Submitted URL: https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads
Effective URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Submission: On January 08 via api from DE — Scanned from US

Summary

This website contacted 37 IPs in 2 countries across 27 domains to perform 121 HTTP transactions. The main IP is 192.0.66.84, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is www.threatdown.com.
TLS certificate: Issued by E6 on December 10th 2024. Valid for: 3 months.
This is the only time www.threatdown.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 192.0.66.233 2635 (AUTOMATTIC)
2 40 192.0.66.84 2635 (AUTOMATTIC)
1 2607:f8b0:400... 15169 (GOOGLE)
10 34.107.218.251 396982 (GOOGLE-CL...)
4 104.17.74.206 13335 (CLOUDFLAR...)
4 192.0.76.3 2635 (AUTOMATTIC)
3 2607:f8b0:400... 15169 (GOOGLE)
4 142.250.81.227 15169 (GOOGLE)
1 172.64.149.114 13335 (CLOUDFLAR...)
1 18.210.254.78 14618 (AMAZON-AES)
1 104.17.70.206 13335 (CLOUDFLAR...)
12 2606:4700::68... 13335 (CLOUDFLAR...)
1 18.238.55.115 16509 (AMAZON-02)
1 104.18.39.181 13335 (CLOUDFLAR...)
1 3.168.122.81 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 18.238.55.7 16509 (AMAZON-02)
1 142.250.80.4 15169 (GOOGLE)
3 2620:1ec:33:1... 8075 (MICROSOFT...)
2 2a04:4e42:400... 54113 (FASTLY)
2 2600:141b:1c0... 20940 (AKAMAI-AS...)
2 23.204.6.193 16625 (AKAMAI-AS)
3 52.85.61.124 16509 (AMAZON-02)
3 172.64.150.44 13335 (CLOUDFLAR...)
1 151.101.1.140 54113 (FASTLY)
1 151.101.129.140 54113 (FASTLY)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 34.96.71.22 396982 (GOOGLE-CL...)
2 2 35.244.154.8 396982 (GOOGLE-CL...)
1 13.226.94.12 16509 (AMAZON-02)
1 13.33.252.45 16509 (AMAZON-02)
2 104.16.117.43 13335 (CLOUDFLAR...)
1 192.28.144.124 15224 (OMNITURE)
3 5 2620:1ec:21::14 8068 (MICROSOFT...)
1 1 172.64.146.215 13335 (CLOUDFLAR...)
1 13.107.42.14 8068 (MICROSOFT...)
1 2600:9000:251... 16509 (AMAZON-02)
121 37
Apex Domain
Subdomains
Transfer
40 threatdown.com
threatdown.com — Cisco Umbrella Rank: 7365
www.threatdown.com
1 MB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 329
161 KB
10 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 3020
218 KB
7 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 333
www.linkedin.com — Cisco Umbrella Rank: 676
px4.ads.linkedin.com — Cisco Umbrella Rank: 7032
4 KB
6 malwarebytes.com
www.malwarebytes.com — Cisco Umbrella Rank: 52743
go.malwarebytes.com — Cisco Umbrella Rank: 763960
72 KB
4 demandbase.com
tag.demandbase.com — Cisco Umbrella Rank: 6210
tag-logger.demandbase.com — Cisco Umbrella Rank: 5387
78 KB
4 gstatic.com
fonts.gstatic.com
73 KB
4 wp.com
stats.wp.com — Cisco Umbrella Rank: 3804
pixel.wp.com — Cisco Umbrella Rank: 3757
8 KB
3 company-target.com
s.company-target.com — Cisco Umbrella Rank: 1549
segments.company-target.com — Cisco Umbrella Rank: 1655
api.company-target.com — Cisco Umbrella Rank: 4358
1 KB
3 zi-scripts.com
js.zi-scripts.com — Cisco Umbrella Rank: 5643
4 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 359
15 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 3
analytics.google.com — Cisco Umbrella Rank: 142
3 driftt.com
js.driftt.com — Cisco Umbrella Rank: 7118
62 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
251 KB
2 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 4514
2 KB
2 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 854
770 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 135
td.doubleclick.net — Cisco Umbrella Rank: 182
556 B
2 reddit.com
pixel-config.reddit.com — Cisco Umbrella Rank: 2010
alb.reddit.com — Cisco Umbrella Rank: 1418
761 B
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3671
6 KB
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 831
24 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1095
13 KB
2 ubembed.com
185c650ccfd84b27aad189f19681365b.js.ubembed.com
assets.ubembed.com — Cisco Umbrella Rank: 12476
50 KB
1 mktoresp.com
805-usg-300.mktoresp.com — Cisco Umbrella Rank: 282981
318 B
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 514
318 B
1 ipstack.com
api.ipstack.com — Cisco Umbrella Rank: 28332
2 KB
1 weglot.com
api.weglot.com — Cisco Umbrella Rank: 20754
2 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
121 27
Domain Requested by
39 www.threatdown.com 1 redirects www.threatdown.com
12 cdn.cookielaw.org www.threatdown.com
cdn.cookielaw.org
10 dev.visualwebsiteoptimizer.com www.threatdown.com
dev.visualwebsiteoptimizer.com
5 px.ads.linkedin.com 3 redirects snap.licdn.com
5 go.malwarebytes.com www.threatdown.com
go.malwarebytes.com
4 fonts.gstatic.com fonts.googleapis.com
3 js.zi-scripts.com www.threatdown.com
js.zi-scripts.com
3 tag.demandbase.com www.threatdown.com
tag.demandbase.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
3 js.driftt.com www.threatdown.com
js.driftt.com
3 www.googletagmanager.com www.threatdown.com
www.googletagmanager.com
2 ws.zoominfo.com js.zi-scripts.com
2 id.rlcdn.com 2 redirects
2 analytics.google.com www.googletagmanager.com
2 munchkin.marketo.net www.threatdown.com
munchkin.marketo.net
2 snap.licdn.com www.googletagmanager.com
snap.licdn.com
2 www.redditstatic.com www.googletagmanager.com
www.redditstatic.com
2 pixel.wp.com www.threatdown.com
2 stats.wp.com www.threatdown.com
1 tag-logger.demandbase.com tag.demandbase.com
1 px4.ads.linkedin.com
1 www.linkedin.com 1 redirects
1 805-usg-300.mktoresp.com munchkin.marketo.net
1 api.company-target.com tag.demandbase.com
js.driftt.com
1 segments.company-target.com
1 s.company-target.com tag.demandbase.com
1 td.doubleclick.net www.googletagmanager.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 alb.reddit.com
1 pixel-config.reddit.com www.redditstatic.com
1 www.google.com www.googletagmanager.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 assets.ubembed.com 185c650ccfd84b27aad189f19681365b.js.ubembed.com
1 185c650ccfd84b27aad189f19681365b.js.ubembed.com www.googletagmanager.com
1 api.ipstack.com www.threatdown.com
1 api.weglot.com www.threatdown.com
1 fonts.googleapis.com www.threatdown.com
1 threatdown.com 1 redirects
1 www.malwarebytes.com 1 redirects
121 39
Subject Issuer Validity Valid
www.threatdown.com
E6
2024-12-10 -
2025-03-10
3 months crt.sh
upload.video.google.com
WR2
2024-12-02 -
2025-02-24
3 months crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2
2024-06-29 -
2025-07-31
a year crt.sh
go.malwarebytes.com
WE1
2024-11-21 -
2025-02-19
3 months crt.sh
wp.com
E6
2024-12-09 -
2025-03-09
3 months crt.sh
*.google-analytics.com
WR2
2024-12-02 -
2025-02-24
3 months crt.sh
*.gstatic.com
WR2
2024-12-02 -
2025-02-24
3 months crt.sh
api.weglot.com
WE1
2024-12-25 -
2025-03-25
3 months crt.sh
apilayer.net
Amazon RSA 2048 M02
2024-07-03 -
2025-08-01
a year crt.sh
cookielaw.org
WE1
2024-12-09 -
2025-03-09
3 months crt.sh
drift.com
Amazon RSA 2048 M03
2024-07-30 -
2025-08-27
a year crt.sh
*.js.ubembed.com
E5
2024-12-05 -
2025-03-05
3 months crt.sh
assets.ubembed.com
Amazon RSA 2048 M03
2024-11-05 -
2025-12-04
a year crt.sh
geolocation.onetrust.com
WE1
2024-12-09 -
2025-03-09
3 months crt.sh
*.google.com
WR2
2024-12-02 -
2025-02-24
3 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 08
2024-12-15 -
2025-06-13
6 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-10-06 -
2025-04-03
6 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2024-12-02 -
2025-12-01
a year crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1
2024-10-22 -
2025-10-24
a year crt.sh
tag.demandbase.com
Go Daddy Secure Certificate Authority - G2
2024-08-27 -
2025-09-28
a year crt.sh
zi-scripts.com
WE1
2024-11-20 -
2025-02-18
3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1
2024-10-13 -
2025-04-11
6 months crt.sh
*.g.doubleclick.net
WR2
2024-12-02 -
2025-02-24
3 months crt.sh
*.doubleclick.net
WR2
2024-12-02 -
2025-02-24
3 months crt.sh
*.company-target.com
R10
2024-12-13 -
2025-03-13
3 months crt.sh
api.demandbase.com
Go Daddy Secure Certificate Authority - G2
2024-08-13 -
2025-09-14
a year crt.sh
zoominfo.com
E5
2024-12-10 -
2025-03-10
3 months crt.sh
*.mktoresp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-08-15 -
2025-09-15
a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-10-14 -
2025-04-14
6 months crt.sh
tag-logger.demandbase.com
Amazon RSA 2048 M02
2024-12-13 -
2026-01-11
a year crt.sh

This page contains 7 frames:

Primary Page: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Frame ID: 1F23751F4074D4AF952C2AA7AD4C95F8
Requests: 113 HTTP requests in this frame

Frame: https://go.malwarebytes.com/index.php/form/XDFrame
Frame ID: 5BEF4BC15B37A07C1E1EBC586364BA50
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=7ghicgw4nish&eId=7ghicgw4nish&region=US&forceShow=false&skipCampaigns=false&sessionId=0235f6c1-04a6-4dec-8ad9-57e2624b7722&sessionStarted=1736335217.927&campaignRefreshToken=267f4d62-cdcb-4992-8d83-56db439f424f&hideController=false&pageLoadStartTime=1736335216017&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F
Frame ID: CE18DBBD0E0DAE6CF03DFFEC82A9D7E3
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1736335216017
Frame ID: 4ABEDA3143E9D5E0213335D9BF2B4D97
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/5160/sw_iframe.html?origin=https%3A%2F%2Fwww.threatdown.com
Frame ID: 69F509E764E22B319C6F09FBB7E4559A
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-LTWDK0JK3Z&gacid=663902058.1736335218&gtm=45je4cc1v9167498142z89167491076za200zb9167491076&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=233820861
Frame ID: F07BF364911DA173E33919594AA8D246
Requests: 1 HTTP requests in this frame

Frame: https://s.company-target.com/s/sync?exc=lr
Frame ID: 219E80A37CA30599195173825FD75B62
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

PikaBot distributed via malicious search ads - ThreatDown by Malwarebytes

Page URL History Show full URLs

  1. https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads HTTP 301
    http://threatdown.com/blog/pikabot-distributed-via-malicious-ads HTTP 307
    https://threatdown.com/blog/pikabot-distributed-via-malicious-ads HTTP 301
    https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads HTTP 301
    https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • ubembed\.com

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • wp-content/plugins/weglot

Page Statistics

121
Requests

95 %
HTTPS

31 %
IPv6

27
Domains

39
Subdomains

37
IPs

2
Countries

2105 kB
Transfer

5817 kB
Size

47
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads HTTP 301
    http://threatdown.com/blog/pikabot-distributed-via-malicious-ads HTTP 307
    https://threatdown.com/blog/pikabot-distributed-via-malicious-ads HTTP 301
    https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads HTTP 301
    https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 106
  • https://id.rlcdn.com/464526.gif HTTP 307
  • https://id.rlcdn.com/1000.gif?memo=CI6tHBoNCPK--bsGEgUI6AcQAEIASgA HTTP 307
  • https://segments.company-target.com/log?vendor=liveramp&user_id=Xc1297OoCo9jb4-AUl-lRpJ1pLTOLDfDZH11z9gPsY1u0yFGU
Request Chain 113
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=6676530&time=1736335218660&li_adsId=693f7fd0-ca2d-4127-9a56-436e00129b0b&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=6676530&time=1736335218660&li_adsId=693f7fd0-ca2d-4127-9a56-436e00129b0b&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D6676530%26time%3D1736335218660%26li_adsId%3D693f7fd0-ca2d-4127-9a56-436e00129b0b%26url%3Dhttps%253A%252F%252Fwww.threatdown.com%252Fblog%252Fpikabot-distributed-via-malicious-ads%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=6676530&time=1736335218660&li_adsId=693f7fd0-ca2d-4127-9a56-436e00129b0b&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=6676530&time=1736335218660&li_adsId=693f7fd0-ca2d-4127-9a56-436e00129b0b&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&cookiesTest=true&liSync=true&e_ipv6=AQJ0WPRiDE_ZuQAAAZRFpNqsdj1popEEld5Af68MDfC18JL8yWtqjO6WUxP2sjmvzJAFDg

121 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Redirect Chain
  • https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads
  • http://threatdown.com/blog/pikabot-distributed-via-malicious-ads
  • https://threatdown.com/blog/pikabot-distributed-via-malicious-ads
  • https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads
  • https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
145 KB
28 KB
Document
General
Full URL
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx / WordPress VIP <https://wpvip.com>
Resource Hash
f6fe9157b8ffd2a49b02f3301a58beab201e9972d74e57598ba9b6a33f0426b3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=300, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 08 Jan 2025 11:20:15 GMT
host-header
a9130478a60e5f9135f765b23f26593b
link
<https://www.threatdown.com/api/>; rel="https://api.w.org/" <https://www.threatdown.com/api/wp/v2/posts/100758>; rel="alternate"; title="JSON"; type="application/json" <https://www.threatdown.com/?p=100758>; rel=shortlink
server
nginx
vary
Accept-Encoding
x-cache
HIT
x-hacker
If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by
WordPress VIP <https://wpvip.com>
x-rq
bur7 123 243 443

Redirect headers

cache-control
max-age=3600
content-type
text/html; charset=UTF-8
date
Wed, 08 Jan 2025 11:20:15 GMT
host-header
a9130478a60e5f9135f765b23f26593b
location
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
server
nginx
x-cache
HIT
x-hacker
If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by
WordPress VIP <https://wpvip.com>
x-redirect-by
WordPress
x-rq
bur7 123 242 443
style.min.css
www.threatdown.com/wp-includes/css/dist/block-library/
112 KB
15 KB
Stylesheet
General
Full URL
https://www.threatdown.com/wp-includes/css/dist/block-library/style.min.css?m=1732206022g
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
3bb38d0f302677ff4104564454f60f495133579d6e6dfb722b3de850df596502

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
etag
W/"673f5dc6-1c012"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
text/css
last-modified
Thu, 21 Nov 2024 16:20:22 GMT
server
nginx
vary
Accept-Encoding
/
www.threatdown.com/_static/
2 KB
451 B
Stylesheet
General
Full URL
https://www.threatdown.com/_static/??-eJydzEEKgCAQQNELNQ1WEC2is9goIekojlHdPshtq7afx8czAUUulgsmf2yOBYuB1UfaBWrB9XDeYG1IMSSdnUSuCqXc3oJjY6+WRBr8sXw1kM7me7qEWY1q6odx6oYHQJpCug==
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
3a9e6c0f049cf5f2dc66d2e1bd07441dbb9342310d82af37ac5d77facbf4589b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 242 443
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:15 GMT
content-type
text/css;charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Tue, 25 Jun 2024 20:38:44 GMT
/
www.threatdown.com/_static/
7 KB
1 KB
Stylesheet
General
Full URL
https://www.threatdown.com/_static/??-eJytzkEOwjAMBMAPYUxLRU+It5DYBIvUqeKkhd9TKVdOqNfd1WhxncEnLawF51iDqGEhcDH5l0FL0FWJhC3DR8pT69HKJzKIEr+P3uyA/2EmGjZnLzPkO8k2B5JFiDNYdXvZT84Jlv7319t07cbzcBrGS999AYOxgOc=
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
57c9a5874b3e5e9ca0a275d6ab29e175358f8db27d98332777999bd19d9fc8d4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:15 GMT
content-type
text/css;charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Thu, 12 Dec 2024 23:53:41 GMT
style-index.css
www.threatdown.com/wp-content/plugins/td-blocks-plugin/build/blocks/tab-area-block/
2 KB
702 B
Stylesheet
General
Full URL
https://www.threatdown.com/wp-content/plugins/td-blocks-plugin/build/blocks/tab-area-block/style-index.css?m=1719347924g
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
c0813b9627886c9fa1d6d57eb7a227747ab6e2629ab19bf1f646af9c7c3d79e0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 242 443
etag
W/"667b2ad4-629"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:15 GMT
content-type
text/css
last-modified
Tue, 25 Jun 2024 20:38:44 GMT
server
nginx
vary
Accept-Encoding
/
www.threatdown.com/_static/
15 KB
4 KB
Stylesheet
General
Full URL
https://www.threatdown.com/_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpobGxkZmBkYGQMARIMu1Q==
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
3d2c10cf69410c10177fc6e56937d05151b182841fa6aee36f651d587d91fbb8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:15 GMT
content-type
text/css;charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Thu, 21 Nov 2024 16:20:23 GMT
/
www.threatdown.com/_static/
228 KB
23 KB
Stylesheet
General
Full URL
https://www.threatdown.com/_static/??-eJyVUEEOwjAM+xBdRpHghHgEL+jWrER0bdV0GvyeUAbiMiSOdmxHNsxJUej9ZJGhZwZLXKCPY4oBQ2HgcvfYjBQauW5A5H0MRU6Q/OQoMPhYCuFAXhK6ibz9ZtSQq9w+7asRaeo88SVlZFaMmcSYcoSY3bmiv53vThUYa6No8VayUSVeUcAnWlV69cGMTuoss8g+tY/6VWZxmJRe4zEEnNXgjaue03jcHnZat/tW6wfAlJFh
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5009e300c2262d52c4d5b5d7f9ecdc5a1394f15fdd39b3488514e8fed330709a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:15 GMT
content-type
text/css;charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Thu, 21 Nov 2024 16:20:22 GMT
/
www.threatdown.com/_static/
176 KB
57 KB
Stylesheet
General
Full URL
https://www.threatdown.com/_static/??/wp-content/themes/mbc/style.css,/wp-includes/css/dashicons.min.css?m=1734047621
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e5edd86099f638799b498e7cf119d5ac2b56bc5572871fde58a0c02c281eef46

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 242 443
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:15 GMT
content-type
text/css;charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Thu, 12 Dec 2024 23:53:41 GMT
/
www.threatdown.com/_static/
25 KB
6 KB
Script
General
Full URL
https://www.threatdown.com/_static/??/wp-content/plugins/lottiefiles/build/frontend-helper.js,/wp-content/plugins/weglot/dist/front-js.js?m=1730997802j
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
7746d00bc434d3a217cf17fb00f6fed9e562f63a13ee913e5300435478830269

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:15 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
last-modified
Thu, 07 Nov 2024 16:43:22 GMT
css2
fonts.googleapis.com/
12 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700;900&display=swap
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
41b8e4e3780edc3faba1e862c17c1163e92787a7326a60984278c32be0670f9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 08 Jan 2025 11:20:16 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 08 Jan 2025 11:05:58 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
logo-header-threatdown-horizontal.svg
www.threatdown.com/wp-content/themes/mbc/images/
27 KB
10 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/logo-header-threatdown-horizontal.svg
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
9e36f834eeef0ed10ef8d2681c179af354758c4d329f3514ac4caae28a7310a9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=300, must-revalidate
content-encoding
br
x-rq
bur7 123 242 443
etag
W/"6555240c-6cc1"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:15 GMT
content-type
image/svg+xml
last-modified
Wed, 15 Nov 2023 20:03:24 GMT
server
nginx
vary
Accept-Encoding
nav-nebula_sign_in.png
www.threatdown.com/wp-content/uploads/2024/04/
30 KB
30 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/uploads/2024/04/nav-nebula_sign_in.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5a9aa0112c5d786557feaa6cf96b3136219005f43dc46cd6c394b8d387006901

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
x-rq
bur7 118 54 443
etag
"f80114582e4fa86a"
accept-ranges
bytes, bytes
x-cache
HIT
content-length
30536
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/webp
last-modified
Fri, 08 Nov 2024 14:15:34 GMT
server
nginx
vary
Accept
px-center.png
www.threatdown.com/wp-content/uploads/2023/11/
17 KB
18 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/uploads/2023/11/px-center.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
bc48f6d63c43b68b083b43a28928a8c79fa5a940b958f3c82e7cf9dfb20cc713

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
x-rq
bur7 113 150 443
etag
"6bdf5f6ab28d83bf"
accept-ranges
bytes, bytes
x-cache
HIT
content-length
17818
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/webp
last-modified
Fri, 08 Nov 2024 14:15:34 GMT
server
nginx
vary
Accept
sor-2024.png
www.threatdown.com/wp-content/uploads/2024/08/
287 KB
288 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/uploads/2024/08/sor-2024.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
cf9ca61a00ddb5352412e2b3786688e6c7d94a3ff94f9683d3f2be6c8dfec8f0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
x-rq
bur7 118 52 443
etag
"29ed2a1929636094"
accept-ranges
bytes, bytes
x-cache
HIT
content-length
293958
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/webp
last-modified
Fri, 08 Nov 2024 14:15:35 GMT
server
nginx
vary
Accept
image-7.png
www.threatdown.com/wp-content/uploads/2024/06/
14 KB
14 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/uploads/2024/06/image-7.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5d73add4b4c244e37f72201f51447f26ac9f30970e9e02ce45d0e05a5e58b21c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
x-rq
bur7 118 21 443
etag
"bfe28e1a20095d8d"
accept-ranges
bytes, bytes
x-cache
HIT
content-length
14622
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/webp
last-modified
Wed, 08 Jan 2025 11:06:13 GMT
server
nginx
vary
Accept
image-2.png
www.threatdown.com/wp-content/uploads/2024/06/
36 KB
36 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/uploads/2024/06/image-2.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
c009a64085905de705aa36130211009e6ad252f7460e476f5498a065b0d6e4f0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
x-rq
bur7 113 149 443
etag
"06008d342b4eb6db"
accept-ranges
bytes, bytes
x-cache
HIT
content-length
36802
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/webp
last-modified
Wed, 08 Jan 2025 11:06:13 GMT
server
nginx
vary
Accept
image-4.png
www.threatdown.com/wp-content/uploads/2024/06/
49 KB
49 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/uploads/2024/06/image-4.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
3f0915bd6aed5098e3a7033994e4b706b4ccdfaa08d5450fe668b4beb6bd0ab0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
x-rq
bur7 118 52 443
etag
"2b4c1f03ccb56914"
accept-ranges
bytes, bytes
x-cache
HIT
content-length
50366
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/webp
last-modified
Wed, 08 Jan 2025 11:06:13 GMT
server
nginx
vary
Accept
image-5.png
www.threatdown.com/wp-content/uploads/2024/06/
8 KB
9 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/uploads/2024/06/image-5.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
323afff76b71bf2771d47f84f88ac7e7e7fd3fff5e0742f34225e4236867faf0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
x-rq
bur7 118 22 443
etag
"f6f35523ce0b2e03"
accept-ranges
bytes, bytes
x-cache
HIT
content-length
8644
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/webp
last-modified
Wed, 08 Jan 2025 11:06:13 GMT
server
nginx
vary
Accept
image-6.png
www.threatdown.com/wp-content/uploads/2024/06/
31 KB
31 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/uploads/2024/06/image-6.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5615d2afdc7c33e54368f077e01112dc639c0c197ed6096fb9c4dd57cb6a9878

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
x-rq
bur7 113 75 443
etag
"7911597c7a1e2e4e"
accept-ranges
bytes, bytes
x-cache
HIT
content-length
31930
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/webp
last-modified
Wed, 08 Jan 2025 11:06:13 GMT
server
nginx
vary
Accept
image-9.png
www.threatdown.com/wp-content/uploads/2024/06/
9 KB
10 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/uploads/2024/06/image-9.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
8e411625cc4d1865f0dcdd7f83350584c2186f705cf98d6fec80d6b278988b4d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
x-rq
bur7 118 54 443
etag
"2887088d2a7ca653"
accept-ranges
bytes, bytes
x-cache
HIT
content-length
9598
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/webp
last-modified
Wed, 08 Jan 2025 11:06:13 GMT
server
nginx
vary
Accept
image-10.png
www.threatdown.com/wp-content/uploads/2024/06/
32 KB
32 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/uploads/2024/06/image-10.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
3a72ddc826b859c5cbf718180fe0e74776d272e1dfda1b06775dd90cf5a26e43

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
x-rq
bur7 115 147 443
etag
"94650f260c1c19b7"
accept-ranges
bytes, bytes
x-cache
HIT
content-length
32766
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/webp
last-modified
Wed, 08 Jan 2025 11:06:13 GMT
server
nginx
vary
Accept
4f0ea614-f80c-47ed-8394-21a7a8ec913e
https://www.threatdown.com/ Frame
0
0

j.php
dev.visualwebsiteoptimizer.com/
32 KB
10 KB
XHR
General
Full URL
https://dev.visualwebsiteoptimizer.com/j.php?a=805334&u=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&vn=2.1&x=true
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
gla1 /
Resource Hash
595558e35e3f9a87c2bcb3d641428347a8adeeaa187540145efedd785424fe63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=0, no-cache, must-revalidate
timing-allow-origin
*
content-encoding
gzip
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://www.threatdown.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 08 Jan 2025 11:20:15 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
gla1
x-logo.svg
www.threatdown.com/wp-content/themes/mbc/images/
449 B
645 B
Image
General
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/x-logo.svg
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
bf8b6eabee06732294708b4285c90c685bb297b55151f7efe37afd1ead1d3ab0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=300, must-revalidate
x-rq
bur7 123 242 443
etag
"6555240c-1c1"
accept-ranges
bytes
x-cache
HIT
content-length
449
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/svg+xml
last-modified
Wed, 15 Nov 2023 20:03:24 GMT
server
nginx
threatdown-logo.svg
www.threatdown.com/wp-content/themes/mbc/images/
28 KB
10 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/threatdown-logo.svg
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
9da2bd1aa1b397eea1fa3b751fd50e0f624a33761a4e9e9fd660ed3d26f07f1b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=300, must-revalidate
content-encoding
br
x-rq
bur7 123 242 443
etag
W/"6542bef5-6f8b"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/svg+xml
last-modified
Wed, 01 Nov 2023 21:11:17 GMT
server
nginx
vary
Accept-Encoding
forms2.min.js
go.malwarebytes.com/js/forms2/js/
199 KB
67 KB
Script
General
Full URL
https://go.malwarebytes.com/js/forms2/js/forms2.min.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e1bfe53260b5fa35318df2850a20f74c97d41af88b7d233d331811d842f26d3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"168116c-31b73-6265ea284c6bf"
age
212
x-content-type-options
nosniff
cf-ray
8febcc1e7946fb30-SJC
expires
Wed, 08 Jan 2025 15:20:16 GMT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/x-javascript
last-modified
Fri, 08 Nov 2024 03:49:15 GMT
vary
Accept-Encoding
server
cloudflare
/
www.threatdown.com/_static/
67 KB
12 KB
Stylesheet
General
Full URL
https://www.threatdown.com/_static/??-eJyNjcEOgyAQRH+odKumth6M3yKwQVJcNizo74vpyfTS28yb5A3srEykjJSBQ3GeBGa7zWTQKlcq15ic4hQheA0bko0JuOjgZeGEIpeidIjmUxUimAVMnb/kXuMN/j/7EZz0lEzr2PTD8Oja5/t1AGKPR1o=
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3cc69a381981c2717f3a867f2d2449593a3f70dab0cd5db512cff9757f6acb0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 242 443
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
text/css;charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Fri, 03 Nov 2023 17:29:47 GMT
/
www.threatdown.com/_static/
358 KB
93 KB
Script
General
Full URL
https://www.threatdown.com/_static/??-eJyVzMEOgjAQhOEXEhZLoifjs2Bbceqybdgthre3FxOuXiff/PQpnc9iUYwK1xmixNkM8QmOSo8KDselKzztce2TnujvLxpeJ2/YYPsvAfFcQ/NJKUCNXjm/tV8gTdyX2/k6OjdcBjemLwsdQTM=
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
b8b1ce0c64cd9ced5c11ac18169793f7e77b42a9867a68daa18432e625823645

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 242 443
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
last-modified
Thu, 21 Nov 2024 16:20:23 GMT
i18n.min.js
www.threatdown.com/wp-includes/js/dist/
9 KB
4 KB
Script
General
Full URL
https://www.threatdown.com/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f313d12ea6124bd28fc4a6b7163d253bb83d5aeab5edce594880c5c3df475cbc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
etag
W/"673f5dc7-23b5"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript
last-modified
Thu, 21 Nov 2024 16:20:23 GMT
server
nginx
vary
Accept-Encoding
i18n-loader.js
www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-assets/build/
6 KB
3 KB
Script
General
Full URL
https://www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-assets/build/i18n-loader.js?minify=true&ver=becd7d9884bc1b331e45
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5e5c12d7275bca7a6c4cc0422ac102b9c1b7d60a2bf6aa871953e35464143068

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 242 443
etag
W/"6758b692-1797"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript
last-modified
Tue, 10 Dec 2024 21:45:54 GMT
server
nginx
vary
Accept-Encoding
/
www.threatdown.com/_static/
45 KB
17 KB
Script
General
Full URL
https://www.threatdown.com/_static/??/wp-includes/js/dist/vendor/wp-polyfill.min.js,/wp-includes/js/dist/url.min.js?m=1732206023j
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
493d1738616ed3d43cc9c14992e76cb7eae7c1ee6f908ce934a93078a4dca0c6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
last-modified
Thu, 21 Nov 2024 16:20:23 GMT
jp-search.js
www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-search/build/instant-search/
7 KB
3 KB
Script
General
Full URL
https://www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=2b91c6a8150537fa6728
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
b3b5501ac32a450bccdae59d3042969381d48d1d9aecf1686e6ffc61b07c9c09

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
etag
W/"6758b693-1bda"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript
last-modified
Tue, 10 Dec 2024 21:45:55 GMT
server
nginx
vary
Accept-Encoding
w.js
stats.wp.com/
13 KB
5 KB
Script
General
Full URL
https://stats.wp.com/w.js?ver=202502
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
bbcc769c4704058d89afc024f24dde11deed8ec61b99f1d52ba935fad8614523

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-nc
HIT bur
etag
W/12868-1717166113545.3977
x-minify
t
x-minify-cache
hit
access-control-allow-methods
GET, HEAD
expires
Mon, 05 Jan 2026 23:28:57 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
script.min.js
www.threatdown.com/wp-content/themes/mbc/js/
95 KB
35 KB
Script
General
Full URL
https://www.threatdown.com/wp-content/themes/mbc/js/script.min.js?m=1725659745g
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
9e7b15e5a63410ed9a1f0391c990255d7c67d20f46aabf5b02f3712b6c61220b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
etag
W/"66db7a61-17d47"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript
last-modified
Fri, 06 Sep 2024 21:55:45 GMT
server
nginx
vary
Accept-Encoding
e-202502.js
stats.wp.com/
7 KB
3 KB
Script
General
Full URL
https://stats.wp.com/e-202502.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-nc
HIT bur
etag
W/14421-1717166114957.2727
x-minify
t
x-minify-cache
hit
access-control-allow-methods
GET, HEAD
expires
Mon, 05 Jan 2026 07:54:09 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
/
www.threatdown.com/_static/
99 KB
35 KB
Script
General
Full URL
https://www.threatdown.com/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraG5sZGRgZmBkXEWAK8tIhI=
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ecf7723a32533007ede558c546fc8ba30f508283223b6e7f49c297b7c63c8b50

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
last-modified
Thu, 21 Nov 2024 16:20:23 GMT
gtm.js
www.googletagmanager.com/
351 KB
114 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MQ92VXZT
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ccfd43f6c6107df15253c202994bd35f355ec18e186c09487d65807318695955
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Wed, 08 Jan 2025 11:20:16 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 08 Jan 2025 09:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
115701
x-xss-protection
0
server
Google Tag Manager
masterpage-svg.svg
www.threatdown.com/wp-content/themes/mbc/images/
70 KB
23 KB
Other
General
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/masterpage-svg.svg
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
4662962f6a7ba6c6e423763f88ab9af3ec3fb17eeba90a673590984319c3e706

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=300, must-revalidate
content-encoding
br
x-rq
bur7 123 243 443
etag
W/"6542bef5-116c9"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/svg+xml
last-modified
Wed, 01 Nov 2023 21:11:17 GMT
server
nginx
vary
Accept-Encoding
worker-037b3686a29813ddf37c49bbdbe596a4br.js
dev.visualwebsiteoptimizer.com/cdn/edrv/
260 KB
63 KB
XHR
General
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/edrv/worker-037b3686a29813ddf37c49bbdbe596a4br.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9877f9c44cb22bd74ca3a23dd8b56bf8527bdbba3b573cc75c59d80ae6b46eff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=BfgX3A==, md5=9Za4h4Piz8VX2mSFbl9Ucw==
etag
"f596b88783e2cfc557da64856e5f5473"
age
10529
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
64301
date
Wed, 08 Jan 2025 08:24:47 GMT
last-modified
Wed, 08 Jan 2025 06:25:54 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AFiumC47H6XT1fdRkb-KWmeAqbFW8E7277eFYoDnjef5ObeG972JCey_qj79ez64HsqWfvQ_Y8iZl3c
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1736317554596799
content-length
64301
content-language
en
server
UploadServer
va_gq-49922f4535d1d15cf476dd37801f00acbr.js
dev.visualwebsiteoptimizer.com/cdn/edrv/
280 KB
72 KB
XHR
General
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/edrv/va_gq-49922f4535d1d15cf476dd37801f00acbr.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3e3cef9a429610e8a12f848cc7b810978847ea39e2a04b32f180bd4c6704f0a2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=bkHjKg==, md5=uoHnIASvTIEWM8dBW5Y0Cw==
etag
"ba81e72004af4c811633c7415b96340b"
age
10529
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
73973
date
Wed, 08 Jan 2025 08:24:47 GMT
last-modified
Wed, 08 Jan 2025 06:26:23 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AFiumC7xkpz2wSwZOa-mAjwwo7zwR3i_DWE0OJgdZPKInPS8wMVglEsO196_fTKD5sgQ4zkx4wWSFHM
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1736317583313925
content-length
73973
content-language
en
server
UploadServer
v.gif
dev.visualwebsiteoptimizer.com/
35 B
147 B
Image
General
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=805334&d=threatdown.com&u=D1ADAAD469FBCC9D60B80333B94492508&h=5735912796d11da0d86fd30a06f520a4&t=false
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
gnv01c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=43200
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/gif
server
gnv01c
indic-chevron-right.svg
www.threatdown.com/wp-content/themes/mbc/images/
33 KB
33 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/indic-chevron-right.svg
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/_static/??/wp-content/themes/mbc/style.css,/wp-includes/css/dashicons.min.css?m=1734047621
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx / WordPress VIP <https://wpvip.com>
Resource Hash
aa2c9456007daee99b31d07a44d0b5f3feda39bed4ff889215e3bb7794a8b246

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/_static/??/wp-content/themes/mbc/style.css,/wp-includes/css/dashicons.min.css?m=1734047621

Response headers

link
<https://www.threatdown.com/api/>; rel="https://api.w.org/"
content-encoding
br
x-rq
bur7 123 243 443
x-cache
STALE
date
Wed, 08 Jan 2025 11:20:16 GMT
host-header
a9130478a60e5f9135f765b23f26593b
content-type
text/html; charset=UTF-8
x-powered-by
WordPress VIP <https://wpvip.com>
vary
Accept-Encoding
server
nginx
x-hacker
If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.227 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f3.1e100.net
Software
sffe /
Resource Hash
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.threatdown.com
Referer
https://fonts.googleapis.com/

Response headers

age
470455
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 03 Jan 2026 00:39:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 03 Jan 2025 00:39:21 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18588
x-xss-protection
0
server
sffe
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.227 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f3.1e100.net
Software
sffe /
Resource Hash
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.threatdown.com
Referer
https://fonts.googleapis.com/

Response headers

age
440602
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 03 Jan 2026 08:56:54 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 03 Jan 2025 08:56:54 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.227 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f3.1e100.net
Software
sffe /
Resource Hash
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.threatdown.com
Referer
https://fonts.googleapis.com/

Response headers

age
487467
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 02 Jan 2026 19:55:49 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 02 Jan 2025 19:55:49 GMT
last-modified
Thu, 01 Aug 2024 20:41:21 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18596
x-xss-protection
0
server
sffe
truncated
/
31 KB
31 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6db83b2803fed3f9b574567755102b18c401904a374c8acf4c9a2e9b0159cb4f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.threatdown.com
Referer

Response headers

Content-Type
application/x-font-woff;charset=utf-8
robot.jpg
www.threatdown.com/wp-content/uploads/2021/06/
17 KB
18 KB
Image
General
Full URL
https://www.threatdown.com/wp-content/uploads/2021/06/robot.jpg?resize=768,432
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
44583ed1eb7b1de0aba03aed7f9d38c7c67454ef20b088a24b459bf14ea929fa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
x-rq
bur7 118 54 443
etag
"d032947825bfcf91"
accept-ranges
bytes, bytes
x-cache
HIT
content-length
17774
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/webp
last-modified
Wed, 08 Jan 2025 11:06:14 GMT
server
nginx
vary
Accept
4b3ea5c8-d00e-4c2e-9e02-b9c42b7d4853
https://www.threatdown.com/ Frame
0
0

truncated
/
211 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
28b48920a64e295085db5f353539dbff2b7f6d76c4ba71e959ffac345a36c5c1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
s.gif
dev.visualwebsiteoptimizer.com/
35 B
54 B
Image
General
Full URL
https://dev.visualwebsiteoptimizer.com/s.gif?account_id=805334&u=D1ADAAD469FBCC9D60B80333B94492508&s=1736335215&ed=%7B%22sr%22%3A%221600x1200%22%2C%22sc%22%3A24%2C%22de%22%3A%22UTF-8%22%2C%22ul%22%3A%22en-us%22%2C%22r%22%3A%22%22%2C%22lt%22%3A1736335216608%2C%22tO%22%3A10%2C%22tz%22%3A%22Pacific%2FHonolulu%22%7D&cu=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&r=0&p=1&cq=0&eTime=1736335215618&v=90e8eeca0
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
gnv01c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
x-content-type-options
nosniff
via
1.1 google
expires
Mon, 10 Jan 2005 00:00:01 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/gif
server
gnv01c
pageviews
api.weglot.com/
2 B
2 KB
XHR
General
Full URL
https://api.weglot.com/pageviews?api_key=wg_b310b3cb37917975ba31f8a293be66062
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.149.114 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.weglot.com; base-uri 'self'; connect-src 'self' *; font-src 'self' cdn.jsdelivr.net https://fonts.gstatic.com data:; form-action 'self' *.weglot.com api.workos.com error.workos.com announcekit.app https://www.facebook.com https://accounts.google.com https://login.microsoftonline.com https://pi.zebra.com https://*.okta.com https://*.jumpcloud.com; frame-src 'self' *.weglot.io announcekit.app code.gist.build renderer.gist.build https://www.google.com https://www.googletagmanager.com https://js.stripe.com https://app.goentri.com https://www.youtube.com https://www.youtube-nocookie.com https://td.doubleclick.net https://js.refiner.io blob: https://weglot.nolt.io https://www.facebook.com; img-src 'self' * data: blob:; object-src 'none'; media-src 'self' data: blob:; script-src 'nonce-a78ec269bc28698a89c7a5bc402a4748' 'strict-dynamic'; style-src 'self' 'unsafe-inline' *.weglot.com https://app.productfruits.com; worker-src 'self' blob:; block-all-mixed-content;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub3bd6aeebbc69014092e8cc554aa628f3&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod;frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.threatdown.com/

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE
x-content-type-options
nosniff
expires
Wed, 08 Jan 2025 11:20:16 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/json
priority
u=1,i
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Weglot-Source, Authorization
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' *.weglot.com; base-uri 'self'; connect-src 'self' *; font-src 'self' cdn.jsdelivr.net https://fonts.gstatic.com data:; form-action 'self' *.weglot.com api.workos.com error.workos.com announcekit.app https://www.facebook.com https://accounts.google.com https://login.microsoftonline.com https://pi.zebra.com https://*.okta.com https://*.jumpcloud.com; frame-src 'self' *.weglot.io announcekit.app code.gist.build renderer.gist.build https://www.google.com https://www.googletagmanager.com https://js.stripe.com https://app.goentri.com https://www.youtube.com https://www.youtube-nocookie.com https://td.doubleclick.net https://js.refiner.io blob: https://weglot.nolt.io https://www.facebook.com; img-src 'self' * data: blob:; object-src 'none'; media-src 'self' data: blob:; script-src 'nonce-a78ec269bc28698a89c7a5bc402a4748' 'strict-dynamic'; style-src 'self' 'unsafe-inline' *.weglot.com https://app.productfruits.com; worker-src 'self' blob:; block-all-mixed-content;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub3bd6aeebbc69014092e8cc554aa628f3&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod;frame-ancestors 'none';
cache-control
max-age=0, must-revalidate, no-store, private
referrer-policy
strict-origin-when-cross-origin
cf-ray
8febcc209c1d2f6f-LAX
permissions-policy
accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(self), magnetometer=(), microphone=(), midi=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), hid=(), idle-detection=(), serial=()
access-control-allow-origin
*
x-xss-protection
1; mode=block
server
cloudflare
g.gif
pixel.wp.com/
50 B
177 B
Image
General
Full URL
https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.5387952696180289
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
no-cache
access-control-allow-origin
*
content-length
50
alt-svc
h3=":443"; ma=86400
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/gif
server
nginx
check
api.ipstack.com/
1 KB
2 KB
Fetch
General
Full URL
https://api.ipstack.com/check?access_key=0dcc7759180b385aa39a4c471f0e2cc6
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/wp-content/themes/mbc/js/script.min.js?m=1725659745g
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.210.254.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-210-254-78.compute-1.amazonaws.com
Software
/
Resource Hash
26cb9fd16099629cbd16a22ae2ae0fbd07e4cd1bfdec6bbb44cb84e42961ca1f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

transfer-encoding
chunked
x-request-time
0.035
x-quota-remaining
451915
access-control-allow-methods
GET, POST, HEAD, OPTIONS
x-apilayer-transaction-id
f63001fe-1ec5-4060-9478-9e86cdca8466
access-control-allow-origin
*
x-quota-limit
500000
date
Wed, 08 Jan 2025 11:20:17 GMT
x-increment-usage
1
content-type
application/json
access-control-allow-headers
*
getForm
go.malwarebytes.com/index.php/form/
5 KB
2 KB
Script
General
Full URL
https://go.malwarebytes.com/index.php/form/getForm?munchkinId=805-USG-300&form=6056&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&callback=jQuery37103845120934114419_1736335216584&_=1736335216585
Requested by
Host: go.malwarebytes.com
URL: https://go.malwarebytes.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3372a0453b7919dc71b3e3a80171507254fa890e4ea825904462ffd6da7195f7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cf-ray
8febcc208a85fb30-SJC
cached
true
content-encoding
gzip
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
cloudflare
g.gif
pixel.wp.com/
50 B
177 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=ext&blog=220729883&post=100758&tz=0&srv=www.threatdown.com&hp=vip&j=1%3A14.0&host=www.threatdown.com&ref=&rand=0.9850940814164815
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
no-cache
access-control-allow-origin
*
content-length
50
alt-svc
h3=":443"; ma=86400
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
image/gif
server
nginx
wp-emoji-release.min.js
www.threatdown.com/wp-includes/js/
18 KB
5 KB
Script
General
Full URL
https://www.threatdown.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.1
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
etag
W/"673f5dc7-4926"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript
last-modified
Thu, 21 Nov 2024 16:20:23 GMT
server
nginx
vary
Accept-Encoding
nc-b168471f1474c206fd3eed5be0cade89br.js
dev.visualwebsiteoptimizer.com/cdn/edrv/
21 KB
6 KB
XHR
General
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/edrv/nc-b168471f1474c206fd3eed5be0cade89br.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
7ab0b19dbf90f7e78c37f36a818cba9edb9249c765e0eb0f1b23b1600c486d4f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=++AENQ==, md5=elY8LfIB5I+8K6CCmsLKLg==
etag
"7a563c2df201e48fbc2ba0829ac2ca2e"
age
10529
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
6621
date
Wed, 08 Jan 2025 08:24:47 GMT
last-modified
Wed, 08 Jan 2025 06:27:12 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AFiumC5lP_glMahTE9E4s1Yn8Ea4S6flTjEFMJenfRzJWtuVkAHQoY19TgH6SybGZ2sq0pkuu5VD10c
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1736317632452401
content-length
6621
content-language
en
server
UploadServer
jp-search.defaultVendors.js
www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-search/build/instant-search/
84 KB
27 KB
Script
General
Full URL
https://www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=de2ca6483f4333240053
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=2b91c6a8150537fa6728
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1e1240215cbd31c1bab9b2164cc9940d0324a5ae56ea250da56a8b29d5a46ab0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
etag
W/"6758b693-151bc"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript
last-modified
Tue, 10 Dec 2024 21:45:55 GMT
server
nginx
vary
Accept-Encoding
jp-search.chunk-main-payload.css
www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-search/build/instant-search/
36 KB
5 KB
Stylesheet
General
Full URL
https://www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=9d1725f327b1ce30525f
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=2b91c6a8150537fa6728
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
4dd117d2c92e7c493a6741ab1460b8248c512c3fbb15ea9a2bc5a7b0bfe16411

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 243 443
etag
W/"6758b693-8e9d"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
text/css
last-modified
Tue, 10 Dec 2024 21:45:55 GMT
server
nginx
vary
Accept-Encoding
jp-search.chunk-main-payload.js
www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-search/build/instant-search/
75 KB
20 KB
Script
General
Full URL
https://www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=0f41dd5f8c16fb9fab1e
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/wp-content/mu-plugins/jetpack-14.0/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=2b91c6a8150537fa6728
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5491232f7876f962be415045ad990066d3847896727e2705dc0376c15b81e729

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 123 242 443
etag
W/"6758b693-12a86"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
application/javascript
last-modified
Tue, 10 Dec 2024 21:45:55 GMT
server
nginx
vary
Accept-Encoding
track-d04c8081bf4dc287381469307cbde8f0br.js
dev.visualwebsiteoptimizer.com/cdn/7.0/
16 KB
5 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/7.0/track-d04c8081bf4dc287381469307cbde8f0br.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
794611bd22fd0c5bbbc2c9551c9f789c00af4f696bd53db22ab3e9d1904702ed

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=QmsMOw==, md5=ZOwQi3qO1LJhyJSoflKgfg==
etag
"64ec108b7a8ed4b261c894a87e52a07e"
age
57817
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
4765
date
Tue, 07 Jan 2025 19:16:39 GMT
last-modified
Fri, 03 Jan 2025 13:30:59 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AFiumC4hYn0HXLZnymkTT1ExfISLq3EA5Eth7aiw4r1tg7oY_wDatCIG75HpvJ3FJwWi8EI
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1735911058918422
content-length
4765
content-language
en
server
UploadServer
opa-833f05c8c3e0d1d783cf53defa064e9cbr.js
dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/
159 KB
40 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-833f05c8c3e0d1d783cf53defa064e9cbr.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b08230a60d59a2e403435f62f24a62a24be46bab61827e3e13a96299aa517dbb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=MGxfXg==, md5=rvpHQdvJY22E1B153Vi1UA==
etag
"aefa4741dbc9636d84d41d79dd58b550"
age
97153
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
40811
date
Tue, 07 Jan 2025 08:21:03 GMT
last-modified
Tue, 07 Jan 2025 07:25:09 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AFiumC5rm0Ny5IRj75WbClhJ47vsQqAVYymzt0oNWG9EXtc5EsMVfHnBgZpd0zVmgzOTqJg
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1736234709253759
content-length
40811
content-language
en
server
UploadServer
settings.js
dev.visualwebsiteoptimizer.com/dcdn/
50 KB
8 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/dcdn/settings.js?a=805334&settings_type=4&ts=1736329500&dt=desktop&cc=US
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
gla1 /
Resource Hash
3f8af6c38f7044df6ac3278cddbe5f008b1f45edb2e1070e488ed4ea8a692762
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn_cache_status
hit
cache-control
public, max-age=1800, s-maxage=1800
content-encoding
gzip
etag
W/"1736329500_EA"
age
843
via
1.1 google
not-modified
true
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8550
date
Wed, 08 Jan 2025 11:06:13 GMT
content-type
application/javascript; charset=UTF-8
server
gla1
forms2.css
go.malwarebytes.com/js/forms2/css/
13 KB
3 KB
Stylesheet
General
Full URL
https://go.malwarebytes.com/js/forms2/css/forms2.css
Requested by
Host: go.malwarebytes.com
URL: https://go.malwarebytes.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"8e0bcb-3437-62370c030d900"
age
6900
x-content-type-options
nosniff
cf-ray
8febcc213b1ffb30-SJC
expires
Wed, 08 Jan 2025 15:20:16 GMT
accept-ranges
bytes
content-length
2623
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
text/css
last-modified
Tue, 01 Oct 2024 21:10:28 GMT
vary
Accept-Encoding
server
cloudflare
forms2-theme-simple.css
go.malwarebytes.com/js/forms2/css/
826 B
326 B
Stylesheet
General
Full URL
https://go.malwarebytes.com/js/forms2/css/forms2-theme-simple.css
Requested by
Host: go.malwarebytes.com
URL: https://go.malwarebytes.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"8e0bcd-33a-62370c030d900"
age
6900
x-content-type-options
nosniff
cf-ray
8febcc213b20fb30-SJC
expires
Wed, 08 Jan 2025 15:20:16 GMT
accept-ranges
bytes
content-length
242
date
Wed, 08 Jan 2025 11:20:16 GMT
content-type
text/css
last-modified
Tue, 01 Oct 2024 21:10:28 GMT
vary
Accept-Encoding
server
cloudflare
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.81.227 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f3.1e100.net
Software
sffe /
Resource Hash
4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.threatdown.com
Referer
https://fonts.googleapis.com/

Response headers

age
488214
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 02 Jan 2026 19:43:22 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 02 Jan 2025 19:43:22 GMT
last-modified
Thu, 01 Aug 2024 20:41:19 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18492
x-xss-protection
0
server
sffe
XDFrame
go.malwarebytes.com/index.php/form/ Frame 5BEF
0
0
Document
General
Full URL
https://go.malwarebytes.com/index.php/form/XDFrame
Requested by
Host: go.malwarebytes.com
URL: https://go.malwarebytes.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.threatdown.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
max-age=3600
cf-cache-status
DYNAMIC
cf-ray
8febcc2329c9cf1e-SJC
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 08 Jan 2025 11:20:17 GMT
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
worker-70faafffa0475802f5ee03ca5ff74179br.js
dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/
46 KB
13 KB
XHR
General
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/worker-70faafffa0475802f5ee03ca5ff74179br.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-833f05c8c3e0d1d783cf53defa064e9cbr.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
09b67475f266dbf552159ca9f6b44d9dc3ea04842b2bd6e8b09d74f6b21897d0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=t9nekA==, md5=OTBW++nqbotSERjfhuer5A==
etag
"393056fbe9ea6e8b521118df86e7abe4"
age
69267
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
13401
date
Tue, 07 Jan 2025 16:05:49 GMT
last-modified
Tue, 07 Jan 2025 07:25:24 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AFiumC53PGCMBFFuoICRnhhAT_SvTmidy_myYDOaRn644ta__QcIor7txjzv1vy4mInmT7Q
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1736234724892308
content-length
13401
content-language
en
server
UploadServer
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
22 KB
8 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52e5401f96ca9a7fc38248bf9469bdc7006f53de52d7abfec96f4a39cf665d6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-md5
TR3+yr7DZCz8Fh2PJMSBjQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD2E8F03BC0C3C
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
32969
x-content-type-options
nosniff
date
Wed, 08 Jan 2025 11:20:17 GMT
content-type
application/javascript
last-modified
Mon, 06 Jan 2025 20:16:33 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
ed4b110f-001e-00a6-16ca-60ab94000000
cf-ray
8febcc237d5e7c7d-LAX
accept-ranges
bytes
access-control-allow-origin
*
content-length
7211
x-ms-blob-type
BlockBlob
server
cloudflare
7ghicgw4nish.js
js.driftt.com/include/1736335500000/
221 KB
62 KB
Script
General
Full URL
https://js.driftt.com/include/1736335500000/7ghicgw4nish.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-115.jfk52.r.cloudfront.net
Software
istio-envoy /
Resource Hash
3867222dd164aabe123fb215f74e7addef42153d5b7798da96e7ff538800d9d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-encoding
gzip
x-amz-version-id
4EwdlBw17X74RQTOe9VuP1Ie.V233clU
etag
W/"553914c3910b26c914577f76e20af476"
access-control-allow-methods
GET, POST, OPTIONS
x-cache
Miss from cloudfront
x-amz-cf-id
u0Xnuhb3NX8nK0gpjixDFKSFs1B342eCD_OBcoB5ZmajlyHiSwHpwA==
date
Wed, 08 Jan 2025 11:20:17 GMT
content-type
application/javascript; charset=utf-8
vary
accept-encoding
last-modified
Thu, 19 Dec 2024 17:54:32 GMT
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache
x-envoy-upstream-service-time
33
access-control-allow-credentials
true
via
1.1 616cc46c05372de12125d489da3bca56.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
JFK52-P4
server
istio-envoy
x-amz-server-side-encryption
AES256
/
185c650ccfd84b27aad189f19681365b.js.ubembed.com/
430 B
688 B
Script
General
Full URL
https://185c650ccfd84b27aad189f19681365b.js.ubembed.com/
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ92VXZT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.39.181 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5dde52ee828ee126c0f9fd261066cd304ad97feeaa017df5d41cc72e38c88d4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
max-age=0, must-revalidate
content-encoding
br
cf-cache-status
HIT
etag
W/"54dfc1e0007e9ced271ca9fd30348c5d05d3261a"
age
1723
cf-ray
8febcc238ffa7cf8-LAX
access-control-allow-origin
*
date
Wed, 08 Jan 2025 11:20:17 GMT
content-type
application/javascript
vary
Accept-Encoding, Referer
server
cloudflare
381d1392-b15b-49e3-9cf9-8a5e644c68da.json
cdn.cookielaw.org/consent/381d1392-b15b-49e3-9cf9-8a5e644c68da/
7 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/381d1392-b15b-49e3-9cf9-8a5e644c68da/381d1392-b15b-49e3-9cf9-8a5e644c68da.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
010abc1425a170a391af2a90f06ff1b98b92c43dc33523ed2c6dac45ac81e1ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-md5
nUbRTozUxLYIMnhgUCHCQw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC4E8C3C5954DF
age
70289
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Thu, 09 Jan 2025 11:20:17 GMT
date
Wed, 08 Jan 2025 11:20:17 GMT
content-type
application/json
last-modified
Wed, 27 Mar 2024 18:32:19 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
29d315db-d01e-0086-3818-40c758000000
cf-ray
8febcc24f90478d7-LAX
accept-ranges
bytes
access-control-allow-origin
*
content-length
1925
x-ms-blob-type
BlockBlob
server
cloudflare
bundle.js
assets.ubembed.com/universalscript/releases/v0.183.0/
183 KB
49 KB
Script
General
Full URL
https://assets.ubembed.com/universalscript/releases/v0.183.0/bundle.js
Requested by
Host: 185c650ccfd84b27aad189f19681365b.js.ubembed.com
URL: https://185c650ccfd84b27aad189f19681365b.js.ubembed.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-81.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c39fa609f4a9b43e493115c723b102147f9025008bd24841e7732c5f253edd51

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

vary
Accept-Encoding
cache-control
max-age=31536000
content-encoding
gzip
etag
W/"ce1f9daa5bfa548f0417f378eb40974e"
age
19762061
via
1.1 a68875d0f24bed2038b9d7b3529854bc.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
5wAbPcYST2bybpc-21JARplYIQ6lft8Fy-mBbZyr6ux-zV6036ZZiw==
date
Fri, 24 May 2024 17:52:37 GMT
content-type
application/javascript
last-modified
Fri, 24 May 2024 17:48:37 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P7
x-amz-server-side-encryption
AES256
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
71 B
318 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4da8a6638ad70698ad3d01aa0ef124aebe35c297685c0796b174822f597b1d09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept
application/json
Referer
https://www.threatdown.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, OPTIONS
cf-ray
8febcc267f4f2939-LAX
access-control-allow-origin
*
date
Wed, 08 Jan 2025 11:20:17 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202403.1.0/
442 KB
107 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d1137d21f3ba78b8a882dbf77f7c88712ad02a3f5efdce5ff996a67c15a6bf6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-md5
kUodklFyKXDEOUEPkRF3YA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5DFBFFA9F82
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
73036
x-content-type-options
nosniff
date
Wed, 08 Jan 2025 11:20:17 GMT
content-type
application/javascript
last-modified
Tue, 16 Jul 2024 21:39:19 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
52b7a660-301e-0004-09b2-436608000000
cf-ray
8febcc272ff07c7d-LAX
accept-ranges
bytes
access-control-allow-origin
*
content-length
109667
x-ms-blob-type
BlockBlob
server
cloudflare
en.json
cdn.cookielaw.org/consent/381d1392-b15b-49e3-9cf9-8a5e644c68da/018e8128-6f85-7371-9c12-f27ac71be7a3/
40 KB
12 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/381d1392-b15b-49e3-9cf9-8a5e644c68da/018e8128-6f85-7371-9c12-f27ac71be7a3/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1cb0d1c180ef23d5387741a9630182342f7630abdbaefe9fbef5be2666b7f811
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-md5
zbX1vtL4X3sD6yIVxabZGA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC4E8C4530E3B2
age
55313
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Thu, 09 Jan 2025 11:20:17 GMT
date
Wed, 08 Jan 2025 11:20:17 GMT
content-type
application/json
last-modified
Wed, 27 Mar 2024 18:32:34 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
0d2ff348-901e-00a8-1b4d-26479f000000
cf-ray
8febcc283cab78d7-LAX
accept-ranges
bytes
access-control-allow-origin
*
content-length
11738
x-ms-blob-type
BlockBlob
server
cloudflare
core
js.driftt.com/ Frame CE18
0
0
Document
General
Full URL
https://js.driftt.com/core?d=1&embedId=7ghicgw4nish&eId=7ghicgw4nish&region=US&forceShow=false&skipCampaigns=false&sessionId=0235f6c1-04a6-4dec-8ad9-57e2624b7722&sessionStarted=1736335217.927&campaignRefreshToken=267f4d62-cdcb-4992-8d83-56db439f424f&hideController=false&pageLoadStartTime=1736335216017&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1736335500000/7ghicgw4nish.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-7.jfk52.r.cloudfront.net
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.threatdown.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 08 Jan 2025 11:20:18 GMT
etag
W/"76ea1344fb697ec9177486a08c12338b"
last-modified
Thu, 19 Dec 2024 17:54:25 GMT
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
accept-encoding
via
1.1 8df8d5dfeb782c83ceeb5679f78a9e4e.cloudfront.net (CloudFront)
x-amz-cf-id
GUGxBic-kTYD6ov8uK9-Zlkh8l0v2ZJXZIQlUU2i6z8mXSq22AUAsA==
x-amz-cf-pop
JFK52-P4
x-amz-server-side-encryption
AES256
x-amz-version-id
Kz8QuytoAUdoOYErMKVHQEQDV8D2oJ_g
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
26
chat
js.driftt.com/core/ Frame 4ABE
0
0
Document
General
Full URL
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1736335216017
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1736335500000/7ghicgw4nish.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-7.jfk52.r.cloudfront.net
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.threatdown.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 08 Jan 2025 11:20:18 GMT
etag
W/"76ea1344fb697ec9177486a08c12338b"
last-modified
Thu, 19 Dec 2024 17:54:25 GMT
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
accept-encoding
via
1.1 8df8d5dfeb782c83ceeb5679f78a9e4e.cloudfront.net (CloudFront)
x-amz-cf-id
SyZunsWE3yCm8GJtglyNezw8pYgstzu7PvQlj79SKB1pPYv1YQ8C7w==
x-amz-cf-pop
JFK52-P4
x-amz-server-side-encryption
AES256
x-amz-version-id
Kz8QuytoAUdoOYErMKVHQEQDV8D2oJ_g
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
23
collect
www.google.com/ccm/
0
0
Ping
General
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1318135769.1736335218&dt=PikaBot%20distributed%20via%20malicious%20search%20ads%20-%20ThreatDown%20by%20Malwarebytes&auid=19866166.1736335218&navt=n&npa=0&gtm=45He4cc1v9167491076za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1736335218030&tfd=2842&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ92VXZT
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.4 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f4.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

js
www.googletagmanager.com/gtag/
438 KB
137 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-LTWDK0JK3Z&l=dataLayer&cx=c&gtm=45He4cc1v9167491076za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ92VXZT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1980d77634888cfa292990a2a374fded7cb969d681a2b0c96f27784fb02873e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 08 Jan 2025 11:20:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
139870
x-xss-protection
0
server
Google Tag Manager
bat.js
bat.bing.com/
50 KB
15 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ92VXZT
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
gzip
etag
"028e0691d20db1:0"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 7D55790690DB437AA1B0E3BF9CA69713 Ref B: LAX311000115021 Ref C: 2025-01-08T11:20:18Z
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
14570
date
Wed, 08 Jan 2025 11:20:17 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 22:47:44 GMT
vary
Accept-Encoding
pixel.js
www.redditstatic.com/ads/
43 KB
13 KB
Script
General
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ92VXZT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
public, max-age=60
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
etag
"1a001f3a066bff47a766099b87253911"
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
12220
date
Wed, 08 Jan 2025 11:20:18 GMT
last-modified
Mon, 18 Nov 2024 21:16:35 GMT
content-type
application/javascript
vary
Accept-Encoding,Origin
server
snooserv
x-amz-server-side-encryption
AES256
insight.min.js
snap.licdn.com/li.lms-analytics/
25 KB
9 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ92VXZT
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:6::17df:d105 Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
c8879b289784c2f0e524c601ee26bd458ab9d35a527c22ce582904004e47d018
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
max-age=46377
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
9404
date
Wed, 08 Jan 2025 11:20:18 GMT
last-modified
Mon, 06 Jan 2025 08:25:15 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.204.6.193 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-204-6-193.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
081ad4206bfeb1950c8382b5bc32aac31c4698598563d87080ee67a8fc5318d0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

Content-Encoding
gzip
ETag
"0c131de2a0d8f1ba69eab7f6866c84dd:1736217492.752819"
Connection
keep-alive
Accept-Ranges
bytes
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Length
729
Date
Wed, 08 Jan 2025 11:20:18 GMT
Content-Type
application/x-javascript
Last-Modified
Tue, 07 Jan 2025 02:38:12 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
HWyTnY16.min.js
tag.demandbase.com/
64 KB
18 KB
Script
General
Full URL
https://tag.demandbase.com/HWyTnY16.min.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-124.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c008f2b6b3622442cb3403837e1f74774ec30cf0e9d7c9d56eb6194eea12cd5a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-encoding
gzip
x-amz-version-id
kKSNw0cnYd58cFUa51u3Oy8dW3Bq75lM
etag
W/"0ff724e064f622d0e8a5ee5a085c49eb"
age
3573
x-cache
Hit from cloudfront
x-amz-cf-id
zGjJgFVfcobm73OSmsGHxQ-ciBeCIqQXtdsveEmHvndPjFPgAAg1Qg==
date
Wed, 08 Jan 2025 10:20:46 GMT
content-type
application/javascript; charset=utf-8
vary
accept-encoding
last-modified
Fri, 15 Nov 2024 20:24:19 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
public, max-age=3600
via
1.1 b8d8693cc4ac05b6a9cebe2651a2c8b8.cloudfront.net (CloudFront)
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-pop
EWR53-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
zi-tag.js
js.zi-scripts.com/
9 KB
3 KB
Script
General
Full URL
https://js.zi-scripts.com/zi-tag.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2316eedc39d2ae71b2098be3e91ad3662cb1b70d42f6c61ebb6ab5beefd919b6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
x-amz-version-id
Q8AFTvKb8EtoOgGtrVmzLCMTAh5swpvC
etag
W/"5b11ce08c51a9e4b3f4bbe37deea19c1"
age
9801
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
yeQdf-nU9tigu6rKyHFjALvpaiCUDYj8PYVnChesoNAaAb2N0vbpbw==
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
application/javascript
last-modified
Fri, 13 Dec 2024 14:58:23 GMT
vary
Accept-Encoding
priority
u=3,i=?0
server-timing
cfExtPri
via
1.1 5fe76777b5d149f4cb5647f9a6f5366a.cloudfront.net (CloudFront)
cf-ray
8febcc297e617bc5-LAX
x-amz-cf-pop
SEA900-P5
server
cloudflare
otFlat.json
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-md5
gWbZdVb/GsEUTnv/p/InTg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5DFBBC2C661
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
55314
x-content-type-options
nosniff
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 21:39:12 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
97176422-601e-00bd-54db-d78506000000
cf-ray
8febcc28fd3a78d7-LAX
accept-ranges
bytes
access-control-allow-origin
*
content-length
3041
x-ms-blob-type
BlockBlob
server
cloudflare
otPcPanel.json
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/v2/
64 KB
13 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/v2/otPcPanel.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ed759f9b0f407aa73df997bddf186c37a1927d2b0f8d2f7031067ecacf7581d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-md5
uFS5wT+0+fvZJFPYO6D9oQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5DFBD299C3B
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
45674
x-content-type-options
nosniff
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 21:39:14 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
815017d0-701e-004c-6863-d85495000000
cf-ray
8febcc28fd3d78d7-LAX
accept-ranges
bytes
access-control-allow-origin
*
content-length
12960
x-ms-blob-type
BlockBlob
server
cloudflare
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/
5 KB
2 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-md5
yb3U5LP1G8IlMRT4O3b4PA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5DFBCCCC97D
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
78923
x-content-type-options
nosniff
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 21:39:14 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
f2a81859-801e-0095-1ed8-d7f2b9000000
cf-ray
8febcc28fd3f78d7-LAX
accept-ranges
bytes
access-control-allow-origin
*
content-length
1738
x-ms-blob-type
BlockBlob
server
cloudflare
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/
24 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
906696b6eda58302976c520c1c37e981beb5e14702bd2445b987083bacb52116
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-md5
4ErYmXXFNbMLrnc9DrDTsg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
cf-bgj
minify
cf-cache-status
HIT
x-ms-version
2009-09-19
age
45674
content-encoding
gzip
x-content-type-options
nosniff
cf-polished
origSize=24823
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
text/css
last-modified
Tue, 16 Jul 2024 21:39:25 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
47fa3393-901e-0009-7f27-d88904000000
cf-ray
8febcc28fd4178d7-LAX
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
sw_iframe.html
www.googletagmanager.com/static/service_worker/5160/ Frame 69F5
0
0
Document
General
Full URL
https://www.googletagmanager.com/static/service_worker/5160/sw_iframe.html?origin=https%3A%2F%2Fwww.threatdown.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ92VXZT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
150758
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Mon, 06 Jan 2025 17:27:40 GMT
expires
Tue, 06 Jan 2026 17:27:40 GMT
last-modified
Mon, 06 Jan 2025 09:38:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ot_close.svg
cdn.cookielaw.org/logos/static/
651 B
624 B
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-md5
pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
74143
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
image/svg+xml
last-modified
Mon, 06 Jan 2025 20:16:35 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
9886331d-401e-00ee-4fc5-609909000000
cf-ray
8febcc29a98f7c7d-LAX
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/
497 B
516 B
Fetch
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-md5
tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
45673
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
image/svg+xml
last-modified
Mon, 06 Jan 2025 20:16:34 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
f6a0d8f4-d01e-0005-4a12-6167f5000000
cf-ray
8febcc29bdd178d7-LAX
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ThreatDown_Horizontal_Reverse_1.png
cdn.cookielaw.org/logos/4e1c8bc8-2743-413b-8699-aad2216e8616/c07420fb-4045-4f1e-84d8-f185881ffaaa/1c62a5c0-c49c-45f8-a512-47b4c89ce4f8/
6 KB
7 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/4e1c8bc8-2743-413b-8699-aad2216e8616/c07420fb-4045-4f1e-84d8-f185881ffaaa/1c62a5c0-c49c-45f8-a512-47b4c89ce4f8/ThreatDown_Horizontal_Reverse_1.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8c32294948f5448c2ac0bcdf5b98909dab4ee73ac854be06bfd4a13bce89363
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-md5
nH40X2VjWJZythBS11v9uw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DBE48FF9CC1714
age
55314
cf-cache-status
HIT
x-content-type-options
nosniff
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
image/png
last-modified
Mon, 13 Nov 2023 21:32:02 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
3866e165-a01e-006b-2577-79be77000000
cf-ray
8febcc29c9a97c7d-LAX
accept-ranges
bytes
access-control-allow-origin
*
content-length
6630
x-ms-blob-type
BlockBlob
server
cloudflare
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
5 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-md5
Y+c301RBZNK39PvKQWrIBw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
5075
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
image/svg+xml
last-modified
Wed, 08 Jan 2025 03:27:56 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
de4754fc-d01e-008d-0189-61df2c000000
cf-ray
8febcc29c9ac7c7d-LAX
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
getSubscriptions
js.zi-scripts.com/unified/v1/master/
150 B
580 B
Fetch
General
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
1e27e3c7905297bc3636b7521e04029f73d36120fb70d839169b2b0d245f5e49

Request headers

Authorization
Bearer 30354173d91680632116
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
visited_url
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"96-Lw1TzHOyI0KHqbmlRw290jYUDUs"
apigw-requestid
EEPZ9hnDPHcEPRA=
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
qd2WrEwXgxlcrU9O6c7ZvZKNzcQJkpbE-4q-HATYp-zzJhNCSki_LQ==
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
application/json; charset=utf-8
vary
Origin
priority
u=1,i
server-timing
cfExtPri
via
1.1 b09cd51b60cdeeac9b6123de05b344de.cloudfront.net (CloudFront)
cf-ray
8febcc2b7a937d76-LAX
access-control-allow-origin
https://www.threatdown.com
x-amz-cf-pop
LAX54-P8
x-powered-by
Express
server
cloudflare
config
pixel-config.reddit.com/pixels/a2_g296apkzi8rn/
3 B
124 B
XHR
General
Full URL
https://pixel-config.reddit.com/pixels/a2_g296apkzi8rn/config
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
max-age=14400
content-encoding
gzip
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
27
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
application/json
a2_g296apkzi8rn_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/
86 B
700 B
XHR
General
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_g296apkzi8rn_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
max-age=300
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
98
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
application/json
vary
Accept-Encoding,Origin
server
snooserv
rp.gif
alb.reddit.com/
42 B
637 B
Image
General
Full URL
https://alb.reddit.com/rp.gif?ts=1736335218275&id=a2_g296apkzi8rn&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=cdc14660-eef2-4c0c-8d02-8a9b494223c8&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after
0
cross-origin-resource-policy
cross-origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
content-length
42
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
image/gif
server
Varnish
getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame
0
0
Preflight
General
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,visited_url
Access-Control-Request-Method
GET
Origin
https://www.threatdown.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods
POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin
https://www.threatdown.com
alt-svc
h3=":443"; ma=86400
apigw-requestid
EEPZ7g7NPHcEPEg=
cf-cache-status
DYNAMIC
cf-ray
8febcc2ab9dd7d76-LAX
date
Wed, 08 Jan 2025 11:20:18 GMT
priority
u=1,i
server
cloudflare
server-timing
cfExtPri
vary
Origin
via
1.1 b09cd51b60cdeeac9b6123de05b344de.cloudfront.net (CloudFront)
x-amz-cf-id
AYn6JRSUbisRjGV95GucDLJvIGIk64x_7PLZWnMVBZPoXIAUWACj2A==
x-amz-cf-pop
LAX54-P8
x-cache
Miss from cloudfront
x-powered-by
Express
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-LTWDK0JK3Z&gtm=45je4cc1v9167498142z89167491076za200zb9167491076&_p=1736335216179&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&gdid=dYWJhMj&cid=663902058.1736335218&ecid=1817404981&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&ec_mode=a&_eu=EA&_s=1&sid=1736335218&sct=1&seg=0&dl=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&dt=PikaBot%20distributed%20via%20malicious%20search%20ads%20-%20ThreatDown%20by%20Malwarebytes&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3233
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LTWDK0JK3Z&l=dataLayer&cx=c&gtm=45He4cc1v9167491076za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.threatdown.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
556 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-LTWDK0JK3Z&cid=663902058.1736335218&gtm=45je4cc1v9167498142z89167491076za200zb9167491076&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LTWDK0JK3Z&l=dataLayer&cx=c&gtm=45He4cc1v9167491076za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.threatdown.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame F07B
0
0
Document
General
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-LTWDK0JK3Z&gacid=663902058.1736335218&gtm=45je4cc1v9167498142z89167491076za200zb9167491076&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=233820861
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LTWDK0JK3Z&l=dataLayer&cx=c&gtm=45He4cc1v9167491076za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.threatdown.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 08 Jan 2025 11:20:18 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
munchkin.js
munchkin.marketo.net/164/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/164/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.204.6.193 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-204-6-193.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
dea9df0145848ffeb3c6931228d41e833341b4837c0e713d321c5bfcf6dcd4e6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

Cache-Control
max-age=8640000
Content-Encoding
gzip
ETag
"756f9116836f579d12be8fe786b69d98:1726632111.60799"
Connection
keep-alive
Expires
Fri, 18 Apr 2025 11:20:18 GMT
Accept-Ranges
bytes
Content-Length
4843
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date
Wed, 08 Jan 2025 11:20:18 GMT
Content-Type
application/x-javascript
Last-Modified
Wed, 18 Sep 2024 04:01:51 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
insight.old.min.js
snap.licdn.com/li.lms-analytics/
40 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:6::17df:d105 Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
max-age=85306
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
14634
date
Wed, 08 Jan 2025 11:20:18 GMT
last-modified
Mon, 02 Dec 2024 19:22:52 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
25079300.js
bat.bing.com/p/action/
364 B
412 B
Script
General
Full URL
https://bat.bing.com/p/action/25079300.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cce2184ec089babc70ded47b8474c543f6a5ff013e4bfd9dbae8689489bb13ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
br
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: A6AC49DB4759446F9EA83D0DCA1C224C Ref B: LAX311000115021 Ref C: 2025-01-08T11:20:18Z
x-cache
CONFIG_NOCACHE
date
Wed, 08 Jan 2025 11:20:17 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
sync
s.company-target.com/s/ Frame 219E
0
0
Document
General
Full URL
https://s.company-target.com/s/sync?exc=lr
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/HWyTnY16.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
22.71.96.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.threatdown.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-methods
GET,OPTIONS
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
634
content-type
text/html; charset=UTF-8
date
Wed, 08 Jan 2025 11:20:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
log
segments.company-target.com/
Redirect Chain
  • https://id.rlcdn.com/464526.gif
  • https://id.rlcdn.com/1000.gif?memo=CI6tHBoNCPK--bsGEgUI6AcQAEIASgA
  • https://segments.company-target.com/log?vendor=liveramp&user_id=Xc1297OoCo9jb4-AUl-lRpJ1pLTOLDfDZH11z9gPsY1u0yFGU
26 B
349 B
Image
General
Full URL
https://segments.company-target.com/log?vendor=liveramp&user_id=Xc1297OoCo9jb4-AUl-lRpJ1pLTOLDfDZH11z9gPsY1u0yFGU
Protocol
HTTP/1.1
Server
13.226.94.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

Connection
keep-alive
Via
1.1 1d09c1b75a19bca5156cd91feff6b48c.cloudfront.net (CloudFront)
X-Cache
Miss from cloudfront
Content-Length
26
X-Amz-Cf-Id
xYRunRZb4qrIzh2euImyS4MeQvxxVD39sNYhNxSsh4QtibNs9LV6UA==
Date
Wed, 08 Jan 2025 11:20:19 GMT
Content-Type
image/gif
X-Amz-Cf-Pop
JFK52-P10

Redirect headers

cache-control
no-cache, no-store
timing-allow-origin
*
location
https://segments.company-target.com/log?vendor=liveramp&user_id=Xc1297OoCo9jb4-AUl-lRpJ1pLTOLDfDZH11z9gPsY1u0yFGU
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length
0
date
Wed, 08 Jan 2025 11:20:18 GMT
ip.json
api.company-target.com/api/v3/
471 B
1 KB
XHR
General
Full URL
https://api.company-target.com/api/v3/ip.json?referrer=&page=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&page_title=PikaBot%20distributed%20via%20malicious%20search%20ads%20-%20ThreatDown%20by%20Malwarebytes
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/HWyTnY16.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.252.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-252-45.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
ad3613f6714f248087ef8b414505604928b47c4de292557ac831bcd52f6ed0f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.threatdown.com/

Response headers

access-control-max-age
7200
access-control-expose-headers
x-amz-cf-id
content-encoding
gzip
identification-source
CENTRAL
access-control-allow-methods
GET, POST, OPTIONS
request-id
cdf86eb1-f82f-453d-a075-4e5c41a9cca5
expires
Tue, 07 Jan 2025 11:20:18 GMT
x-cache
Miss from cloudfront
x-amz-cf-id
3ONS1PTiucRXzEwRAMt2cBSk551saT8dJsFWYuPm8xv8sRrhjPVyDw==
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
application/json;charset=utf-8
vary
Accept-Encoding, Origin
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
api-version
v3
access-control-allow-credentials
true
via
1.1 cfc9f11ee8d72e5bdd45ea3851048d52.cloudfront.net (CloudFront)
access-control-allow-origin
https://www.threatdown.com
x-amz-cf-pop
JFK50-P10
server
nginx
/
ws.zoominfo.com/pixel/6712afad492ea5124bfd2064/
3 KB
2 KB
Fetch
General
Full URL
https://ws.zoominfo.com/pixel/6712afad492ea5124bfd2064/?iszitag=true
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
ba0152362701f464db14c85a9e6c7589ca9c01589293f285d7318040fc45b210
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

_zitok
6004e57bc790341f1a281736335218
_vtok
MTYyLjI0NS4yMDYuMjQ0
visited-url
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/javascript

Response headers

x-robots-tag
noindex, nofollow
content-encoding
gzip
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 08 Jan 2025 11:20:19 GMT
content-type
text/javascript
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url,page-url
access-control-allow-credentials
true
via
1.1 google
cf-ray
8febcc2e9c78ed41-SJC
access-control-allow-origin
https://www.threatdown.com
x-powered-by
Express
server
cloudflare
/
ws.zoominfo.com/pixel/6712afad492ea5124bfd2064/ Frame
0
0
Preflight
General
Full URL
https://ws.zoominfo.com/pixel/6712afad492ea5124bfd2064/?iszitag=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
_vtok,_zitok,content-type,visited-url
Access-Control-Request-Method
GET
Origin
https://www.threatdown.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url,page-url
access-control-allow-origin
https://www.threatdown.com
allow
GET,HEAD
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8febcc2cefc2fada-SJC
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 08 Jan 2025 11:20:18 GMT
priority
u=1,i
server
cloudflare
server-timing
cfExtPri
via
1.1 google
x-content-type-options
nosniff
x-powered-by
Express
x-robots-tag
noindex, nofollow
0
bat.bing.com/action/
0
358 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=25079300&tm=gtm002&Ver=2&mid=4e5086d3-bae0-4c23-ac5b-090b339def9f&bo=1&sid=8aae74e0cdb211ef8e55097866db3046&vid=8aae9330cdb211ef8e3f858cc585531f&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=PikaBot%20distributed%20via%20malicious%20search%20ads%20-%20ThreatDown%20by%20Malwarebytes&p=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&r=&lt=2751&evt=pageLoad&sv=1&cdb=AQET&rn=300379
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, must-revalidate
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B1F6B8752A504AA08B76B4B91B718FB2 Ref B: LAX311000115021 Ref C: 2025-01-08T11:20:18Z
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Wed, 08 Jan 2025 11:20:18 GMT
visitWebPage
805-usg-300.mktoresp.com/webevents/
2 B
318 B
Ping
General
Full URL
https://805-usg-300.mktoresp.com/webevents/visitWebPage?_mchNc=1736335218645&_mchCn=&_mchId=805-USG-300&_mchTk=_mch-threatdown.com-f4deb12f471950063e509704f6046297&_mchHo=www.threatdown.com&_mchPo=&_mchRu=%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&_mchPc=https%3A&_mchVr=164&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/164/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

Transfer-Encoding
chunked
X-Request-Id
024edd55-41be-4802-94e3-26510fdb3a0a
Content-Encoding
gzip
Connection
keep-alive
Access-Control-Allow-Origin
*
Date
Wed, 08 Jan 2025 11:20:19 GMT
Content-Type
text/plain; charset=UTF-8
Server
nginx/1.20.1
attribution_trigger
px.ads.linkedin.com/
2 B
761 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=6676530&time=1736335218660&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
*
Referer
https://www.threatdown.com/

Response headers

x-li-pop
afd-prod-ltx1-x
content-encoding
gzip
x-fs-uuid
00062b300bee724b12040c10fea89ead
x-msedge-ref
Ref A: 1D2A83418A3D40FBA54866FD0E3001B5 Ref B: LAX311000111007 Ref C: 2025-01-08T11:20:18Z
x-li-fabric
prod-ltx1
x-restli-protocol-version
1.0.0
access-control-allow-methods
GET, OPTIONS
x-li-uuid
AAYrMAvucksSBAwQ/qierQ==
x-li-proto
http/2
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Wed, 08 Jan 2025 11:20:18 GMT
content-type
application/json
access-control-allow-headers
*
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=6676530&time=1736335218660&li_adsId=693f7fd0-ca2d-4127-9a56-436e00129b0b&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-mal...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=6676530&time=1736335218660&li_adsId=693f7fd0-ca2d-4127-9a56-436e00129b0b&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-mal...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D6676530%26time%3D1736335218660%26li_adsId%3D693f7fd0-ca2d-4127-9a56-436e00129b0b%...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=6676530&time=1736335218660&li_adsId=693f7fd0-ca2d-4127-9a56-436e00129b0b&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-mal...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=6676530&time=1736335218660&li_adsId=693f7fd0-ca2d-4127-9a56-436e00129b0b&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-ma...
0
489 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=6676530&time=1736335218660&li_adsId=693f7fd0-ca2d-4127-9a56-436e00129b0b&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&cookiesTest=true&liSync=true&e_ipv6=AQJ0WPRiDE_ZuQAAAZRFpNqsdj1popEEld5Af68MDfC18JL8yWtqjO6WUxP2sjmvzJAFDg
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

linkedin-action
1
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 5484A5D5B9E842E5A6B928AD87B4E98B Ref B: LAX311000114023 Ref C: 2025-01-08T11:20:19Z
x-li-fabric
prod-lor1
x-li-uuid
AAYrMAv6Y04yB7OE4IDwgQ==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Wed, 08 Jan 2025 11:20:19 GMT
content-type
application/javascript

Redirect headers

linkedin-action
1
x-li-pop
afd-prod-lor1-x
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=6676530&time=1736335218660&li_adsId=693f7fd0-ca2d-4127-9a56-436e00129b0b&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&cookiesTest=true&liSync=true&e_ipv6=AQJ0WPRiDE_ZuQAAAZRFpNqsdj1popEEld5Af68MDfC18JL8yWtqjO6WUxP2sjmvzJAFDg
x-msedge-ref
Ref A: C0A99BD2EB1F4138AC220EE3EB07E6F4 Ref B: LAXEDGE1721 Ref C: 2025-01-08T11:20:19Z
x-li-fabric
prod-lor1
x-li-uuid
AAYrMAv2FNlYKpf/cdRaPg==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Wed, 08 Jan 2025 11:20:19 GMT
forms_98359448aa.min.js
tag.demandbase.com/shared/
173 KB
55 KB
Script
General
Full URL
https://tag.demandbase.com/shared/forms_98359448aa.min.js
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/HWyTnY16.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-124.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78d53a1a264d7b37a64165ad9730a194e39fa5f0791dd8741592fb6cccd801ca
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-encoding
gzip
etag
W/"844b093e4424a0b76d017970ac6536f6"
x-amz-version-id
xg.Zz.TzcatycuIQv_jl2gynUnu2_XnI
age
53294
x-cache
Hit from cloudfront
x-amz-cf-id
lDFvtZw4uWseuOdgLMzafKNlk9OllbQ9x9wbQoUGTKUYAxZsr0k3dA==
date
Tue, 07 Jan 2025 20:32:06 GMT
content-type
application/javascript; charset=UTF-8
vary
accept-encoding
last-modified
Wed, 13 Nov 2024 21:38:00 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
via
1.1 b8d8693cc4ac05b6a9cebe2651a2c8b8.cloudfront.net (CloudFront)
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-pop
EWR53-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
bg9s
tag-logger.demandbase.com/
0
443 B
XHR
General
Full URL
https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=3ONS1PTiucRXzEwRAMt2cBSk551saT8dJsFWYuPm8xv8sRrhjPVyDw==&api-version=v3
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/HWyTnY16.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:c200:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

x-amz-version-id
8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH
etag
"d41d8cd98f00b204e9800998ecf8427e"
age
33196
alt-svc
h3=":443"; ma=86400
x-cache
Error from cloudfront
x-amz-cf-id
ctZeZItqBqoL_99Unti2ckHoqGnWRKf_kOijGkqjP_iyVLMXYBetWg==
date
Wed, 08 Jan 2025 02:07:04 GMT
content-type
text/html
vary
accept-encoding
last-modified
Tue, 07 Mar 2023 20:47:02 GMT
via
1.1 5a588475f9a075d76c33229107634f8e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-amz-cf-pop
JFK50-P6
server
AmazonS3
x-amz-server-side-encryption
AES256
2ae727b1-69cb-4444-9512-4c97e3b92246
https://www.threatdown.com/
3 KB
0
Script
General
Full URL
blob:https://www.threatdown.com/2ae727b1-69cb-4444-9512-4c97e3b92246
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ba0152362701f464db14c85a9e6c7589ca9c01589293f285d7318040fc45b210

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
text/javascript
Content-Length
3033
stylesheet_98359448aa.v2.css
tag.demandbase.com/shared/
21 KB
3 KB
Stylesheet
General
Full URL
https://tag.demandbase.com/shared/stylesheet_98359448aa.v2.css
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/shared/forms_98359448aa.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-124.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b62e2b5a98092e6d82cd6c650253589a3ae63e2ec8591c156cfb413e405e17c3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

content-encoding
gzip
etag
W/"1466c24462e7a0ef7487f6578e5a2595"
x-amz-version-id
JqwmYA2uRefdWWMsMbiMSM0i2f_Smyv9
age
85750
x-cache
Hit from cloudfront
x-amz-cf-id
uW4lR-57mVAcDTm63pJx87-DVymwOOJhV9MVTWsnCx-kb4ERmyJUUw==
date
Tue, 07 Jan 2025 11:31:10 GMT
content-type
text/css; charset=UTF-8
vary
accept-encoding
last-modified
Wed, 13 Nov 2024 21:38:00 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
via
1.1 b8d8693cc4ac05b6a9cebe2651a2c8b8.cloudfront.net (CloudFront)
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-pop
EWR53-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
/
px.ads.linkedin.com/wa/
0
197 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
*
Content-Type
text/plain;charset=UTF-8

Response headers

linkedin-action
1
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 617B2B7C703F4442A6E79458D79C8C90 Ref B: LAXEDGE1721 Ref C: 2025-01-08T11:20:19Z
x-li-fabric
prod-lor1
access-control-allow-credentials
true
x-li-uuid
AAYrMAv8rEbXjps3OIftIw==
x-li-proto
http/2
access-control-allow-origin
https://www.threatdown.com
x-cache
CONFIG_NOCACHE
date
Wed, 08 Jan 2025 11:20:19 GMT
vary
Origin
ip.json
api.company-target.com/api/v3/
0
0

favicon.svg
www.threatdown.com/wp-content/uploads/2023/11/
31 KB
23 KB
Other
General
Full URL
https://www.threatdown.com/wp-content/uploads/2023/11/favicon.svg?w=16
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
c9e433acb7082694e1a6a861ad1bd4f218ea3cdd57fcbfff823a0967a2aa925e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
bur7 118 20 443
etag
W/"cec9cedda1f1bde1"
accept-ranges
bytes
x-cache
HIT
date
Wed, 08 Jan 2025 11:20:20 GMT
content-type
image/svg+xml
vary
Accept-Encoding
server
nginx
last-modified
Tue, 07 Nov 2023 06:54:38 GMT
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-LTWDK0JK3Z&gtm=45je4cc1v9167498142z89167491076za200zb9167491076&_p=1736335216179&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&gdid=dYWJhMj&cid=663902058.1736335218&ecid=1817404981&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EA&_s=2&sid=1736335218&sct=1&seg=0&dl=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&dt=PikaBot%20distributed%20via%20malicious%20search%20ads%20-%20ThreatDown%20by%20Malwarebytes&en=blog_page_view&ep.post_published_date=2023-12-15&ep.post_modified_date=2023-12-15&_et=40&tfd=8283
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LTWDK0JK3Z&l=dataLayer&cx=c&gtm=45He4cc1v9167491076za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.threatdown.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.threatdown.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 08 Jan 2025 11:20:23 GMT
content-type
text/plain
server
Golfe2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.threatdown.com
URL
blob:https://www.threatdown.com/4f0ea614-f80c-47ed-8394-21a7a8ec913e
Domain
www.threatdown.com
URL
blob:https://www.threatdown.com/4b3ea5c8-d00e-4c2e-9e02-b9c42b7d4853
Domain
api.company-target.com
URL
https://api.company-target.com/api/v3/ip.json?auth=f7HmeeHicOTWYyYV3aYt8PryRbQ6taulYUHfqU1D&page=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&page_title=PikaBot%20distributed%20via%20malicious%20search%20ads%20-%20ThreatDown%20by%20Malwarebytes&referrer=

Verdicts & Comments Add Verdict or Comment

148 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| code object| _vwo_code object| _wpemojiSettings object| dataLayer number| _VWO_Jphp_StartTime object| _VWO string| _vwo_mt string| _vwo_cookieDomain string| _vwo_surveyAssetsBaseUrl object| VWO number| _vwo_acc_id object| vwo_iehack_queue object| VWOOmni number| _vwoIntegrationsLoaded string| _vwo_cdn number| _vwo_library_timer boolean| _vwo_mt_l boolean| _vwo_wt_l object| mainThread object| vwoChannelFW object| vwoChannelToW number| _VWO_VaGQ_StartTime object| _vwo_evq function| _vwo_ev object| _vwo_api_section_callback object| _vwo_editorOperationTracker function| _vwo_handleMutations object| _vis_opt_queue object| fetcher function| _removeVwoGlobalStyle boolean| DISABLE_NATIVE_CONSTANTS function| vwo_$ object| functionWrapper string| _vwo_server_url boolean| _vwo_spaR object| MktoForms2 object| _vwo_exp string| _vwo_uuid object| reactiveElementVersions object| litHtmlVersions object| litElementVersions object| LottieInteractivity object| wp function| sprintf function| vsprintf object| JetpackInstantSearchOptions object| webpackChunkjetpack_search object| wpcom object| _tkq object| _stq function| _vis_opt_goal_conversion function| _vis_opt_register_conversion function| _vis_opt_revenue_conversion function| _vis_opt_createCookie function| _vis_opt_readCookie function| _vis_opt_element_loaded object| _vwo_surveySettings function| st_go function| linktracker_init function| jQuery object| _vwo_exp_ids object| twemoji object| _vwo_pa number| ___vwo function| addCaptchaScript object| __nls object| google_tag_manager object| google_tag_data function| OptanonWrapper function| drift function| _typeof function| _defineProperty function| _toPropertyKey function| _toPrimitive object| utmValues string| gclidFieldName object| utmParams function| populateUTMFieldsFromGTM function| populateGCLIDFieldFromGTM function| populateMWBOptimizationField function| checkForMarketoForms object| OtTrustedType object| 3eiXJRXgVuLsYGH9303q object| regeneratorRuntime object| _driftFrames object| __post_robot_10_0_46__ string| __DRIFT_ENV__ string| __DRIFT_BUILD_ID__ string| __DRIFT_BRANCH__ boolean| drift_invoked object| otStubData object| ube object| drift_event_listeners string| drift_display_mode string| drift_campaign_refresh number| drift_page_view_started number| drift_session_started string| drift_session_id object| drift_frameFactory object| drift_audio_context boolean| vwo_libExecuted object| Optanon object| OneTrust function| gtag string| OnetrustActiveGroups string| OptanonActiveGroups function| rdt string| _linkedin_data_partner_id object| zi string| ZIProjectKey object| zitag object| ZILogs function| loadZILogs function| errorHandler function| redditNormalizeEmail function| onYouTubeIframeAPIReady object| gaGlobal string| vwo_ga4_uuid function| UET function| UET_init function| UET_push function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| ueto_0ff58f1954 object| uetq object| Demandbase function| ga object| MunchkinTracker function| lintrk boolean| _already_called_lintrk object| ziws function| db_hook_init function| db_hook_all_hit function| db_hook_response function| db_hook_no_id function| db_hook_attr function| db_hook_before_parse function| db_hook_after_parse object| ORIBILI object| drift_sentry_config

47 Cookies

Domain/Path Name / Value
.threatdown.com/ Name: _vwo_uuid_v2
Value: D1ADAAD469FBCC9D60B80333B94492508|5735912796d11da0d86fd30a06f520a4
.threatdown.com/ Name: _vwo_uuid
Value: D1ADAAD469FBCC9D60B80333B94492508
.threatdown.com/ Name: _vwo_sn
Value: 0%3A1%3A%3A%3A1
.threatdown.com/ Name: _vis_opt_s
Value: 1%7C
.threatdown.com/ Name: _vis_opt_test_cookie
Value: 1
.www.threatdown.com/ Name: ppc_last_visited_page
Value: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
.threatdown.com/ Name: tk_ai
Value: TJtS3GG%2Bq5obfYoYi8IZ2CCv
.threatdown.com/ Name: _vwo_ds
Value: 3%3At_0%2Ca_0%3A0%241736335215%3A47.58513196%3A%3A%3A%3A0
.js.ubembed.com/ Name: __cf_bm
Value: U2Z_9ewm7H6cE_MpSxi84dPPP0BkrC.twUNgaakjpOE-1736335217-1.0.1.1-rvmGhg92disqeza6mrT2ff5q4gOm77Cmzab3S_L_WtSJuXwkZFyUmhYPhBFbXRouHolW40eSosw0CWBgn_MoIA
.go.malwarebytes.com/ Name: __cf_bm
Value: zyW9bk2B4FyrcPfbAlcch7tZGM4Y1ytnz5BYa0OflcU-1736335217-1.0.1.1-L8CZBusxUSynfl9WS4oP3Pq4zzYRCpBS3HQN1jMsoRTIrbYE3hG2ZW3RHSwyqtlaLsiOgpUNqvi9zXP90gTTEQ
www.threatdown.com/ Name: drift_campaign_refresh
Value: 267f4d62-cdcb-4992-8d83-56db439f424f
.threatdown.com/ Name: _gcl_au
Value: 1.1.19866166.1736335218
.threatdown.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Wed+Jan+08+2025+01%3A20%3A18+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=202403.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=bdc49316-c813-4f0a-9d4f-98697e68d2ea&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fpikabot-distributed-via-malicious-ads%2F&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A1%2CBG64%3A1%2CC0004%3A1
.threatdown.com/ Name: _rdt_uuid
Value: 1736335218273.cdc14660-eef2-4c0c-8d02-8a9b494223c8
.threatdown.com/ Name: _ga
Value: GA1.1.663902058.1736335218
.threatdown.com/ Name: _ga_LTWDK0JK3Z
Value: GS1.1.1736335218.1.0.1736335218.60.0.1817404981
.www.threatdown.com/ Name: _zitok
Value: 6004e57bc790341f1a281736335218
.threatdown.com/ Name: _uetsid
Value: 8aae74e0cdb211ef8e55097866db3046
.threatdown.com/ Name: _uetvid
Value: 8aae9330cdb211ef8e3f858cc585531f
.threatdown.com/ Name: _mkto_trk
Value: id:805-USG-300&token:_mch-threatdown.com-f4deb12f471950063e509704f6046297
.bing.com/ Name: MUID
Value: 306BA1361C7265712527B4581D186457
.bat.bing.com/ Name: MR
Value: 0
.rlcdn.com/ Name: rlas3
Value: tWDIEtppbU5fa6Zsctms3V0B8L/UVu99T+x3hc+3I20=
.company-target.com/ Name: tuuid
Value: f62e78db-e09e-403b-aea5-d9d3b451145f
.company-target.com/ Name: tuuid_lu
Value: 1736335218|ix:0|mctv:0|rp:0
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.rlcdn.com/ Name: pxrc
Value: CPK++bsGEgUI6AcQABIGCMrdKhAA
.linkedin.com/ Name: li_sugr
Value: d6a4eb88-640d-42a6-a033-96e21874fa04
.linkedin.com/ Name: bcookie
Value: "v=2&83c52cc2-f461-45fa-89b6-e7114916ff2a"
.linkedin.com/ Name: lidc
Value: "b=OGST06:s=O:r=O:a=O:p=O:g=3165:u=1:x=1:i=1736335218:t=1736421618:v=2:sig=AQH4jiFuPNTbcP9VHHOPW5Z3Zr415jwi"
.casalemedia.com/ Name: CMID
Value: Z35fctHM4JYAACuKBWzjVQAA
.casalemedia.com/ Name: CMPS
Value: 448
.casalemedia.com/ Name: CMPRO
Value: 448
.linkedin.com/ Name: UserMatchHistory
Value: AQIazxGfTXM7rgAAAZRFpNlP29m9aW-xVxDSNagv8oeNkF2IzJujYXofrZ8UhXMxYo_B57s6UWjDLg
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJO5ZZw8TLdygAAAZRFpNlP9WiYK4XbBegHKPPCmF_sXPpi3WIHDF1u1hsTBbBukRJyb19GeftIWHm5MM3cMg
.zoominfo.com/ Name: _cfuvid
Value: 8zszDkquyVTGKrJv6n7.JwK9aFoBzgGdt3BDCedhsXM-1736335219114-0.0.1.1-604800000
.tremorhub.com/ Name: tvid
Value: 8663068cde8f43f085cf0a1d0ef84bbc
.tremorhub.com/ Name: tv_UIDM
Value: f62e78db-e09e-403b-aea5-d9d3b451145f
.www.linkedin.com/ Name: bscookie
Value: "v=1&2025010811201992bca21d-3ad9-4753-82bb-138bf25182caAQFzXzmRtzKuOjZ5-REawMO3zUkAAoNb"
.linkedin.com/ Name: __cf_bm
Value: jFMW_WrwNzF3RsfhW7YOb.64gLApAuGY46BYlGygBC0-1736335219-1.0.1.1-.GL4VfHG5150c6c11W9sTIZLLo7WBgHSjs21i9gBoyszVxi8v7lOEsXsLOZ53tfie68imBWqCVO0n_EhvOYAzw
.rubiconproject.com/ Name: audit_p
Value: 1|uokIu/811vdbSILcYAK5ccMbnrPJm5wMJaihqrSDkTMJD8deNwibMLsz32ifCqhlRq8X7hWPZkgwHTRO1/p4iJLoYn4tEwhGWSq40Xxaut0zPxSsFt0IJT99KY8dbFqAalKWYGhqDHhBTIjx7UGZbDYJyJ9cTCoKVFGxpdJGiDeWvEnWSmTsitzpQ7vzkXQ/
.rubiconproject.com/ Name: khaos
Value: M5NT5PPU-23-DEYD
.rubiconproject.com/ Name: khaos_p
Value: M5NT5PPU-23-DEYD
.rubiconproject.com/ Name: audit
Value: 1|uokIu/811vdbSILcYAK5ccMbnrPJm5wMJaihqrSDkTMJD8deNwibMLsz32ifCqhlRq8X7hWPZkgwHTRO1/p4iJLoYn4tEwhGWSq40Xxaut0zPxSsFt0IJT99KY8dbFqAalKWYGhqDHhBTIjx7UGZbDYJyJ9cTCoKVFGxpdJGiDeWvEnWSmTsitzpQ7vzkXQ/
.rubiconproject.com/ Name: receive-cookie-deprecation
Value: 1
www.threatdown.com/ Name: drift_aid
Value: 43ad9040-52c8-4ac1-9fd9-b7346d52548b
www.threatdown.com/ Name: driftt_aid
Value: 43ad9040-52c8-4ac1-9fd9-b7346d52548b

15 Console Messages

Source Level URL
Text
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-7.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-2.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-4.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-5.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-6.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-9.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-10.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/(Line 1501)
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-7.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/(Line 1501)
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-2.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/(Line 1501)
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-4.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/(Line 1501)
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-5.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/(Line 1501)
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-6.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/(Line 1501)
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-9.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/(Line 1501)
Message:
Mixed Content: The page at 'https://www.threatdown.com/blog/pikabot-distributed-via-malicious-ads/' was loaded over HTTPS, but requested an insecure element 'http://www.threatdown.com/wp-content/uploads/2024/06/image-10.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://www.threatdown.com/wp-content/themes/mbc/images/indic-chevron-right.svg
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

185c650ccfd84b27aad189f19681365b.js.ubembed.com
805-usg-300.mktoresp.com
alb.reddit.com
analytics.google.com
api.company-target.com
api.ipstack.com
api.weglot.com
assets.ubembed.com
bat.bing.com
cdn.cookielaw.org
dev.visualwebsiteoptimizer.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
go.malwarebytes.com
id.rlcdn.com
js.driftt.com
js.zi-scripts.com
munchkin.marketo.net
pixel-config.reddit.com
pixel.wp.com
px.ads.linkedin.com
px4.ads.linkedin.com
s.company-target.com
segments.company-target.com
snap.licdn.com
stats.g.doubleclick.net
stats.wp.com
tag-logger.demandbase.com
tag.demandbase.com
td.doubleclick.net
threatdown.com
ws.zoominfo.com
www.google.com
www.googletagmanager.com
www.linkedin.com
www.malwarebytes.com
www.redditstatic.com
www.threatdown.com
api.company-target.com
www.threatdown.com
104.16.117.43
104.17.70.206
104.17.74.206
104.18.39.181
13.107.42.14
13.226.94.12
13.33.252.45
142.250.80.4
142.250.81.227
151.101.1.140
151.101.129.140
172.64.146.215
172.64.149.114
172.64.150.44
18.210.254.78
18.238.55.115
18.238.55.7
192.0.66.233
192.0.66.84
192.0.76.3
192.28.144.124
23.204.6.193
2600:141b:1c00:6::17df:d105
2600:9000:2511:c200:1d:8d6d:3b40:93a1
2606:4700:4400::6812:2089
2606:4700::6812:562a
2607:f8b0:4004:c09::9d
2607:f8b0:4006:807::2008
2607:f8b0:4006:80e::200e
2607:f8b0:4006:81f::2002
2607:f8b0:4006:823::200a
2620:1ec:21::14
2620:1ec:33:1::10
2a04:4e42:400::396
3.168.122.81
34.107.218.251
34.96.71.22
35.244.154.8
52.85.61.124
010abc1425a170a391af2a90f06ff1b98b92c43dc33523ed2c6dac45ac81e1ab
081ad4206bfeb1950c8382b5bc32aac31c4698598563d87080ee67a8fc5318d0
09b67475f266dbf552159ca9f6b44d9dc3ea04842b2bd6e8b09d74f6b21897d0
0e1bfe53260b5fa35318df2850a20f74c97d41af88b7d233d331811d842f26d3
0ed759f9b0f407aa73df997bddf186c37a1927d2b0f8d2f7031067ecacf7581d
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
1980d77634888cfa292990a2a374fded7cb969d681a2b0c96f27784fb02873e3
1cb0d1c180ef23d5387741a9630182342f7630abdbaefe9fbef5be2666b7f811
1e1240215cbd31c1bab9b2164cc9940d0324a5ae56ea250da56a8b29d5a46ab0
1e27e3c7905297bc3636b7521e04029f73d36120fb70d839169b2b0d245f5e49
2316eedc39d2ae71b2098be3e91ad3662cb1b70d42f6c61ebb6ab5beefd919b6
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
26cb9fd16099629cbd16a22ae2ae0fbd07e4cd1bfdec6bbb44cb84e42961ca1f
28b48920a64e295085db5f353539dbff2b7f6d76c4ba71e959ffac345a36c5c1
323afff76b71bf2771d47f84f88ac7e7e7fd3fff5e0742f34225e4236867faf0
3372a0453b7919dc71b3e3a80171507254fa890e4ea825904462ffd6da7195f7
3867222dd164aabe123fb215f74e7addef42153d5b7798da96e7ff538800d9d5
3a72ddc826b859c5cbf718180fe0e74776d272e1dfda1b06775dd90cf5a26e43
3a9e6c0f049cf5f2dc66d2e1bd07441dbb9342310d82af37ac5d77facbf4589b
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3bb38d0f302677ff4104564454f60f495133579d6e6dfb722b3de850df596502
3d2c10cf69410c10177fc6e56937d05151b182841fa6aee36f651d587d91fbb8
3e3cef9a429610e8a12f848cc7b810978847ea39e2a04b32f180bd4c6704f0a2
3f0915bd6aed5098e3a7033994e4b706b4ccdfaa08d5450fe668b4beb6bd0ab0
3f8af6c38f7044df6ac3278cddbe5f008b1f45edb2e1070e488ed4ea8a692762
41b8e4e3780edc3faba1e862c17c1163e92787a7326a60984278c32be0670f9b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44583ed1eb7b1de0aba03aed7f9d38c7c67454ef20b088a24b459bf14ea929fa
4662962f6a7ba6c6e423763f88ab9af3ec3fb17eeba90a673590984319c3e706
493d1738616ed3d43cc9c14992e76cb7eae7c1ee6f908ce934a93078a4dca0c6
4da8a6638ad70698ad3d01aa0ef124aebe35c297685c0796b174822f597b1d09
4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71
4dd117d2c92e7c493a6741ab1460b8248c512c3fbb15ea9a2bc5a7b0bfe16411
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5009e300c2262d52c4d5b5d7f9ecdc5a1394f15fdd39b3488514e8fed330709a
52e5401f96ca9a7fc38248bf9469bdc7006f53de52d7abfec96f4a39cf665d6d
5491232f7876f962be415045ad990066d3847896727e2705dc0376c15b81e729
5615d2afdc7c33e54368f077e01112dc639c0c197ed6096fb9c4dd57cb6a9878
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57c9a5874b3e5e9ca0a275d6ab29e175358f8db27d98332777999bd19d9fc8d4
595558e35e3f9a87c2bcb3d641428347a8adeeaa187540145efedd785424fe63
5a9aa0112c5d786557feaa6cf96b3136219005f43dc46cd6c394b8d387006901
5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855
5d73add4b4c244e37f72201f51447f26ac9f30970e9e02ce45d0e05a5e58b21c
5e5c12d7275bca7a6c4cc0422ac102b9c1b7d60a2bf6aa871953e35464143068
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6d1137d21f3ba78b8a882dbf77f7c88712ad02a3f5efdce5ff996a67c15a6bf6
6db83b2803fed3f9b574567755102b18c401904a374c8acf4c9a2e9b0159cb4f
7746d00bc434d3a217cf17fb00f6fed9e562f63a13ee913e5300435478830269
78d53a1a264d7b37a64165ad9730a194e39fa5f0791dd8741592fb6cccd801ca
794611bd22fd0c5bbbc2c9551c9f789c00af4f696bd53db22ab3e9d1904702ed
7ab0b19dbf90f7e78c37f36a818cba9edb9249c765e0eb0f1b23b1600c486d4f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
8e411625cc4d1865f0dcdd7f83350584c2186f705cf98d6fec80d6b278988b4d
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
906696b6eda58302976c520c1c37e981beb5e14702bd2445b987083bacb52116
9877f9c44cb22bd74ca3a23dd8b56bf8527bdbba3b573cc75c59d80ae6b46eff
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
9da2bd1aa1b397eea1fa3b751fd50e0f624a33761a4e9e9fd660ed3d26f07f1b
9e36f834eeef0ed10ef8d2681c179af354758c4d329f3514ac4caae28a7310a9
9e7b15e5a63410ed9a1f0391c990255d7c67d20f46aabf5b02f3712b6c61220b
aa2c9456007daee99b31d07a44d0b5f3feda39bed4ff889215e3bb7794a8b246
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
ad3613f6714f248087ef8b414505604928b47c4de292557ac831bcd52f6ed0f3
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
b08230a60d59a2e403435f62f24a62a24be46bab61827e3e13a96299aa517dbb
b3b5501ac32a450bccdae59d3042969381d48d1d9aecf1686e6ffc61b07c9c09
b62e2b5a98092e6d82cd6c650253589a3ae63e2ec8591c156cfb413e405e17c3
b8b1ce0c64cd9ced5c11ac18169793f7e77b42a9867a68daa18432e625823645
ba0152362701f464db14c85a9e6c7589ca9c01589293f285d7318040fc45b210
bbcc769c4704058d89afc024f24dde11deed8ec61b99f1d52ba935fad8614523
bc48f6d63c43b68b083b43a28928a8c79fa5a940b958f3c82e7cf9dfb20cc713
bf8b6eabee06732294708b4285c90c685bb297b55151f7efe37afd1ead1d3ab0
c008f2b6b3622442cb3403837e1f74774ec30cf0e9d7c9d56eb6194eea12cd5a
c009a64085905de705aa36130211009e6ad252f7460e476f5498a065b0d6e4f0
c0813b9627886c9fa1d6d57eb7a227747ab6e2629ab19bf1f646af9c7c3d79e0
c39fa609f4a9b43e493115c723b102147f9025008bd24841e7732c5f253edd51
c8879b289784c2f0e524c601ee26bd458ab9d35a527c22ce582904004e47d018
c8c32294948f5448c2ac0bcdf5b98909dab4ee73ac854be06bfd4a13bce89363
c9e433acb7082694e1a6a861ad1bd4f218ea3cdd57fcbfff823a0967a2aa925e
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cce2184ec089babc70ded47b8474c543f6a5ff013e4bfd9dbae8689489bb13ba
ccfd43f6c6107df15253c202994bd35f355ec18e186c09487d65807318695955
cf9ca61a00ddb5352412e2b3786688e6c7d94a3ff94f9683d3f2be6c8dfec8f0
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
dea9df0145848ffeb3c6931228d41e833341b4837c0e713d321c5bfcf6dcd4e6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cc69a381981c2717f3a867f2d2449593a3f70dab0cd5db512cff9757f6acb0
e5edd86099f638799b498e7cf119d5ac2b56bc5572871fde58a0c02c281eef46
e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c
ecf7723a32533007ede558c546fc8ba30f508283223b6e7f49c297b7c63c8b50
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f313d12ea6124bd28fc4a6b7163d253bb83d5aeab5edce594880c5c3df475cbc
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
f5dde52ee828ee126c0f9fd261066cd304ad97feeaa017df5d41cc72e38c88d4
f6fe9157b8ffd2a49b02f3301a58beab201e9972d74e57598ba9b6a33f0426b3