FRA
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Wed, 10 Apr 2019 02:09:19 GMT
server: cloudflare
etag: W/"00b55c8baaeef725d7ff223ce19296cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: y6uDfM.LdcxyblStzyH81daURxoaerDn
cache-control: max-age=600
content-type: application/javascript; charset=utf-8
x-amz-cf-id: s4UlvyymOpyC81mROY-slEJkMQTUEgN2Sz2WtdLCHc89_Stj5-vTSg==

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 47 KB
14 KB 94ms
26ms Script
application/javascript 2606:4700::6811:7fab
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2699781.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:7fab , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34a1024c1aa06fecb29ad5fb2e9ade59b3ab999d0b5ac184461c1ca76d9d2061

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
via: 1.1 15a3e53929b8b98c1afabe17cca4b1fd.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-cache: Miss from cloudfront
status: 200
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: gzip
content-type: application/javascript; charset=utf-8
last-modified: Tue, 19 Feb 2019 02:30:12 GMT
server: cloudflare
etag: W/"1286a0d2a463c01d4f8af1bda7119213"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
x-amz-version-id: XK2Azc_XkBe8YB8qJgSU.U8CjHEbLwls
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 4c5fe8c05bf4c2ab-FRA
x-amz-cf-id: -1llB-gsUUqnfurtr6MrTC_47-9EhEr0-a8E8nsU57WmQL2vzAfkNA==

GET
H2 200 p.gif
p.typekit.net/ 35 B
201 B 22ms
10ms Image
image/gif 23.45.98.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=2&k=646866_5c4752bd7c9327814573cd04&ht=tk&h=devcondetect.com&f=25168.7915.7909.7911.7913.7916.7910.7914.10886.10884.15586.10881&a=646866&js=1.19.2&app=typekit&e=js&_=1555016627226
Requested by: Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.98.72 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-98-72.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
last-modified: Mon, 04 Feb 2019 20:13:09 GMT
server: nginx
access-control-allow-origin: *
etag: "5c589cd5-23"
content-type: image/gif
status: 200
cache-control: max-age=604800
accept-ranges: bytes
content-length: 35
expires: Sun, 17 Feb 2019 08:57:03 GMT

GET
H2 200 share-buttons-0658835f3009ef166892-min.en-US.js Show response
static.squarespace.com/universal/scripts-compressed/ 686 KB
130 KB 10ms
9ms Script
text/javascript 151.101.0.238
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.squarespace.com/universal/scripts-compressed/share-buttons-0658835f3009ef166892-min.en-US.js
Requested by: Host: static.squarespace.com
URL: https://static.squarespace.com/universal/scripts-compressed/common-d24e18cba3e7725dac94-min.en-US.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.238 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: envoy /
Resource Hash: fd4a8719afa557f59bb3e75542088fc0d26b961c73fa10324e4ca7ae9d07f640

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
content-encoding: gzip
age: 529648
x-cache: HIT, HIT
x-via: 1.1 echo010
status: 200
x-contextid: W42sp6l0/rvrseupM
content-length: 132624
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-dfw18634-DFW, cache-hhn1535-HHN
pragma: cache
server: envoy
x-timer: S1555016627.386566,VS0,VE0
tracepoint: Fastly
etag: site-server-js-share-buttons-0658835f3009ef166892-en-u-gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-servedby: cdn034
accept-ranges: bytes
x-cache-hits: 2, 2762

GET
H2 200 iJWHBXyIfDnIV7Fqj2md8WD07oB-.woff2
fonts.gstatic.com/s/rubik/v8/ 14 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v8/iJWHBXyIfDnIV7Fqj2md8WD07oB-.woff2

Requested by

Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:808::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

41508237fe6bd4b682566ceed6764d2162d076160bda73cafbef34508883c273

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Montserrat:700|Rubik:700,700i,400i,400,500,300i,300
Origin: https://devcondetect.com

Response headers

date: Sat, 09 Mar 2019 01:50:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 19 Feb 2019 22:42:26 GMT
server: sffe
age: 2920403
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14828
x-xss-protection: 1; mode=block
expires: Sun, 08 Mar 2020 01:50:24 GMT

OPTIONS
H2 204 public Show response
api.hubspot.com/livechat/v1/message/ 0
571 B 180ms
106ms XHR
text/plain 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat/v1/message/public?portalId=2699781&conversations-embed=static-1.2599&mobile=false&messagesUtk=885693be4f80491397cc655509fcaa34

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Access-Control-Request-Method: GET
Origin: https://devcondetect.com
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: x-hubspot-messages-uri

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
server: cloudflare
access-control-allow-origin: https://devcondetect.com
x-trace: 2B993FAEC98BB64EA399162A1F1E507BAF3D21FCB7000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
allow: OPTIONS,HEAD,GET,PUT
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
status: 204
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 4c5fe8c1da49c283-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 json Show response
forms.hubspot.com/collected-forms/v1/config/ 115 B
234 B 177ms
107ms XHR
application/json 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/collected-forms/v1/config/json?portalId=2699781

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a6d71992cc96b4a01b8a02d66308f772d5e90945571aa274d00b4c4e9e14b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
content-encoding: br
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://devcondetect.com
access-control-max-age: 180
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 4c5fe8c1da4cc283-FRA
access-control-allow-headers: *

GET
H2 200 / Show response
graph.facebook.com/ 726 B
870 B 363ms
307ms Script
text/javascript 2a03:2880:f01a:1:face:b00c:0:1
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far&callback=SquarespaceShareButtonCounts1555016627612.facebook

Requested by

Host: static.squarespace.com
URL: https://static.squarespace.com/universal/scripts-compressed/share-buttons-0658835f3009ef166892-min.en-US.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01a:1:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

b640327c605729f6897ceb2a893e1b252816e20e18428f781b935d658dbdc975

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Thu, 11 Apr 2019 21:03:47 GMT
x-fb-rev: 1000593143
content-length: 423
pragma: no-cache
x-fb-debug: PxAhSedF4UN7iztnqys3XrSgnZ3VkFAdP9WE15scYbAgFPcn5Wn2sIB43vvLvKgiTBeDD8h9Qg5ldo5DKbTsug==
x-fb-trace-id: HjcgPXpmPkG
etag: "85cd7bcdd6e4d82a894ef1e53ef9e11800f357f2"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: A0c4ZzjXtTkFEZDp7YzHGNE
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.8
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 share Show response
www.linkedin.com/countserv/count/ 206 B
425 B 109ms
106ms Script
text/javascript 2620:109:c002::6cae:a0a
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL

https://www.linkedin.com/countserv/count/share?url=https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far&callback=SquarespaceShareButtonCounts1555016627612.linkedin

Requested by

Host: static.squarespace.com
URL: https://static.squarespace.com/universal/scripts-compressed/share-buttons-0658835f3009ef166892-min.en-US.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:109:c002::6cae:a0a , United States, ASN14413 (LINKEDIN - LinkedIn Corporation, US),

Reverse DNS

Software

Apache-Coyote/1.1 /

Resource Hash

7aff944ad09643cdfc1cda81cbf5ab06288e478d881ab782584cfc5924afd607

Security Headers

Name	Value
Content-Security-Policy	default-src ; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: ; font-src data: ; style-src 'unsafe-inline' 'self' static-src.linkedin.com .licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com .ads.linkedin.com .licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: ; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-li-pop: prod-edc2
x-li-uuid: 7NWhT2KHlBVAQovPzSoAAA==
pragma: no-cache
server: Apache-Coyote/1.1
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary: Accept-Encoding
strict-transport-security: max-age=2592000
content-type: text/javascript;charset=UTF-8
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
x-li-fabric: prod-lva1
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 count.json Show response
widgets.pinterest.com/v1/urls/ 170 B
422 B 155ms
110ms Script
application/javascript 151.101.0.84
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://widgets.pinterest.com/v1/urls/count.json?source=6&url=https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far&callback=SquarespaceShareButtonCounts1555016627612.pinterest

Requested by

Host: static.squarespace.com
URL: https://static.squarespace.com/universal/scripts-compressed/share-buttons-0658835f3009ef166892-min.en-US.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.84 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

18063867a6913a75e95a6c6c6581f31f235baf352acee9fc592f24a453a51f2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-pinterest-host: widgets.pinterest.com
date: Thu, 11 Apr 2019 21:03:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
vary: accept-encoding
content-type: application/javascript
status: 200
cache-control: must-revalidate, max-age=887
x-envoy-upstream-service-time: 2
accept-ranges: none
access-control-allow-origin: *
x-pinterest-rid: 353130235258
expires: Thu, 11 Apr 2019 21:18:47 GMT

GET
H2 200 public Show response
api.hubspot.com/livechat/v1/message/ 4 KB
2 KB 292ms
292ms XHR
application/json 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat/v1/message/public?portalId=2699781&conversations-embed=static-1.2599&mobile=false&messagesUtk=885693be4f80491397cc655509fcaa34

Requested by

Host: devcondetect.com
URL: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3d12fe37e7ab5aa790e9c3534e3aa7fd87de2760e437af35215f2e3ea9166e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com
X-HubSpot-Messages-Uri: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
content-encoding: br
status: 200
server: cloudflare
x-trace: 2B8D184C4B988F6F3796FB15DD538DA77B5FC896F3000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://devcondetect.com
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 4c5fe8c2bc4dc283-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 5cacd9ac08522943cb7d03c3 Show response
devcondetect.com/api/blog-like-count/ 30 B
150 B 144ms
144ms XHR
application/json 198.49.23.145
Squarespace

General

Check archive.org

Show headers Download Go to

Full URL

https://devcondetect.com/api/blog-like-count/5cacd9ac08522943cb7d03c3

Requested by

Host: static.squarespace.com
URL: https://static.squarespace.com/universal/scripts-compressed/performance-a866b4a81e6ca81f130e-min.en-US.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.49.23.145 New York, United States, ASN53831 (SQUARESPACE - Squarespace, Inc., US),

Reverse DNS

Software

envoy /

Resource Hash

b3f56d7d196112c741faa936554b5812f931eba8bae91c7ff79b40150769b00b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

:path: /api/blog-like-count/5cacd9ac08522943cb7d03c3
pragma: no-cache
cookie: crumb=BTPyqkuQUv8xMzg3M2EwYTVmMzE0YjY1MDE2MGZkMjY1MTAyNjcy; _ga=GA1.2.1723558395.1555016627; _gid=GA1.2.114564440.1555016627; _gat=1; ss_cvr=59d5ed89-a0cb-4ef4-b854-d74d63b1eaa8|1555016627099|1555016627099|1555016627099|1; ss_cvt=1555016627099; ss_cid=06d3838b-8034-45eb-a4ae-4b0be695e1bd; ss_cvisit=1555016627210; ss_cpvisit=1555016627210
accept-encoding: gzip, deflate, br
x-csrf-token: BTPyqkuQUv8xMzg3M2EwYTVmMzE0YjY1MDE2MGZkMjY1MTAyNjcy
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: application/json, text/plain, */*
cache-control: no-cache
:authority: devcondetect.com
referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
:scheme: https
:method: GET
Accept: application/json, text/plain, */*
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
X-CSRF-Token: BTPyqkuQUv8xMzg3M2EwYTVmMzE0YjY1MDE2MGZkMjY1MTAyNjcy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: envoy
cache-control: no-cache, no-store, must-revalidate
strict-transport-security: max-age=0
x-via: 1.1 echo015
status: 200
x-contextid: xWPh15aB/NNC4602b
x-servedby: api023
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, User-Agent

GET
H2 200 885693be4f80491397cc655509fcaa34
app.hubspot.com/conversations-visitor/2699781/threads/utk/ Frame F7BF 0
0 165ms
116ms Document
text/html 2606:4700::6810:f905
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/2699781/threads/utk/885693be4f80491397cc655509fcaa34?uuid=14ffd00feaf4442bb069afdc139c57d6&mobile=false&mobileSafari=false&open=false&hideWelcomeMessage=false&domain=devcondetect.com&inApp53=false&messagesUtk=885693be4f80491397cc655509fcaa34&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&inline=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f905 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: app.hubspot.com
:scheme: https
:path: /conversations-visitor/2699781/threads/utk/885693be4f80491397cc655509fcaa34?uuid=14ffd00feaf4442bb069afdc139c57d6&mobile=false&mobileSafari=false&open=false&hideWelcomeMessage=false&domain=devcondetect.com&inApp53=false&messagesUtk=885693be4f80491397cc655509fcaa34&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&inline=false
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Response headers

status: 200
date: Thu, 11 Apr 2019 21:03:48 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d0dd1b94eb80ae8094b8c82fd3cb01fdc1555016627; expires=Fri, 10-Apr-20 21:03:47 GMT; path=/; domain=.hubspot.com; HttpOnly
x-amz-replication-status: COMPLETED
last-modified: Wed, 10 Apr 2019 03:45:38 GMT
x-amz-version-id: drE3EHUKiLQ3q6QRR68Z4NvNWpxNkK39
etag: W/"0799b4492d978ff1d0391b0f2ab49719"
vary: Accept-Encoding
age: 2668
x-cache: Hit from cloudfront
via: 1.1 e74f6a762a10013d708a25452cd645de.cloudfront.net (CloudFront)
x-amz-cf-id: 6O2eg-1KplUdQGBDETT57HFT75WNriu2NprI4dbz5IK0VJDvIPTtlA==
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4c5fe8c4dbdc9ab8-FRA
content-encoding: br

POST
H2 204 records
devcondetect.com/api/1/wp-rum/ 0
67 B 177ms
177ms Other
text/plain 198.49.23.145
Squarespace

General

Check archive.org

Show headers Download Go to

Full URL: https://devcondetect.com/api/1/wp-rum/records
Requested by: Host: static.squarespace.com
URL: https://static.squarespace.com/universal/scripts-compressed/performance-a866b4a81e6ca81f130e-min.en-US.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.49.23.145 New York, United States, ASN53831 (SQUARESPACE - Squarespace, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /api/1/wp-rum/records
pragma: no-cache
cookie: messagesUtk=885693be4f80491397cc655509fcaa34
origin: https://devcondetect.com
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
cache-control: no-cache
:authority: devcondetect.com
referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
:scheme: https
content-length: 110
:method: POST
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

status: 204
date: Thu, 11 Apr 2019 21:03:48 GMT
x-contextid: gv5lDmrj/wFKtgksY
x-servedby: wp-rum001
x-via: 1.1 echo015

GET
H2

200

/ Show response
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?time=1555016628599&pid=964681&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&fmt=js&s=1
https://px.ads.linkedin.com/collect/?time=1555016628599&pid=964681&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&fmt=js&s=1&c...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1555016628599%26pid%3D964681%26url%3Dhttps%253A%252F%252Fdevcondetect.com%252Fblog%252F2019%252F...
https://px.ads.linkedin.com/collect/?time=1555016628599&pid=964681&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&fmt=js&s=1&c...

0
120 B

245ms
245ms

Script
application/javascript

2620:119:50e1:105::6cae:b25
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/collect/?time=1555016628599&pid=964681&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&fmt=js&s=1&cookiesTest=true&liSync=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:119:50e1:105::6cae:b25 , United States, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:49 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-esv5
content-type: application/javascript
content-length: 20
x-li-uuid: uH+HsGKHlBVAcQTNqSsAAA==

Redirect headers

date: Thu, 11 Apr 2019 21:03:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
x-li-pop: prod-edc2
content-length: 20
x-li-uuid: fkyqp2KHlBVg3rGtzSoAAA==
pragma: no-cache
server: Play
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary: Accept-Encoding
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect/?time=1555016628599&pid=964681&url=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&fmt=js&s=1&cookiesTest=true&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/ 32 B
579 B 167ms
108ms XHR
application/json 2606:4700::6811:c9cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/json?portalId=2699781

Requested by

Host: static.squarespace.com
URL: https://static.squarespace.com/universal/scripts-compressed/performance-a866b4a81e6ca81f130e-min.en-US.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c9cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d81cadfd87c28d5d7550ce59454a1c910a6d61765b847f945cf55283a80e1e26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
Origin: https://devcondetect.com

Response headers

date: Thu, 11 Apr 2019 21:03:48 GMT
content-encoding: br
status: 200
server: cloudflare
x-trace: 2BD55D891027B506FB099D86AC7C101AFBA22F8559000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://devcondetect.com
access-control-max-age: 180
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 4c5fe8c92c3597a4-FRA
access-control-allow-headers: *

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
179 B 29ms
13ms Image
image/gif 2606:4700::6810:f905
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1332804328&v=1.1&a=2699781&rcu=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&pu=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&t=Major+Uptick+in+Exploit+Activity%3A+Here%27s+What+We+Know+So+Far+%E2%80%94+DEVCON+%7C+Ad+Fraud+Security%C2%AE&cts=1555016628608&vi=885693be4f80491397cc655509fcaa34&nc=true&u=154634023.885693be4f80491397cc655509fcaa34.1555016628604.1555016628604.1555016628604.1&b=154634023.1.1555016628603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f905 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cf-ray: 4c5fe8c8eab09ab8-FRA
date: Thu, 11 Apr 2019 21:03:48 GMT
content-type: image/gif
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 53 KB
15 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

fa59b1ed1b011e084474ad818b5f6986d84fc678e2f37fee9330eb52d86860b3

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 15397
x-xss-protection: 0
pragma: public
x-fb-debug: fYTKxs4nRt/Cq5DgGZ84vYuXCesVrUqhAzIyplhIOSMFYhqcuz19cE/3OrCactCyvXd/BwDJ+794bRjZRDznKA==
date: Thu, 11 Apr 2019 21:03:48 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 615883498850749 Show response
connect.facebook.net/signals/config/ 174 KB
42 KB 119ms
119ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/615883498850749?v=2.8.47&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

ad72cebf1f09206706fc50d5066d4952bb00412fcfe01f0849d53c0664ba89b9

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
x-xss-protection: 0
pragma: public
x-fb-debug: 8YcSve07LP6P1nIB8C184TzFDK6Cfxo/SV0dVz39umYNpQpsCg0vBAJMZMqS5MPIJYelZG/JtGRb3kSMifrcSw==
date: Thu, 11 Apr 2019 21:03:48 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
247 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=615883498850749&ev=PageView&dl=https%3A%2F%2Fdevcondetect.com%2Fblog%2F2019%2F4%2F9%2Fmajor-uptick-in-exploit-activity-heres-what-we-know-so-far&rl=&if=false&ts=1555016628928&sw=1600&sh=1200&v=2.8.47&r=stable&a=tmhubspot&ec=0&o=30&fbp=fb.1.1555016628927.1894087316&it=1555016628787&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 11 Apr 2019 21:03:48 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 11 Apr 2019 21:03:48 GMT

POST
H2 200 /
www.facebook.com/tr/ Frame ADEC 0
0 10ms
7ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 4735
pragma: no-cache
cache-control: no-cache
origin: https://devcondetect.com
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far
accept-encoding: gzip, deflate, br
cookie: fr=0VBQE4Y7xntwDybhH..Bcr6u0...1.0.Bcr6u0.
Origin: https://devcondetect.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://devcondetect.com/blog/2019/4/9/major-uptick-in-exploit-activity-heres-what-we-know-so-far

Response headers

status: 200
content-type: text/plain
access-control-allow-origin: https://devcondetect.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 0
server: proxygen-bolt
date: Thu, 11 Apr 2019 21:03:49 GMT

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.devcondetect.com/	1970-01-18 23:56:58	Name: __hssc Value: 154634023.1.1555016628603
.devcondetect.com/	1970-01-19 09:18:32	Name: hubspotutk Value: 885693be4f80491397cc655509fcaa34
.devcondetect.com/	1970-01-19 09:18:32	Name: __hstc Value: 154634023.885693be4f80491397cc655509fcaa34.1555016628604.1555016628604.1555016628604.1
.hubspot.com/	1970-01-19 08:42:32	Name: __cfduid Value: d0dd1b94eb80ae8094b8c82fd3cb01fdc1555016627
.devcondetect.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.devcondetect.com/	1970-01-19 09:18:32	Name: messagesUtk Value: 885693be4f80491397cc655509fcaa34

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 25) Message: [Facebook Pixel] - Invalid PixelID: function(e,t){return this.splice(e,!t\|\|1+t-e+(!(t<0^e>=0)&&(t<0\|\|-1)*this.length)),this.length}.
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 25) Message: [Facebook Pixel] - Invalid PixelID: function(e){this.removeRange(e,e)}.
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 25) Message: [Facebook Pixel] - Invalid PixelID: function(e){for(var t=0;t<this.length;++t)if(this[t]===e)return void this.removeAt(t)}.
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 25) Message: [Facebook Pixel] - Invalid PixelID: function(){for(var e=[];this.length;)e.push(this.splice(Math.random()*this.length,1));for(;e.length;)this.push(e.pop()[0]);return this}.
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 25) Message: [Facebook Pixel] - Invalid PixelID: function(e){return this.indexOf(e)>-1}.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubapi.com
api.hubspot.com
app.hubspot.com
connect.facebook.net
devcondetect.com
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
graph.facebook.com
images.squarespace-cdn.com
js.hs-analytics.net
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.usemessages.com
p.typekit.net
px.ads.linkedin.com
snap.licdn.com
static.squarespace.com
static1.squarespace.com
track.hubspot.com
use.typekit.net
widgets.pinterest.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.linkedin.com
151.101.0.238
151.101.0.84
198.49.23.145
23.45.98.72
2606:4700::6810:f905
2606:4700::6810:fd05
2606:4700::6811:46b0
2606:4700::6811:70b0
2606:4700::6811:7fab
2606:4700::6811:c9cc
2606:4700::6811:d4cc
2606:4700::6811:edcc
2620:109:c002::6cae:a0a
2620:119:50e1:105::6cae:b25
2a00:1450:4001:808::2003
2a00:1450:4001:80b::200a
2a00:1450:4001:816::2008
2a00:1450:4001:818::200e
2a02:26f0:6c00:28c::25ea
2a03:2880:f01a:1:face:b00c:0:1
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
07dc8dca170a11f27838f8f240fe96bbccfacc2e3af470a2f23bab34d7cab65b
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
18063867a6913a75e95a6c6c6581f31f235baf352acee9fc592f24a453a51f2d
1e8b0e42cdff0b27529ebfd5bc64417cfe7df6bc423ab58e3269837c75c714c1
240617a92a751a49e6649add3f84a1a571c3bfaf3dc67b62532e33f2b4f92173
2609835d03f978b61445cd730e5f9509e2c7db7148a9712e25977cded842d117
29943888a4a7d204db526eaba465e78a33fde54f36c7373f75988a4a0f6180b9
33e0d72486ff935790e3b0d63081cac41cda2b9b38ab14919d979a6a1d07e004
34a1024c1aa06fecb29ad5fb2e9ade59b3ab999d0b5ac184461c1ca76d9d2061
35294cf6daa539d94bce8f1886d639dbb5dc8ede9222622defe3a72b04298d72
3a6d71992cc96b4a01b8a02d66308f772d5e90945571aa274d00b4c4e9e14b13
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
41508237fe6bd4b682566ceed6764d2162d076160bda73cafbef34508883c273
424940dce8c0679c7a180a95991a5b34824d05b0373dfbc803ea9e15eff9b694
4e8c1cef4205835fa4bcd3c53e09f444eb0b34a933075fb254f82d4b043bc2cc
547d9993459047ab0d4dbfc03fbb376b22d6c42a3e8341548d4f7ff3a7047612
5aee928d73b5d060530037b8e3c373c09122bc11e8fa03e52ffb310a5325dcee
5dbb39659d4a1d894da07139ef2e377b68328592cf0af17caba1778109c501f0
668ad51e5e0698357e164d655e462d401d05ac63b48c1283025ea9922b09ff71
6c9a29fb16462a055f757cf236536c29f249ba643945159fee74f528d788a813
7aff944ad09643cdfc1cda81cbf5ab06288e478d881ab782584cfc5924afd607
817f9ddf55f874b27bb1934c13b2f2b200a2854de5daf285c96f33ffdb35b3f3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f0568d44d6151864a2921696af9d5460c47e955dbc79c1df5be58097b317ef
885af539009d2f2d57639f970b9faa084f839a80be3afafcced230ceac971ab9
891139542b61ad256c450a5dced0b5bdb4fd263ea7bfbfcf0b9b97d6fedfca50
981e7e2e93820c47273ae85c5b7d70509c05c29022d4becd43645fcb47d3db8e
98305cffbf19855e4f15bedafe9ab8d46b785986db849b30ea7e72eef99696de
99e1c19131323592b0d5a419a1a3c54fc4ed4b43f76aab30de8b9e0973cfaa58
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
ad72cebf1f09206706fc50d5066d4952bb00412fcfe01f0849d53c0664ba89b9
afea8d9bea2182f4ad958af13f03bd44a26a8f136e5fdc745fa1ab69d01b3204
b3f56d7d196112c741faa936554b5812f931eba8bae91c7ff79b40150769b00b
b640327c605729f6897ceb2a893e1b252816e20e18428f781b935d658dbdc975
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
c8aa337fc37713d6c02cdbb773733509a0d5186d4185d6cefe101467797dd815
d0799d51cf864c896614837999e9f976a7c546862cf8bf568b37e0fa49fc8667
d1084329cbdddbabbb15524f5af4008fe53caa66a25f414f7ba06d3dd4afc075
d37e4ca1e1902ac258dedafe9e7ee1bc8e7ac887a3d2f0babc143dede00dfd32
d81cadfd87c28d5d7550ce59454a1c910a6d61765b847f945cf55283a80e1e26
d8a7ed423a27fb12754e2bb54731866758ab27235a5988407bb36891563a16de
d900454ba2fb9745e6b2ce75af9b18ff30107b0a1d4439592370b8cde8be2796
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
ded1e2af9a5d3937cc8d26fbb6d0212702f611ca62607c4eb3e7b4dc3b196d9f
e308f31835293f9e7aa25c1fc228af6997a245dd4f1bc9ac5498648aae56c760
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d12fe37e7ab5aa790e9c3534e3aa7fd87de2760e437af35215f2e3ea9166e4
ecaff571ec8013c3109416f873984d52aba680c2110b8e49359cea9ca95bdd15
ee3fde9fdf61686caeb22b22b988373b456a4aaa90ebf6eb1b01d1143754d311
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
fa59b1ed1b011e084474ad818b5f6986d84fc678e2f37fee9330eb52d86860b3
fc46fe1bf249e485fa61aa7a2902411991d6f554244a3b4f8b67f5037e72cdf0
fcb4aa4232f3e6c602799944831e01aeed7a38f8a9ec12cf25722af3afff72c8
fd4a8719afa557f59bb3e75542088fc0d26b961c73fa10324e4ca7ae9d07f640

devcondetect.com Open in urlscan Pro 198.49.23.145 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

60 Requests

100 %HTTPS

82 %IPv6

20 Domains

27 Subdomains

22 IPs

4 Countries

1862 kBTransfer

5439 kBSize

6 Cookies

11 Outgoing links

Redirected requests

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

devcondetect.com Open in urlscan Pro
198.49.23.145 Public Scan

Screenshot
Live screenshot

Full Image

60
Requests

100 %
HTTPS

82 %
IPv6

20
Domains

27
Subdomains

22
IPs

4
Countries

1862 kB
Transfer

5439 kB
Size

6
Cookies

60 HTTP transactions
0 data transactions