itwire.com Open in urlscan Pro
101.0.65.50 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA=
Effective URL:
https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS...
Submission: On May 12 via api (May 12th 2022, 5:26:38 pm UTC) from CH — Scanned from DE

Summary HTTP 198 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 25 IPs in 5 countries across 18 domains to perform 198 HTTP transactions. The main IP is 101.0.65.50, located in Albion Park Rail, Australia and belongs to HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU. The main domain is itwire.com. The Cisco Umbrella rank of the primary domain is 652302.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on January 22nd 2022. Valid for: a year.

This is the only time itwire.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.17.73.206 104.17.73.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
37	101.0.65.50 101.0.65.50	55803 (HOSTOPIA-...) (HOSTOPIA-AU Hostopia Australia Web Pty Ltd)
4	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
20	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	104.20.229.67 104.20.229.67	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
6	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
2	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
10	54.171.144.161 54.171.144.161	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:231... 2600:9000:2315:8400:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
34	2600:9000:20a... 2600:9000:20ae:fc00:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
9	151.101.128.134 151.101.128.134	54113 (FASTLY) (FASTLY)
27	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	199.232.198.49 199.232.198.49	54113 (FASTLY) (FASTLY)
2	2606:4700::68... 2606:4700::6810:a00d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	199.232.192.64 199.232.192.64	54113 (FASTLY) (FASTLY)
198	25

1 104.17.73.206 (None, )

ASN13335 (CLOUDFLARENET, US)

pages.mandiant.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 101.0.65.50 (Albion Park Rail, Australia)

ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU)
PTR: 50.65.0.101.static.digitalpacific.com.au

itwire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.20.229.67 (None, )

ASN13335 (CLOUDFLARENET, US)

secure.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2c99126c99a9b78edbf633a547dbd694.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

itwire.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.171.144.161 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-144-161.eu-west-1.compute.amazonaws.com

www.onwebchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:8400:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2600:9000:20ae:fc00:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.128.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.198.49 (United States)

ASN54113 (FASTLY, US)

a.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:a00d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.232.192.64 (United States)

ASN54113 (FASTLY, US)

links.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	itwire.com itwire.com — Cisco Umbrella Rank: 652302	739 KB
36	googlesyndication.com 2c99126c99a9b78edbf633a547dbd694.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 130 pagead2.googlesyndication.com — Cisco Umbrella Rank: 95	1 MB
35	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 4079 a.disquscdn.com — Cisco Umbrella Rank: 8536	885 KB
20	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 187	227 KB
19	disqus.com itwire.disqus.com disqus.com — Cisco Umbrella Rank: 2937 referrer.disqus.com — Cisco Umbrella Rank: 6396 links.services.disqus.com — Cisco Umbrella Rank: 11977	123 KB
10	onwebchat.com www.onwebchat.com — Cisco Umbrella Rank: 253633	43 KB
10	google.com adservice.google.com — Cisco Umbrella Rank: 74 www.google.com — Cisco Umbrella Rank: 7	1 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 175	321 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	40 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	23 KB
3	gstatic.com fonts.gstatic.com	75 KB
2	viglink.com cdn.viglink.com — Cisco Umbrella Rank: 4024	533 B
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 987 pixel.quantserve.com — Cisco Umbrella Rank: 427	10 KB
2	statcounter.com secure.statcounter.com — Cisco Umbrella Rank: 15399 c.statcounter.com — Cisco Umbrella Rank: 8099	15 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	2 KB
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 918	354 B
1	google.de adservice.google.de — Cisco Umbrella Rank: 7678	792 B
1	mandiant.com pages.mandiant.com	1 KB
198	18

	Domain	Requested by
37	itwire.com	pages.mandiant.com itwire.com
34	c.disquscdn.com	itwire.disqus.com disqus.com c.disquscdn.com
27	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
20	securepubads.g.doubleclick.net	itwire.com www.googletagservices.com securepubads.g.doubleclick.net pages.mandiant.com
10	www.onwebchat.com	itwire.com cdnjs.cloudflare.com
9	www.google.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
9	disqus.com	itwire.disqus.com c.disquscdn.com
9	www.googletagservices.com	itwire.com securepubads.g.doubleclick.net
8	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
4	links.services.disqus.com	c.disquscdn.com
4	itwire.disqus.com	itwire.com itwire.disqus.com
4	www.google-analytics.com	itwire.com www.google-analytics.com
4	cdnjs.cloudflare.com	itwire.com www.onwebchat.com
3	fonts.gstatic.com	fonts.googleapis.com
2	cdn.viglink.com
2	referrer.disqus.com
2	fonts.googleapis.com	itwire.com
1	a.disquscdn.com
1	pixel.quantserve.com	itwire.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	itwire.com
1	c.statcounter.com	secure.statcounter.com
1	2c99126c99a9b78edbf633a547dbd694.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	secure.statcounter.com	itwire.com
1	pages.mandiant.com
198	27

This site contains links to these domains. Also see Links.

Domain
www.hyland.com
www.youtube.com
www.mandiant.com
www.enghouseinteractive.com.au
www.sonicwall.com
www.trustpilot.com
www.jobzilla.com.au
jobzilla.com.au
www.facebook.com
www.twitter.com
digitalpacific.com.au
cdao-mel.coriniumintelligence.com
www.onwebchat.com

Subject Issuer	Validity	Valid
pages.mandiant.com Cloudflare Inc ECC CA-3	`2022-01-13` - `2023-01-12`	a year	crt.sh
www.itwire.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-01-22` - `2023-02-18`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
us-dallas.statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2021-11-06` - `2022-12-06`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-20` - `2023-04-20`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
www.onwebchat.com Sectigo RSA Domain Validation Secure Server CA	`2021-11-29` - `2022-12-30`	a year	crt.sh
a.disquscdn.com Amazon	`2021-10-31` - `2022-11-28`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.disquscdn.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2022-01-03` - `2023-02-04`	a year	crt.sh
ssl1029306.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2021-07-12` - `2022-06-30`	a year	crt.sh
*.services.disqus.com GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-01-31` - `2023-03-04`	a year	crt.sh

This page contains 14 frames:

Primary Page: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
Frame ID: A07DF49F9AA65C9F7A4EB2EF2C0A61A8
Requests: 94 HTTP requests in this frame

Frame: https://2c99126c99a9b78edbf633a547dbd694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 78353E0E7CFA2A9C1E06E19469E8A9E5
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
Frame ID: E756BCCF199242EAC9ADE215782D3715
Requests: 23 HTTP requests in this frame

Frame: https://disqus.com/recommendations/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware
Frame ID: BC94C358CC63B83061B0330C786E16C8
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuE8Ni5RuIRhwP6B3HWN78pBZQXVwaCT-W_9jniOsnsXZRCovzi1u-3VYYReJPPYtqnFa2Gewsj0znduRX7AdnHG05HUvMK9m3-S2NE1EBhHs3BotGTP14kQJ5tkRadnurCDzz1Cll4eWV-VgV344CzALkHiLU8EmXf2R-MGEISenzB7baDPHR5E6n9pTggbc_V9DIRiDUtaVaILrwmKneg6aEX14f-Sp3mQup-iB5Vp44nHkhkKF4OGq1frCLDmE7B6aQ60aSc5elGtj56hD9i4IkBeHDtE9ejw6M2Qdy8fEqN&sai=AMfl-YRxrQOnxdSRbc_KN2jHuKHflxfH4YgNFVWbj1qynYtfK9Zqz65ecsHfyxVIxgNsV5kx6pDZ3Kix8SMzdt0jbiC2AB6MDZ8tODTrgMJC3BgRs_FzIWivISczuQ7wrG8&sig=Cg0ArKJSzGshwJn_7OTBEAE&uach_m=[UACH]&adurl=
Frame ID: 2AF524B01CE8805DEC62D33001D888DC
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstn_nKbV-55fdAgyEaBU-NKHP6jUd_6ZYJlpSHheBekbAqBXCOc8E4IxVNU0OtfiMfCZHI9EhiVbmY52pNDkUl8m2HEi1_xFgxz0HwQ7kV6cYpcLv4CvxVHuAlP-__4uLIiynSn2nsv0zGxGtJOIY4TEvyGqVc1i3k_L3fF7HFalbwM3kg6xsPP0pJ0CyXzvndDkHYu3IlrtddPOL6QnnmZOb9r-9BlS9mWy6MUkD6OUB9hvQ238Sy1anG7a4WFHtMnIllhPJDY0jNKaeSFI85UXRPwhlbihghEDaN7&sai=AMfl-YQM-eNuqOLGWrLQXtIor-IYUzR2d1GBQUiaUXn6mn5brbZRxmCRwGmMqLsbs8pA12G5PvcKkLggt3OzHB1kRR73y51pXOQVBm0-gsa7EkShjCpuv4PdRlShTSk6dUI&sig=Cg0ArKJSzCTCPNeavdSqEAE&uach_m=[UACH]&adurl=
Frame ID: E245254AC2919C2A4D60A14A5B10E5B1
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuBURgMOKQcWGeMrujNFh4nBlBWvFRqXp3rZgRyoyjttEsEfeX9O3b_3CBFkxWM6BVHJGZdAAOFA3m9thuzTmY2d4vSrZdXVZtwqi3K85rVzbIAxW7xt0hFz5EluMh7Ln25f97WcRDZDrUK2aDwatUZIoVitVGxIvLXUPERM-cq7hs-SRBa7NECnzKyhR7CRZnrmfSQAN3Kzc_MXDJknNYvz4a-lYwabpItmvdTQTl9mhdFyj-EvakmSG3VHvQSvamvkynjsptpD3vUeE5UpcqIhWVr8KT5_2IJ10ZzrPIoCmPS0ti4tg&sai=AMfl-YSny0jqCMc-3SqFZqxCya3VHMLNSBRBmKyQSmkkcbJaX0vEOFEMTJ87mm_bHXLbG10rNJ0qjVMwa1MLLr1yCY1mIvRqpHCkRtFMVUkuFNZwyMXU8ukMkNAwwRkOn_c&sig=Cg0ArKJSzGpraY2YUnYjEAE&uach_m=[UACH]&adurl=
Frame ID: 0716F30EC81BE615CBE84E50A1DD5185
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsthI32VlHr6UvMwaDrPpSlGEOXcNc9cZqE9da0DFc0lrrKAr2XyfzKy20ZuZixAJwTSuL5qbbJb1NSlIO0VKZ7SATFW4LzYXLufngNUjQz4y5EwJ1BiRFggL09EiqqbSSwoz6XXk0YrKqvTwxQ_K49fc2SWy9sxvu76lrbfYbeIYff2XlVJIW3-NmMFTmh5Lgwk4iCVHpIeSsn3juLqD8qhME5qrOzL3ZFI-AmXKZiYrcY-OAxr8oMFoJldp23vPUMl-SvMelAtsd3vrR3K8wJaAyxNUPWy66rgfqq1_GebKEFW&sai=AMfl-YSSFPY4Vro-ZOX9YxdVwt9IQiZrykrZlNVmMoiWnLyLXKxII-FczZh-f2Uvtbn4lPbNbKqCtpKy0uNxIwiHBx9VYHZMWMxqcGOXbEabqtbkoW5_gMRm5XnTn15bK-s&sig=Cg0ArKJSzKT8whRuE-COEAE&uach_m=[UACH]&adurl=
Frame ID: 7473501255CF90D8423AEA2AFDDD8033
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYk2dMrkgEmCWY_8eYQk-dA7pOk5h6NGZ120u3S8bxL5Z7HAYicwDrT1teXh27vNtTZD-xk6XEiSkjZqYZ0bxrqZ88W3k_cJvaNrJmM9cS_igJZu1PmfofhB9UHx3yCh_3F-bP0gzdydlEu0bdXxxhKJnaNuNvSfkfwKgikqPwYEy1gtskTlIBjthm1rLXfprvvLedON9Y8b8_qFuiADo-p7Bz-mAErr8XPxhp1e0lJL2Jl_Qw4JXVNLTiSyphIsmejaePlYB9sBNbHNT5sO2gwZj3ZPQ8fPwYZZiwItrTxKzS&sai=AMfl-YSRscalDsW7mzkq_wgngBUM8lFGOG3eGLp8StoKoQ_LN4c_giTG5MgUhAEqqBPjXpwpbz9QvqbL1PDqiJx7qjzYuImAH-i45XiAyvjnOAKOhkirLdxwS6ZKd87g0gw&sig=Cg0ArKJSzJRwl29TEb4eEAE&uach_m=[UACH]&adurl=
Frame ID: 76D93C48B2F1182BCEA2C070AD8B2E07
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssQjmH8Kdar2CFDDf3gm3P4xBMNYJxERdMdRGBfiSvO0rhU6p8CnlMPOS0opEL5txWNDmSY3usGfm-DvvIvSACCWi_KoN9Ey6_Hm8kHXPgzg0K2dgC0Co-S_P5GKljLWp87cd-o2_FH3UWuZaLhi-WUNLWGm74sEcUSM8CfmIen-Qg-Ar10rJoYf3T7ysTkpr3cmgvrajY3RMauQgMivMbr8STqmNVSl8FM1D_YDaeuvvDDBjBySD975nPVhRzebgvxvJNdbe6yJJa0rlFYMbyyvzJEE3WJb2p0a9ow2RM2EUc&sai=AMfl-YQqKg252Ed6kI6-vU3KesnnX7XW_zkU3PYA5yKpjpg-hRQR8tnffBpEI2IfRpfRfEQGUdAQtUf9WUZhpwFE7qBTH3UhMJd9LyRx5hjAZrtSZlkTIua2Ms83-n4Egz8&sig=Cg0ArKJSzJnmaNLvBkXdEAE&uach_m=[UACH]&adurl=
Frame ID: A88D0D1FA7CCF37B6B2BA3B1189760EC
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRgA9sswKv98Gk4ofbAWCK5OTJTHcwugXThbmkWAVQs2b1QDfIqDu_7Stbbut3Ptd8vu0GSH9hRr5ER6Dy-7NU59x-3f0tbJNvcr6Bk9fQVfYASvHhCrG2xbFkR53Zd34C7EIdamKVDIUtL2HKL4dK1E6zBXH2cY_5OJk_8316taykZPlAFd8Z2FSkv7rPwr0hmSu4FCFt7K8W4a4Ch4TdCgfSler0euLRx5JDQpYco9WNbjsCDRQ-adrfKh2iCDCu7dB9YdGypbtAd9xSM6Smo3W0iyPA1cW1USqg2Jd8og&sai=AMfl-YShfmk9vZMj2Bscn9rPcAMlx0XRGbN__NJ1roy4FQ8VvSk0v9E1MEAsL5Ma_EcHPB_p-mmwkz0rrx2_SbeR6fS81Ra-uWoj1XkcxGb8CMUieb58mupfIQXEErPC93c&sig=Cg0ArKJSzAG_HZTA3osOEAE&uach_m=[UACH]&adurl=
Frame ID: 37F8E847F5B7A7FB0029C77A58DA9967
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPByUX5pQ2xHgDyLMpn6xE2ou6jP0YfZM7tyfhgIyElo2Tb-6fyh1idcJAm0GJ7yZy5dqtHGEbFqHUZFuTxpV3iCe4_xzfjZwvvxMx0Slxp4Cdkr62UWChZXQswGWbdTBgfDC8EJhAKo-Niw8MWOxM9f6uxDxenhYGXCg_qzXuHklzrGfprVDFiwcFLNzIQoUGtQgG36n4m7-kf3Rck2wBwc0WcgQ94QjM-4hUM1oYN0EMq2qwqrT4w_CXm7SOxI1cfwiOQxmdtVulw31RNiamjiQ-s1qWCSCPTvgPIE76-aDNsRYAdA&sai=AMfl-YTDlVNuPxQIJckByn6HirlzD8njey6I7amDqv90y6Ow9y1NRsh9FE7Ie3OkAS-fYuRNbLrqy1EsJYy2Ioim3N8W37dqcS1qb5lDjPFKfWDsD2Pmk3q5T5RIaTPNdmg&sig=Cg0ArKJSzAuRBX8zua4EEAE&uach_m=[UACH]&adurl=
Frame ID: 0E5A3FBFA7B94EB33E2E690C04D57DC9
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EA56F848B8698225BA8431CA01177527
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 47750C9ADE31B30E206365CB652C186E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

iTWire - Mandiant warns of Incontroller ICS malware

Page URL History Show full URLs

https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77j... Page URL
https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.htm... Page URL

Detected technologies

Socket.io (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

socket\.io.*\.js

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Statcounter (Analytics) Expand

Overall confidence: 100%
Detected patterns

statcounter\.com/counter/counter

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

198
Requests

100 %
HTTPS

63 %
IPv6

18
Domains

27
Subdomains

25
IPs

5
Countries

3668 kB
Transfer

7522 kB
Size

21
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hyland.com/en-AU/explore/gartner-magic-quadrant-for-content-services-platforms?utm_medium=content%20syndication&utm_source=hyland.com&utm_campaign=21_ap_brand%20awareness_demand_vol_techday_gmq%20media&utm_content=gmq&utm_term=&sfcid=7012j000001glrsqai

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/iTWireTV/videos
Title: ITWIRE TV

Search URL Search Domain Scan URL

URL: https://www.mandiant.com/
Title: Mandiant

Search URL Search Domain Scan URL

URL: https://www.mandiant.com/resources/Incontroller-state-sponsored-ics-tool
Title: here

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/iTWireTV
Title: here

Search URL Search Domain Scan URL

URL: https://www.enghouseinteractive.com.au/webinar-enabling-and-using-microsoft-teams-for-the-contact-centre/?utm_medium=banner&utm_source=itwire&utm_campaign=user+stories
Title: REGISTER HERE!

Search URL Search Domain Scan URL

URL: https://www.sonicwall.com/2022-cyber-threat-report/?elqCampaignId=15113&sfc=7015d000002GFPsAAO
Title: GET REPORT!

Search URL Search Domain Scan URL

URL: https://www.trustpilot.com/
Title: https://www.trustpilot.com/

Search URL Search Domain Scan URL

URL: https://www.jobzilla.com.au/

Search URL Search Domain Scan URL

URL: https://jobzilla.com.au/
Title: JobZilla IT Jobs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/pages/iTWirecom/144954402244675?ref=tn_tnmn
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.twitter.com/itwire
Title: Twitter

Search URL Search Domain Scan URL

URL: https://digitalpacific.com.au/?utm_source=ITWIREFooter&utm_medium=Sponsor&utm_term=Sponsor&utm_content=ITWIREFooter&utm_campaign=ITWIREFooter
Title: Cloud Hosting

Search URL Search Domain Scan URL

URL: https://cdao-mel.coriniumintelligence.com/

Search URL Search Domain Scan URL

URL: https://www.onwebchat.com/landing.php?s=18553
Title: by onWebChat

Search URL Search Domain Scan URL

URL: https://www.onwebchat.com/landing.php?l=2&s=18553
Title: by onWebChat

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA= Page URL
https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

198 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA=
pages.mandiant.com/ 582 B
1 KB 450ms
151ms Document
text/html 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA=

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self';script-src 'self' 'sha256-ePvPR3cn72fuHVQBK09ahm3MnsqJ49FRCbm5cdCOUmc=';object-src 'none';form-action 'none';frame-src 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, no-cache, no-store, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 70a4dc0c1daaede3-CDG
content-encoding: gzip
content-security-policy: default-src 'self'; img-src 'self';script-src 'self' 'sha256-ePvPR3cn72fuHVQBK09ahm3MnsqJ49FRCbm5cdCOUmc=';object-src 'none';form-action 'none';frame-src 'none'
content-type: text/html
date: Thu, 12 May 2022 17:26:28 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: strict-origin
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

GET
H2 200 Primary Request mandiant-warns-of-incontroller-ics-malware.html Show response
itwire.com/guest-articles/guest-research/ 166 KB
30 KB 2051ms
1514ms Document
text/html 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw

Requested by

Host: pages.mandiant.com
URL: https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx / URL Normalizer v1.11 (by JoomlaWorks) - https://www.joomlaworks.net

Resource Hash

b4648b8d4875af3cd0752447c252189b32e793e124bcac595701327e85f61581

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.mandiant.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=180, stale-while-revalidate=360, stale-if-error=86400 public
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 12 May 2022 17:26:30 GMT
expires: Thu, 12 May 2022 17:29:30 GMT
last-modified: Wed, 20 Apr 2022 00:48:38 GMT
pragma: public
server: nginx
vary: Accept-Encoding
x-content-powered-by: K2 v2.10.4 (by JoomlaWorks)
x-content-type-options: nosniff
x-logged-in: False
x-nginx-upstream-cache-status: MISS
x-powered-by: URL Normalizer v1.11 (by JoomlaWorks) - https://www.joomlaworks.net
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block

GET
H2 200 a5f187621f0fd3b9477f100c5a50e284.css
itwire.com/media/com_jchoptimize/cache/css/ 129 KB
20 KB 266ms
264ms Stylesheet
text/css 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/media/com_jchoptimize/cache/css/a5f187621f0fd3b9477f100c5a50e284.css

Requested by

Host: itwire.com
URL: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

d5b46b44f5ac824a8dd7e0e53d51ee32abe3acd6b1850d05cf1fedb62fce0cd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 17:20:11 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
expires: Sat, 11 Jun 2022 17:26:30 GMT
cache-control: max-age=2592000
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 magnific-popup.min.css
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/ 5 KB
2 KB 53ms
22ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6737874
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1283
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:12:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed4-148b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=77Q8K86VYikLv1Lq7q%2BN820TJSt2KNdqNi3loJOx4jCpheszVnPsdyVManwh3iDRHSPytyqISF7p5FwScGMdnxUDE6EcX4aNOzzm8DzSl3XyhClju1GtLU%2F3%2BNTq8SG3tC6%2Bsj8J%2BYAWAH0TQI4pP0%2BI"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 70a4dc1a3f4c0219-ZRH
expires: Tue, 02 May 2023 17:26:30 GMT

GET
H2 200 simple-line-icons.min.css
cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.4.1/css/ 11 KB
3 KB 50ms
19ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.4.1/css/simple-line-icons.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eced437d4bb8a726d823bb80013c37e1e0eb81069618e7cc57ff1eadf0d0cff4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 581854
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2041
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:18 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd2-2af4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IVzyzPSMRhP6yw9hZ4NSLghJxPehKrRsNBHVJSeQ93ZfRwe8Ulk0AGgPnqZBUqH6wZsMuuFNPTI%2B1YL0EHEB0kZg7kZiQcMhA3cbvHa%2BaGrasUoihlxM9cKf8R1ECZFTTOiIbQHekoQChGCOG7egnI8H"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 70a4dc1a3f4d0219-ZRH
expires: Tue, 02 May 2023 17:26:30 GMT

GET
H2 200 76015115363b21513ad2bcbed562d79a.css
itwire.com/media/com_jchoptimize/cache/css/ 337 KB
59 KB 269ms
267ms Stylesheet
text/css 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/media/com_jchoptimize/cache/css/76015115363b21513ad2bcbed562d79a.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

46f260d0f1ef12daf34c2b4bed6ed0a664484071f1fb40a578741a9d79d1767f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 17:20:14 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
expires: Sat, 11 Jun 2022 17:26:30 GMT
cache-control: max-age=2592000
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 41ms
18ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4f594ee0aa3c94e1786290f3bf143c8e8a318e6d08f3fe6d1043e2274df74237

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 12 May 2022 15:47:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 12 May 2022 17:26:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 12 May 2022 17:26:30 GMT

GET
H2 200 css
fonts.googleapis.com/ 10 KB
858 B 48ms
25ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,900

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1f1cf7bd9e3c3ba3be3b5d7854ef5d5c9572aed530916d0e6182310f2fd23ca6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 12 May 2022 17:26:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 12 May 2022 17:26:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 12 May 2022 17:26:30 GMT

GET
H2 200 1831aa65da04279eb940cec752e74dee.js Show response
itwire.com/media/com_jchoptimize/cache/js/ 105 KB
37 KB 529ms
528ms Script
application/javascript 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/media/com_jchoptimize/cache/js/1831aa65da04279eb940cec752e74dee.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

cced813da69e3a1d8c5f76fd08a76c891aa6439929e2bb7e10513b9bc89fc2d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 17:05:12 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
expires: Sat, 11 Jun 2022 17:26:30 GMT
cache-control: max-age=2592000
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 jquery.magnific-popup.min.js Show response
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/ 20 KB
7 KB 49ms
20ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3256977
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6546
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:12:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed4-4ef8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dJ5CnY2bZ7acqW6PDTvpIiGvWo6wPwCDHoy9d052qXmmiHpohNeOAcbl0nvIKL3TJTTUXnYzT0vdjX%2F%2Bz6PRTEMG%2Bo0ZeZz70c%2BvnvBgBu3Rli23EINL8Jc1lcUwEjzL1rirxx8euSYuJT1iUmLdCA8j"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 70a4dc1a3f4f0219-ZRH
expires: Tue, 02 May 2023 17:26:30 GMT

GET
H2 200 1b4778f91aa208954adc0b1f291a028d.js Show response
itwire.com/media/com_jchoptimize/cache/js/ 302 KB
84 KB 529ms
528ms Script
application/javascript 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/media/com_jchoptimize/cache/js/1b4778f91aa208954adc0b1f291a028d.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

7a6b4eed223dbc6571351878ab8da852a478aef8c917597d0be6a81eaa0b395f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 17:05:12 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
expires: Sat, 11 Jun 2022 17:26:30 GMT
cache-control: max-age=2592000
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 81 KB
28 KB 38ms
16ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

081d1ad7c7dfc87352920c3787304daa941f32d64931f5e39fbdc5fbcb26664f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28406
x-xss-protection: 0
server: sffe
etag: "1212 / 16 of 1000 / last-modified: 1652353523"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 12 May 2022 17:26:31 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
28 KB 82ms
34ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

427cf530861f76c89c9a5a767cd4c0a9cd81e2a19880cfb8ee0aa6b4f8ce4788

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28412
x-xss-protection: 0
server: sffe
etag: "1212 / 97 of 1000 / last-modified: 1652353523"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 12 May 2022 17:26:31 GMT

GET
H2 200 system.css
itwire.com/media/system/css/ 1 KB
825 B 264ms
263ms Stylesheet
text/css 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/media/system/css/system.css

Requested by

Host: itwire.com
URL: https://itwire.com/media/com_jchoptimize/cache/css/76015115363b21513ad2bcbed562d79a.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

4f26ecfc3fa7e6ee6de449aa3a121e113a05d64f2d0e7c379a9c2373451069ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/media/com_jchoptimize/cache/css/76015115363b21513ad2bcbed562d79a.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 30 Mar 2022 14:32:00 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
expires: Sat, 11 Jun 2022 17:26:31 GMT
cache-control: max-age=2592000
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4042
date: Thu, 12 May 2022 16:19:09 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 12 May 2022 18:19:09 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 39ms
10ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itwire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 19:32:51 GMT
x-content-type-options: nosniff
age: 78820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 May 2023 19:32:51 GMT

GET
H2 200 Hyland_160x1200.jpeg
itwire.com/images/authors-images/stanbeer/ 133 KB
133 KB 263ms
262ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/images/authors-images/stanbeer/Hyland_160x1200.jpeg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

f7918176165033d8695b203a4afd1f9dcf4e208c02c72907ca88ec88f7b9b32f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Fri, 16 Jul 2021 06:05:59 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 136236
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 34ms
11ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itwire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 19:36:51 GMT
x-content-type-options: nosniff
age: 78580
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15752
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 May 2023 19:36:51 GMT

GET
H2 200 fontawesome-webfont.woff2
itwire.com/templates/ja_focus/fonts/font-awesome/fonts/ 65 KB
65 KB 262ms
262ms Font
font/woff2 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/templates/ja_focus/fonts/font-awesome/fonts/fontawesome-webfont.woff2?v=4.5.0

Requested by

Host: itwire.com
URL: https://itwire.com/media/com_jchoptimize/cache/css/76015115363b21513ad2bcbed562d79a.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://itwire.com/media/com_jchoptimize/cache/css/76015115363b21513ad2bcbed562d79a.css
Origin: https://itwire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Feb 2019 15:22:32 GMT
server: nginx
content-type: font/woff2
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 66624
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 ITWire_more_than_tech_news.png
itwire.com/images/articles/Resized/ 3 KB
3 KB 510ms
510ms Image
image/png 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/images/articles/Resized/ITWire_more_than_tech_news.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

a6aa9e41c73328b4ab3c5f772d4470a4d47da2cf8434843e5f811b9e604dc674

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 10 May 2020 18:32:43 GMT
server: nginx
content-type: image/png
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 3027
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 Hyland_705x108.jpeg
itwire.com/images/authors-images/stanbeer/ 56 KB
56 KB 511ms
510ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/images/authors-images/stanbeer/Hyland_705x108.jpeg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

649012b332a2b49caadfc15c29bb643d81498c64f0a1c98941723902bfd0fe73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Fri, 16 Jul 2021 05:56:28 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 57502
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 9ae6ef8b3a893697754edf61e53c5ca3_M.jpg
itwire.com/media/k2/items/cache/ 62 KB
62 KB 511ms
510ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/9ae6ef8b3a893697754edf61e53c5ca3_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

a61d76c569225503adc18e0ef5c959c9d8eb528966bc1b6085b298bd44df23c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 20 Apr 2022 00:51:28 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 63073
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 counter.js Show response
secure.statcounter.com/counter/ 42 KB
14 KB 64ms
21ms Script
application/x-javascript 104.20.229.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.statcounter.com/counter/counter.js
Requested by: Host: itwire.com
URL: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.229.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0bd9bfaf4def6656a9233d93df518c01be681326e72cd9e00aa73fd29702b83

Request headers

Referer: https://itwire.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 14 Mar 2022 09:58:11 GMT
server: cloudflare
age: 25807
etag: W/"622f11b3-a7ae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=43200
cf-ray: 70a4dc1f9e33995a-FRA
expires: Thu, 12 May 2022 22:16:24 GMT

GET
H2 200 pubads_impl_2022050901.js Show response
securepubads.g.doubleclick.net/gpt/ 367 KB
125 KB 9ms
9ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

010c2e34dbc2aaadf863b6025f837d39a6d507fcb2389f306875b60242429822

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 16:34:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3117
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127498
x-xss-protection: 0
last-modified: Mon, 09 May 2022 08:34:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 12 May 2023 16:34:34 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 85 B
106 B 37ms
16ms XHR
application/json 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=itwire.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e4a76eb8b93e2c19706f33a670089d8b96eac30a03d8aa64f3aba32392e2fc0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81
x-xss-protection: 0
expires: Thu, 12 May 2022 17:26:31 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 34ms
18ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2144042819&t=pageview&_s=1&dl=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html%3Fmkt_tok%3DNTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw&dr=https%3A%2F%2Fpages.mandiant.com%2F&ul=en-us&de=UTF-8&dt=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1944451268&gjid=180374286&cid=978956477.1652376392&tid=UA-38385927-1&_gid=1685629270.1652376392&_r=1&_slc=1&z=1246260869

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://itwire.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://itwire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 47ms
17ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=itwire.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 46ms
17ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=itwire.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1021 KB
74 KB 673ms
658ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2918392569028600&correlator=4403037725468483&eid=31067483%2C31067488%2C44762567&output=ldjh&gdfp_req=1&vrg=2022050901&ptt=17&impl=fifs&iu_parts=1015422%2CLB-Small-ROS%2CLB-HP%2CLeaderboard-Small-HP%2CMREC-ATF-HP%2CMREC-BTF-HP%2CLeft-SK%2CRIGHT-SK%2CLB-ROS%2CBEACON-ROS%2CHome_Page_LS%2CHome_Page_RS%2CDeluxe_Lead_Driver%2CHomepage_sticker%2CRecruitment_Market_Segment_Banner%2CPeople_Moves_MSEG%2CMREC-ATF-ROS%2CMREC-LGE-ROS%2CMINIREC_ROS%2CMREC-BTF-ROS%2CLB-Footer-ROS%2CBig_Data_Mseg_LHS%2CBig_Data_Mseg_RHS%2CBottom_Driver%2CMREC-BTF-LEFT-HP&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F4%2C%2F0%2F8%2C%2F0%2F9%2C%2F0%2F10%2C%2F0%2F11%2C%2F0%2F12%2C%2F0%2F13%2C%2F0%2F14%2C%2F0%2F15%2C%2F0%2F16%2C%2F0%2F17%2C%2F0%2F18%2C%2F0%2F9%2C%2F0%2F19%2C%2F0%2F20%2C%2F0%2F21%2C%2F0%2F22%2C%2F0%2F12%2C%2F0%2F23%2C%2F0%2F24&prev_iu_szs=250x90%2C728x90%2C250x90%2C300x250%2C300x250%2C160x600%2C160x600%2C300x250%2C728x90%2C300x140%7C300x250%2C160x1200%7C160x600%2C160x600%7C160x1200%2C600x260%2C300x300%2C600x108%2C600x108%2C300x250%2C300x600%2C300x140%7C300x250%2C300x140%7C300x250%2C300x250%2C728x90%2C160x1200%7C160x600%2C160x600%7C160x1200%2C600x260%2C600x260%2C300x250&ifi=1&adks=888817850%2C1401012998%2C1415879083%2C1636880831%2C356501430%2C2652426188%2C2912158054%2C2176297592%2C4066883799%2C3802436934%2C2359840482%2C3010391028%2C3825953257%2C722149785%2C2374105189%2C1653731079%2C1491631762%2C847824855%2C1424882552%2C1916459393%2C3915067817%2C837523267%2C2493012871%2C390253296%2C3261841317%2C3140207053%2C2805202052&sfv=1-0-38&ecs=20220512&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1652376391673&lmt=1650415718&dlt=1652376390702&idt=940&biw=1600&bih=1200&adxs=1170%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C439%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adys=64%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C64%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb%7Cc%7Cd%7Ce%7Cf%7Cg%7Ch%7Ci%7Cj%7Ck%7Cl%7Cm%7Cn%7Co%7Cp%7Cq%7Cr&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html%3Fmkt_tok%3DNTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw&ref=https%3A%2F%2Fpages.mandiant.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=235x90%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C690x90%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&msz=180x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C728x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&fws=0%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C0%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&ga_vid=978956477.1652376392&ga_sid=1652376392&ga_hid=2144042819&ga_fc=true&btvi=0%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C0%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1&topics=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

f63095ac2921fd77a7c5d1b519ae6fa58e9f1733cd522fd231b11efa169dc137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75403
x-xss-protection: 0
google-lineitem-id: 5398743532,4805857566,4806362567,4566477351,4566477351,-2,-2,4566477351,6007213655,4566477351,6006951485,6006951485,-2,5050015107,5417513025,-2,6005565091,6006380839,6006139919,5971885881,6002829767,5814000144,6006365416,6006365416,-2,-2,6005565091
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138314385213,138244888370,138244905585,138380329374,138380329365,-2,-2,138380291063,138390782327,138371137947,138391300705,138390745493,-2,138388949590,138380795737,-2,138390676575,138390746018,138390595889,138387073136,138390330024,138368403865,138390829077,138390828804,-2,-2,138391155076
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://itwire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2c99126c99a9b78edbf633a547dbd694.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7835 6 KB
4 KB 72ms
15ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c99126c99a9b78edbf633a547dbd694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://itwire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 12 May 2022 17:26:31 GMT
expires: Fri, 12 May 2023 17:26:31 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 t.php Show response
c.statcounter.com/ 192 B
466 B 151ms
142ms XHR
application/json 104.20.229.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.statcounter.com/t.php?sc_project=4176767&u1=8B32F9C7568B4FBF7B48EFA8D5688D7B&java=1&security=19db7756&sc_snum=1&sess=5e022a&p=0&rcat=r&rdom=pages.mandiant.com&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1600&h=1200&camefrom=https%3A//pages.mandiant.com/&u=https%3A//itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html%3Fmkt_tok%3DNTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw&t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&invisible=1&sc_rum_e_s=3036&sc_rum_e_e=3039&sc_rum_f_s=0&sc_rum_f_e=2985&get_config=true
Requested by: Host: secure.statcounter.com
URL: https://secure.statcounter.com/counter/counter.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.229.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb2697b60c526a1d4980e0874700e7c2b4f43bb9292770f71bb4bb972506e415

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 70a4dc202f47995a-FRA
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
access-control-allow-origin: https://itwire.com
access-control-allow-credentials: true
content-type: application/json
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK embed.js Show response
itwire.disqus.com/ 78 KB
25 KB 192ms
166ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.disqus.com/embed.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

4f2426a9ba3a69484b59c28fe75665b51a3f779d1cb359e426f2c0d8552697f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:31 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 25394
Cross-Origin-Resource-Policy: cross-origin

GET
H/1.1 200
OK count.js Show response
itwire.disqus.com/ 1 KB
2 KB 58ms
17ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.disqus.com/count.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 153
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 02 May 2022 21:24:36 GMT
Server: nginx
ETag: "62704c14-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
X-Amz-Cf-Pop: DFW55-C3
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: 6AM9EtGksbzM5fkM7lwPamc0GcRIX_k6r1fBV82ZDfQPEw-zjkXl6Q==

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 73ms
7ms Script
application/javascript 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: itwire.com
URL: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
content-encoding: gzip
etag: "u2JtyZzqnTXwzBUswy2r+w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Thu, 19 May 2022 17:26:31 GMT

GET
H2 200 cc76c505b19c56e265381926e77e6e35 Show response
www.onwebchat.com/clientchat/ 124 KB
30 KB 143ms
34ms Script
text/html 54.171.144.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.onwebchat.com/clientchat/cc76c505b19c56e265381926e77e6e35
Requested by: Host: itwire.com
URL: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.171.144.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-144-161.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: d0adde3dbacff8517465f50351349787679009192ed6e7da116a05db571708d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
x-powered-by: Express
etag: W/"1efc4-vJ/Q+8AQAYhYd1l8uPYgc0NXTAo"
vary: Accept-Encoding
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=20
access-control-allow-headers: Content-Type

GET
H2 404 icon-facebook-bt.png
itwire.com/templates/ja_nex/images/ 1 KB
1 KB 722ms
721ms Image
text/html 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/templates/ja_nex/images/icon-facebook-bt.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

d3ba528397068da7f0dbf9f4c9dea23a1b8edc796e25364461a7076b138eeb46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H2 404 icon-twitter-bt.png
itwire.com/templates/ja_nex/images/ 1 KB
1 KB 700ms
700ms Image
text/html 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/templates/ja_nex/images/icon-twitter-bt.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

d3ba528397068da7f0dbf9f4c9dea23a1b8edc796e25364461a7076b138eeb46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v29/ 44 KB
44 KB 23ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itwire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 19:32:51 GMT
x-content-type-options: nosniff
age: 78820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44800
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 May 2023 19:32:51 GMT

GET
H2 200 ampz.woff
itwire.com/plugins/system/ampz/ampz/css/fonts/ 17 KB
17 KB 349ms
349ms Font
font/woff 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/plugins/system/ampz/ampz/css/fonts/ampz.woff

Requested by

Host: itwire.com
URL: https://itwire.com/media/com_jchoptimize/cache/css/76015115363b21513ad2bcbed562d79a.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

02930f00dfaeed3ddcfeb7632f102f8c420302aaeedff7dc6b0a9cd4ac7300aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://itwire.com/media/com_jchoptimize/cache/css/76015115363b21513ad2bcbed562d79a.css
Origin: https://itwire.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 13 Jan 2022 09:32:15 GMT
server: nginx
content-type: font/woff
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 17532
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 index.php Show response
itwire.com/ 1 B
276 B 571ms
570ms XHR
text/html 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/index.php?option=com_ampz&task=fetchShareCount&format=json&network=facebook&url=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html%3Fmkt_tok%3DNTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw&access_token_fb=0

Requested by

Host: itwire.com
URL: https://itwire.com/media/com_jchoptimize/cache/js/1831aa65da04279eb940cec752e74dee.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
expires: Thu, 12 May 2022 17:26:31 GMT
cache-control: max-age=0, public
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: MISS

GET
H2 200 index.php Show response
itwire.com/ 1 B
276 B 469ms
468ms XHR
text/html 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/index.php?option=com_ampz&task=fetchShareCount&format=json&network=twitter&url=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html%3Fmkt_tok%3DNTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw

Requested by

Host: itwire.com
URL: https://itwire.com/media/com_jchoptimize/cache/js/1831aa65da04279eb940cec752e74dee.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
expires: Thu, 12 May 2022 17:26:31 GMT
cache-control: max-age=0, public
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: MISS

GET
H2 200 index.php Show response
itwire.com/ 1 B
276 B 438ms
437ms XHR
text/html 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/index.php?option=com_ampz&task=fetchShareCount&format=json&network=linkedin&url=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html%3Fmkt_tok%3DNTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw

Requested by

Host: itwire.com
URL: https://itwire.com/media/com_jchoptimize/cache/js/1831aa65da04279eb940cec752e74dee.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
expires: Thu, 12 May 2022 17:26:31 GMT
cache-control: max-age=0, public
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: MISS

GET
H2 200 index.php Show response
itwire.com/ 1 B
276 B 688ms
687ms XHR
text/html 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/index.php?option=com_ampz&task=fetchShareCount&format=json&network=reddit&url=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html%3Fmkt_tok%3DNTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw

Requested by

Host: itwire.com
URL: https://itwire.com/media/com_jchoptimize/cache/js/1831aa65da04279eb940cec752e74dee.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
expires: Thu, 12 May 2022 17:26:31 GMT
cache-control: max-age=0, public
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: MISS

GET
H2 200 index.php Show response
itwire.com/ 1 B
276 B 453ms
452ms XHR
text/html 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/index.php?option=com_ampz&task=fetchShareCount&format=json&network=flipboard&url=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html%3Fmkt_tok%3DNTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw

Requested by

Host: itwire.com
URL: https://itwire.com/media/com_jchoptimize/cache/js/1831aa65da04279eb940cec752e74dee.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
expires: Thu, 12 May 2022 17:26:31 GMT
cache-control: max-age=0, public
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: MISS

GET
H2 200 b0cc28d9213f4912cf574cfb8f509b69_XS.jpg
itwire.com/media/k2/items/cache/ 5 KB
5 KB 300ms
295ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/b0cc28d9213f4912cf574cfb8f509b69_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

1268c71905211085b0ee4ab4f0c1a5b98138d84fb0b448680c3569725b4cb3ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 18 Apr 2022 11:36:04 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 5021
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 9a95b1489bb403a42b71664fac5765cf_XS.jpg
itwire.com/media/k2/items/cache/ 7 KB
7 KB 300ms
294ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/9a95b1489bb403a42b71664fac5765cf_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

3799af4e438c74187ed47bd396db6a74ac282b195987ffd5e47400e9252749a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Mar 2022 04:54:41 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 7405
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 728a73f6955709bd2236b4ecdf975540_XS.jpg
itwire.com/media/k2/items/cache/ 2 KB
3 KB 300ms
294ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/728a73f6955709bd2236b4ecdf975540_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

ff3f38603fdc7a304a7a63e7f595196aa9196a0dfe7be01314361924dc29e01a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Nov 2021 23:35:47 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 2518
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 56b6fd9e88135d2cd43f8dcaa332b2d9_XS.jpg
itwire.com/media/k2/items/cache/ 3 KB
4 KB 300ms
294ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/56b6fd9e88135d2cd43f8dcaa332b2d9_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

5b79c3d8b042d767832af62a1766e7bc2ab90b0043036caf2f3ee84b70b8843b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Nov 2021 21:50:22 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 3376
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 6f8502e2f159cf4af9ba4776973c76f0_XS.jpg
itwire.com/media/k2/items/cache/ 3 KB
4 KB 300ms
294ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/6f8502e2f159cf4af9ba4776973c76f0_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

195286a8bbab6d00a6ffab517c4d90116206538c9cf3029b2da85f6991893cfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 24 Oct 2021 09:58:43 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 3436
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 6b37084834a96a51d0c5ec3c519afe89_XS.jpg
itwire.com/media/k2/items/cache/ 2 KB
2 KB 300ms
294ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/6b37084834a96a51d0c5ec3c519afe89_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

1ec88e885c117a31b27b4ec7a6bbb8aa94b028aa41249ddd4d011eed2bc580c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 14:59:13 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 2013
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 ce63e4824dc961ca1bfece4a9dbf591c_XS.jpg
itwire.com/media/k2/items/cache/ 2 KB
3 KB 300ms
295ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/ce63e4824dc961ca1bfece4a9dbf591c_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

3ca74d29ced3561beffa6cfb2afd2715b0260a4907cc8d6fefd069c0c7d7ddd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 14:05:36 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 2489
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 a767e4aacaeaf1e0b1fa875d2efbb186_XS.jpg
itwire.com/media/k2/items/cache/ 4 KB
4 KB 300ms
295ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/a767e4aacaeaf1e0b1fa875d2efbb186_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

317cd1ea02f28e6a7d47716b9a8a8ce59ece347b606697ea63257836795ef627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 12:42:58 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 3878
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 0556b6a0922bb4be708466faa530fa54_XS.jpg
itwire.com/media/k2/items/cache/ 6 KB
7 KB 300ms
295ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/0556b6a0922bb4be708466faa530fa54_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

54ad84408709bbeafbae0188ec33d81bacf3f7019cf871374c99d2b52b2a1247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 10:34:36 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 6390
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 f5bcdb93d3cba8279cace68377c34ab7_XS.jpg
itwire.com/media/k2/items/cache/ 3 KB
4 KB 300ms
295ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/f5bcdb93d3cba8279cace68377c34ab7_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

67e20412839ef6162b0515930aa078d5f125d4b873ea8452a7bb982e261f2081

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 01:58:13 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 3458
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 33e0df18e53b8c3b3731a8f841a67d2d_XS.jpg
itwire.com/media/k2/items/cache/ 3 KB
4 KB 300ms
296ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/33e0df18e53b8c3b3731a8f841a67d2d_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

2ab954cf803f8473417a13d502bc7dfba9884317b2ae54b3ca9ee20cb42c6840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 01:03:44 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 3380
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 b0b59eccfdd39e3a777224e91d691d64_XS.jpg
itwire.com/media/k2/items/cache/ 3 KB
3 KB 300ms
296ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/b0b59eccfdd39e3a777224e91d691d64_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

87a1ce40f862c3e099ecca9b74c2d15ae0f6b5506e8a2152bc4be9384eb80b4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 00:51:10 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 2982
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 c1802ebf7a798e48f007b36b74b60fdd_XS.jpg
itwire.com/media/k2/items/cache/ 7 KB
7 KB 299ms
296ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/c1802ebf7a798e48f007b36b74b60fdd_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

5f9811380f3e1206d1c6fb11a3029efbdd1a43806b251ede9c507ded295acd9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 00:24:35 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 6975
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 0a8900485c59ff1807970ca5207bfa6d_XS.jpg
itwire.com/media/k2/items/cache/ 4 KB
4 KB 304ms
302ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/0a8900485c59ff1807970ca5207bfa6d_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

2c0f90dbab56a1b5112f72da04c142ce14d447d4cdb3ba2ee0a744f91d1f4a0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 May 2022 00:05:36 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 3690
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 c9e53c6cdb5d09deda418a0fd54bb525_XS.jpg
itwire.com/media/k2/items/cache/ 3 KB
4 KB 304ms
302ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/c9e53c6cdb5d09deda418a0fd54bb525_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

746023e2560c82cdbf7252e3fdf2ac8a5b3ae37066058df28d71b05dfad58a87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 14 Sep 2021 04:20:49 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 3536
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 5e0dc5188325b6c8cbf000a730202467_XS.jpg
itwire.com/media/k2/items/cache/ 5 KB
5 KB 304ms
303ms Image
image/jpeg 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/media/k2/items/cache/5e0dc5188325b6c8cbf000a730202467_XS.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

7e43e7f65a34f2c8add39ab9bfe96400e69fecac5a3c90066cd5bc561c509971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 05 Sep 2021 11:34:22 GMT
server: nginx
content-type: image/jpeg
expires: Mon, 11 Jul 2022 17:26:31 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 5261
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H/1.1 200
OK count-data.js Show response
itwire.disqus.com/ 238 B
821 B 97ms
97ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.disqus.com/count-data.js?1=99737

Requested by

Host: itwire.disqus.com
URL: https://itwire.disqus.com/count.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b957d62f1d74b3111469d2621aeec643b4fbb40be37edb9b0aaacbe75c7b6c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:31 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 691
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 238
X-XSS-Protection: 1; mode=block

GET
H2 200 rules-p-ucB5_cpmdZ-Uc.js Show response
rules.quantcount.com/ 2 B
354 B 60ms
10ms Script
application/javascript 2600:9000:2315:8400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-ucB5_cpmdZ-Uc.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:8400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 16:51:57 GMT
via: 1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
server: AmazonS3
age: 2073
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: DUS51-P2
content-length: 2
x-amz-cf-id: WdIsvShf_IwhynuocIVC26cwO3kw5NPKqKFYWgSu2ZkcXtoCI4K3kg==

GET
H2 200 pixel;r=994543441;rf=0;a=p-ucB5_cpmdZ-Uc;url=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html%3Fmkt_tok%3DNTY1LVBFSS05NTIAAAGEVkIOTJULkE5...
pixel.quantserve.com/ 35 B
372 B 24ms
12ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=994543441;rf=0;a=p-ucB5_cpmdZ-Uc;url=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html%3Fmkt_tok%3DNTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw;ref=https%3A%2F%2Fpages.mandiant.com%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-1082422906-1652376391873;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;d=itwire.com;je=0;sr=1600x1200x24;dst=0;et=1652376391873;tzo=0;ogl=url.https%3A%2F%2Fitwire%252Ecom%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-%2Ctype.article%2Ctitle.iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware%2Cdescription.GUEST%20RESEARCH%3A%20Mandiant%20has%20published%20new%20research%20on%20a%20set%20of%20%E2%80%9Cexceptionally%20r%2Cimage.https%3A%2F%2Fitwire%252Ecom%2Fmedia%2Fk2%2Fitems%2Fcache%2F9ae6ef8b3a893697754edf61e53c5ca3_XS%252Ejpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 May 2022 17:26:31 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 lounge.63860eb743c7d9d2adf0fa435788abe7.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 121ms
34ms Other
text/css 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Requested by

Host: itwire.disqus.com
URL: https://itwire.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 19:26:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4485618
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26078
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 21 Mar 2022 19:03:40 GMT
server: nginx
etag: "6238cc0c-65de"
content-type: text/css; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Tue, 21 Mar 2023 19:26:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: W15ojRa4RfY_MPm3z2aso24OZjU-gkJCKQqu7b24_QZun2Dq9q6qQg==
x-cache-hits: 0

GET
H2 200 common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
c.disquscdn.com/next/embed/ 0
93 KB 182ms
96ms Other
application/javascript 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Requested by

Host: itwire.disqus.com
URL: https://itwire.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:31:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1976125
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94755
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 19 Apr 2022 20:21:53 GMT
server: nginx
etag: "625f19e1-17223"
content-type: application/javascript; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Wed, 19 Apr 2023 20:31:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: YmdqDfi72NuQM9LZHj4JbCOR6lWtiE8lPnDFPQ3tdFYCc9fYaSI6zg==
x-cache-hits: 0

GET
H2 200 lounge.bundle.275044d1ea778800bd83f8337ba3d84e.js
c.disquscdn.com/next/embed/ 0
121 KB 141ms
55ms Other
application/javascript 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.275044d1ea778800bd83f8337ba3d84e.js

Requested by

Host: itwire.disqus.com
URL: https://itwire.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 13:10:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188175
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 123201
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-1e141"
content-type: application/javascript; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Wed, 10 May 2023 13:10:17 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: J2NwlcVbCuCUXTJDZWNTNjOpX3aXmk27UM-_xnxF9VdcNn3UpBG94g==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
15 KB 76ms
16ms Other
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: itwire.disqus.com
URL: https://itwire.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:31 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 28
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 15102
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK recommendations.js Show response
itwire.disqus.com/ 64 KB
21 KB 122ms
120ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.disqus.com/recommendations.js

Requested by

Host: itwire.disqus.com
URL: https://itwire.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

9846ff5f53af71c48c80e06368fca4b1d8c2f71b96f5255894d84b0969d47bfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:32 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding, Accept, Accept-Encoding, X-Forwarded-Proto, X-Disqus-Shortname, X-Disqus-Device, X-Disqus-Experiment, X-Disqus-Is-Private, X-Disqus-Development-Base
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: stale-while-revalidate=60, public, stale-if-error=86400, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 21275
Cross-Origin-Resource-Policy: cross-origin

GET
H3 200 socket.io.min.js Show response
cdnjs.cloudflare.com/ajax/libs/socket.io/4.5.0/ 43 KB
12 KB 40ms
23ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.5.0/socket.io.min.js

Requested by

Host: www.onwebchat.com
URL: https://www.onwebchat.com/clientchat/cc76c505b19c56e265381926e77e6e35

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ede4fdbaa1ac707296953a78476c6f3225934a17e2491860abb2193c946cb591

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1377207
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 11736
timing-allow-origin: *
last-modified: Sat, 23 Apr 2022 23:00:39 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "62648517-2dd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wnREM54BvfeqLXblYa75B2D7VykASzCawRnvThnfGtTBDzDgsTndB5Gx6tMUHFJZgLj9DacPvklj9vfvtfOWf0txQnWjixuzNFeOf1s9XJQdAuJfQwulzdFE9hos1f5RzC%2FPIYpVJ4pTzKrj16e3yKGU"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 70a4dc221cc2cc46-ZRH
expires: Tue, 02 May 2023 17:26:32 GMT

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame E756 7 KB
4 KB 121ms
121ms Document
text/html 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=

Requested by

Host: itwire.disqus.com
URL: https://itwire.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

091472df015e6b258e179ae19265bb52356cd9a0aca2600f69980e4c2c093da7

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://itwire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2988
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 12 May 2022 17:26:32 GMT
ETag: W/"lounge:view:9129872089.c2bfefe37451c051fa3eec8d0358ff92.2"
Last-Modified: Wed, 20 Apr 2022 00:52:05 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H2 200 recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
c.disquscdn.com/next/recommendations/styles/ 0
3 KB 50ms
49ms Other
text/css 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/styles/recommendations.10022a97346f1c6e3798931bbd8e4bb5.css

Requested by

Host: itwire.disqus.com
URL: https://itwire.disqus.com/recommendations.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 21:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17784187
x-cache: Hit from cloudfront
content-length: 2978
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 18 Oct 2021 21:05:37 GMT
server: nginx
etag: "616de1a1-ba2"
content-type: text/css; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Tue, 18 Oct 2022 21:23:25 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: NohTl5JS02f0oChHtgOD8ubiAthSRlkOQRXfEd18bRJ0ZpSZ1r05sg==
x-cache-hits: 0

GET
H2 200 common.bundle.a59fbd11efae764ccd959d61e4925fee.js
c.disquscdn.com/next/recommendations/ 0
87 KB 51ms
50ms Other
application/javascript 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/common.bundle.a59fbd11efae764ccd959d61e4925fee.js

Requested by

Host: itwire.disqus.com
URL: https://itwire.disqus.com/recommendations.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:31:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1976114
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 88804
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 19 Apr 2022 20:21:53 GMT
server: nginx
etag: "625f19e1-15ae4"
content-type: application/javascript; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Wed, 19 Apr 2023 20:31:17 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: jVh2J5-DibmkQLh22-ATLzS_-AFR7LoYInfjBsj87ilKlsccFuVb5A==
x-cache-hits: 0

GET
H2 200 recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
c.disquscdn.com/next/recommendations/ 0
20 KB 62ms
62ms Other
application/javascript 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js

Requested by

Host: itwire.disqus.com
URL: https://itwire.disqus.com/recommendations.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 20:25:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18392449
x-cache: Hit from cloudfront
content-length: 20244
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 11 Oct 2021 20:15:56 GMT
server: nginx
etag: "61649b7c-4f14"
content-type: application/javascript; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Tue, 11 Oct 2022 20:25:43 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: QkbcAnoGxgTJuWO9e9hJk1yhg41zw3hBfLEvHqDJ8QZFKN66ypqdVA==
x-cache-hits: 0

GET
H2 200 / Show response
www.onwebchat.com/socket.io/ 118 B
262 B 92ms
30ms XHR
text/plain 54.171.144.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.onwebchat.com/socket.io/?server=1&EIO=4&transport=polling&t=O2vJj5y
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.5.0/socket.io.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.171.144.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-144-161.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: aa61eb9fd8427b1bd849d8da1215aba5475895ee41369aacadacc79a4c56d398

Request headers

Accept: */*
Referer: https://itwire.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8

GET
H2 200 drop-file.png
www.onwebchat.com/operator/assets/images/ 792 B
1 KB 28ms
28ms Image
image/png 54.171.144.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.onwebchat.com/operator/assets/images/drop-file.png
Requested by: Host: itwire.com
URL: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.171.144.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-144-161.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 8f931f60a55c58028462cadf0c49671e7312d30c78ccd50797f315697968e872

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
last-modified: Tue, 17 Nov 2020 11:35:32 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "5fb3b584-318"
content-type: image/png
cache-control: max-age=864000, max-age=864000, must-revalidate, proxy-revalidate
accept-ranges: bytes
content-length: 792
expires: Sun, 22 May 2022 17:26:32 GMT

GET
H2 200 offline-contact-us-2.png
www.onwebchat.com/chatWidgetImages/predefined/offline/ 10 KB
11 KB 28ms
28ms Image
image/png 54.171.144.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.onwebchat.com/chatWidgetImages/predefined/offline/offline-contact-us-2.png
Requested by: Host: itwire.com
URL: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.171.144.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-144-161.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e14e57988f7e9fa2353c068a855d39e48624dc4f6d9c3af31c595f5839c7682c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: public
date: Thu, 12 May 2022 17:26:32 GMT
last-modified: Tue, 17 Nov 2020 11:35:32 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "5fb3b584-2926"
content-type: image/png
cache-control: max-age=6048000, max-age=31536000, public, must-revalidate, proxy-revalidate
accept-ranges: bytes
content-length: 10534
expires: Thu, 21 Jul 2022 17:26:32 GMT

GET
H/1.1 200
OK / Show response
disqus.com/recommendations/ Frame BC94 6 KB
4 KB 116ms
116ms Document
text/html 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/recommendations/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware

Requested by

Host: itwire.disqus.com
URL: https://itwire.disqus.com/recommendations.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6a21bde2397cf7061572f67604fcbe76cd33dc1cbe84e2ff4519ddd6869b0099

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://itwire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
Cache-Control: stale-while-revalidate=30, no-cache, must-revalidate, stale-if-error=3600, public
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2568
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 12 May 2022 17:26:32 GMT
Last-Modified: Fri, 24 Dec 2021 06:28:22 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

POST
H2 200 / Show response
www.onwebchat.com/socket.io/ 2 B
99 B 31ms
31ms XHR
text/html 54.171.144.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.onwebchat.com/socket.io/?server=1&EIO=4&transport=polling&t=O2vJj7W&sid=oiXXHXFGveL2WBMMThCR
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.5.0/socket.io.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.171.144.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-144-161.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept: */*
Referer: https://itwire.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
server: nginx/1.18.0 (Ubuntu)
content-length: 2
content-type: text/html

GET
H2 200 / Show response
www.onwebchat.com/socket.io/ 32 B
188 B 38ms
37ms XHR
text/plain 54.171.144.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.onwebchat.com/socket.io/?server=1&EIO=4&transport=polling&t=O2vJj7X&sid=oiXXHXFGveL2WBMMThCR
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.5.0/socket.io.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.171.144.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-144-161.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3cb1d46cf091f5277135d1bd3456598754c616afdae7654d7bf1a2ea87f985d0

Request headers

Accept: */*
Referer: https://itwire.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8

GET
H2 200 lounge.load.9db7f31f906666f4d56c3f4488ea0e6c.js Show response
c.disquscdn.com/next/embed/ Frame E756 958 B
1 KB 93ms
30ms Script
application/javascript 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.9db7f31f906666f4d56c3f4488ea0e6c.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b902d7ba78659a80d05f31e599aba4dec14072711d49c42eb3188a716adaf642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 13:10:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188175
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 495
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-1ef"
content-type: application/javascript; charset=utf-8
via: 1.1 c35525724b74ec2ec80741ffbf1ff218.cloudfront.net (CloudFront)
expires: Wed, 10 May 2023 13:10:17 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: zTmD2ECwRH2ApddK36XB-cthoPPX0T9CqMF2nPEH9_YsyWVW3_fNPQ==
x-cache-hits: 0

GET
H2 200 / Show response
www.onwebchat.com/socket.io/ 43 B
193 B 39ms
39ms XHR
text/plain 54.171.144.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.onwebchat.com/socket.io/?server=1&EIO=4&transport=polling&t=O2vJj89&sid=oiXXHXFGveL2WBMMThCR
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.5.0/socket.io.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.171.144.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-144-161.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89a422cb7b8c024ae2dcef40b03e2eb2e31bd6ca5dedbd4362ceb43fa0b70ac3

Request headers

Accept: */*
Referer: https://itwire.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8

POST
H2 200 / Show response
www.onwebchat.com/socket.io/ 2 B
99 B 37ms
37ms XHR
text/html 54.171.144.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.onwebchat.com/socket.io/?server=1&EIO=4&transport=polling&t=O2vJj8A&sid=oiXXHXFGveL2WBMMThCR
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.5.0/socket.io.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.171.144.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-144-161.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept: */*
Referer: https://itwire.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
server: nginx/1.18.0 (Ubuntu)
content-length: 2
content-type: text/html

GET
H2 200 / Show response
www.onwebchat.com/socket.io/ 73 B
226 B 32ms
31ms XHR
application/octet-stream 54.171.144.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.onwebchat.com/socket.io/?server=1&EIO=4&transport=polling&t=O2vJj8o&sid=oiXXHXFGveL2WBMMThCR
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.5.0/socket.io.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.171.144.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-144-161.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 4ef894d7c2274656fe54a71c63ee6c204a3585d533ac281614eb54df129e919f

Request headers

Accept: */*
Referer: https://itwire.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8

GET
H2 200 common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js Show response
c.disquscdn.com/next/embed/ Frame E756 282 KB
93 KB 54ms
53ms Script
application/javascript 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.9db7f31f906666f4d56c3f4488ea0e6c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:31:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1976125
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94755
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 19 Apr 2022 20:21:53 GMT
server: nginx
etag: "625f19e1-17223"
content-type: application/javascript; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Wed, 19 Apr 2023 20:31:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: K6LZLKekCAjEyMKCwM-3GiCZqqFd_8TDwcVllZeyT8UaVRjQplReDw==
x-cache-hits: 0

GET
H2 200 / Show response
www.onwebchat.com/socket.io/ 1 B
110 B 109ms
109ms XHR
text/plain 54.171.144.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.onwebchat.com/socket.io/?server=1&EIO=4&transport=polling&t=O2vJj9N&sid=oiXXHXFGveL2WBMMThCR
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.5.0/socket.io.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.171.144.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-144-161.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683

Request headers

Accept: */*
Referer: https://itwire.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
server: nginx/1.18.0 (Ubuntu)
content-length: 1
content-type: text/plain; charset=UTF-8

GET
H2 200 recommendations.load.9d352c9674ae8172f8669d3aa3a905e9.js Show response
c.disquscdn.com/next/recommendations/ Frame BC94 923 B
1 KB 37ms
37ms Script
application/javascript 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/recommendations.load.9d352c9674ae8172f8669d3aa3a905e9.js

Requested by

Host: disqus.com
URL: https://disqus.com/recommendations/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9b96fe0a7d9b194599c4a2982ba5efb84aa3999dae35fd93cc1c7e64659e20b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1976114
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 446
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 19 Apr 2022 20:21:53 GMT
server: nginx
etag: "625f19e1-1be"
content-type: application/javascript; charset=utf-8
via: 1.1 c35525724b74ec2ec80741ffbf1ff218.cloudfront.net (CloudFront)
expires: Wed, 19 Apr 2023 20:31:18 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: 2SU3fzAMIyebaVo1qaIxO_wvOL68P-PkPNCdKbaj8B8leQTbuVl4ig==
x-cache-hits: 0

GET
H2 200 common.bundle.a59fbd11efae764ccd959d61e4925fee.js Show response
c.disquscdn.com/next/recommendations/ Frame BC94 262 KB
87 KB 25ms
25ms Script
application/javascript 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/common.bundle.a59fbd11efae764ccd959d61e4925fee.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/recommendations.load.9d352c9674ae8172f8669d3aa3a905e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3ae0f120f30b95b1bc51b7440fb005c41cfc4560e3701763552c07b03a55a46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:31:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1976114
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 88804
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 19 Apr 2022 20:21:53 GMT
server: nginx
etag: "625f19e1-15ae4"
content-type: application/javascript; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Wed, 19 Apr 2023 20:31:17 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: yawzIbrMhYsnyf5Q0Q4IwkurIAMfPSG3mUAcW67ooHS3JBGvvn53Ow==
x-cache-hits: 0

GET
H2 200 lounge.63860eb743c7d9d2adf0fa435788abe7.css
c.disquscdn.com/next/embed/styles/ Frame E756 165 KB
26 KB 28ms
28ms Stylesheet
text/css 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

8784042e14531617c1aef40d7623d3dd1d0b24730721c779e0c3ae86ed03990e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 19:26:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4485618
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26078
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 21 Mar 2022 19:03:40 GMT
server: nginx
etag: "6238cc0c-65de"
content-type: text/css; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Tue, 21 Mar 2023 19:26:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: FxWyAXwUIhpO3dxBNzsWcIe_Ov8XdVzDzRfW7JmhM2fzL-qbgD5hdA==
x-cache-hits: 0

GET
H2 200 lounge.bundle.275044d1ea778800bd83f8337ba3d84e.js Show response
c.disquscdn.com/next/embed/ Frame E756 476 KB
121 KB 26ms
25ms Script
application/javascript 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.275044d1ea778800bd83f8337ba3d84e.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

6188135f984e2ff0352d6218a20717f620efda7d4644dfad19b792735a37cc8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 13:10:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188175
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 123201
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-1e141"
content-type: application/javascript; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Wed, 10 May 2023 13:10:17 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: pSxz-W4rU--hWYwPZZfUNqsTRB4IFsbcZCni-6PYnyNcBt4anIdZgA==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame E756 15 KB
15 KB 20ms
19ms Script
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

82347b68e5bf085e7bead889840d94fa93ec99bb81e6d50a9eb842619796605a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:32 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 28
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 15102
X-XSS-Protection: 1; mode=block

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2AF5 0
0 43ms
42ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuE8Ni5RuIRhwP6B3HWN78pBZQXVwaCT-W_9jniOsnsXZRCovzi1u-3VYYReJPPYtqnFa2Gewsj0znduRX7AdnHG05HUvMK9m3-S2NE1EBhHs3BotGTP14kQJ5tkRadnurCDzz1Cll4eWV-VgV344CzALkHiLU8EmXf2R-MGEISenzB7baDPHR5E6n9pTggbc_V9DIRiDUtaVaILrwmKneg6aEX14f-Sp3mQup-iB5Vp44nHkhkKF4OGq1frCLDmE7B6aQ60aSc5elGtj56hD9i4IkBeHDtE9ejw6M2Qdy8fEqN&sai=AMfl-YRxrQOnxdSRbc_KN2jHuKHflxfH4YgNFVWbj1qynYtfK9Zqz65ecsHfyxVIxgNsV5kx6pDZ3Kix8SMzdt0jbiC2AB6MDZ8tODTrgMJC3BgRs_FzIWivISczuQ7wrG8&sig=Cg0ArKJSzGshwJn_7OTBEAE&uach_m=[UACH]&adurl=

Requested by

Host: pages.mandiant.com
URL: https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 12 May 2022 17:26:32 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/ Frame 2AF5 19 KB
8 KB 38ms
7ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:12:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 831
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8007
x-xss-protection: 0
server: cafe
etag: 8765308293129799388
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:12:41 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/ Frame 2AF5 3 KB
1 KB 38ms
8ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:26:17 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2AF5 120 KB
37 KB 34ms
17ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37409
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652096384767712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 12 May 2022 17:26:32 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2AF5 0
0 40ms
15ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRiX5ZElk5IRaD3FswcsbNG5Cq75KdjRqSO10ButriWznwaQwxOKgwYFWnx6HzWb23GAD9NMpTKmtD9Bwm8CWkzRJjIgQ
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2 200 9612466565408600029
tpc.googlesyndication.com/simgad/ Frame 2AF5 16 KB
17 KB 38ms
9ms Image
image/gif 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9612466565408600029

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc8217182c8e42850f33282cb2942ca1e1d94cd386d25e503276457d9b42f856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 08 May 2022 22:43:34 GMT
x-content-type-options: nosniff
age: 326578
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16662
x-xss-protection: 0
last-modified: Tue, 16 Jun 2020 11:41:06 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 08 May 2023 22:43:34 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E245 0
0 45ms
45ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstn_nKbV-55fdAgyEaBU-NKHP6jUd_6ZYJlpSHheBekbAqBXCOc8E4IxVNU0OtfiMfCZHI9EhiVbmY52pNDkUl8m2HEi1_xFgxz0HwQ7kV6cYpcLv4CvxVHuAlP-__4uLIiynSn2nsv0zGxGtJOIY4TEvyGqVc1i3k_L3fF7HFalbwM3kg6xsPP0pJ0CyXzvndDkHYu3IlrtddPOL6QnnmZOb9r-9BlS9mWy6MUkD6OUB9hvQ238Sy1anG7a4WFHtMnIllhPJDY0jNKaeSFI85UXRPwhlbihghEDaN7&sai=AMfl-YQM-eNuqOLGWrLQXtIor-IYUzR2d1GBQUiaUXn6mn5brbZRxmCRwGmMqLsbs8pA12G5PvcKkLggt3OzHB1kRR73y51pXOQVBm0-gsa7EkShjCpuv4PdRlShTSk6dUI&sig=Cg0ArKJSzCTCPNeavdSqEAE&uach_m=[UACH]&adurl=

Requested by

Host: pages.mandiant.com
URL: https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/ Frame E245 19 KB
8 KB 30ms
11ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:12:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 831
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8007
x-xss-protection: 0
server: cafe
etag: 8765308293129799388
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:12:41 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/ Frame E245 3 KB
1 KB 27ms
9ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:26:17 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E245 120 KB
37 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37409
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652096384767712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 12 May 2022 17:26:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E245 0
0 38ms
17ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ54H5Rbvfr_kVtxSRp9yYZZrctfrTxoR2IAoEIaw6AOfeorYSWM2MeOoSTbmqJnaq1Ca7rexsY1ta5P910JbmSOWhW_Q
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 12758244069737409292
tpc.googlesyndication.com/simgad/ Frame E245 21 KB
21 KB 38ms
20ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12758244069737409292

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d251e5a947f0089b450fef99e28c0de91025bf5a4d6cc0c00289de402a3ff88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 12:46:19 GMT
x-content-type-options: nosniff
age: 103213
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21653
x-xss-protection: 0
last-modified: Thu, 05 May 2022 11:39:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 May 2023 12:46:19 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0716 0
0 49ms
49ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuBURgMOKQcWGeMrujNFh4nBlBWvFRqXp3rZgRyoyjttEsEfeX9O3b_3CBFkxWM6BVHJGZdAAOFA3m9thuzTmY2d4vSrZdXVZtwqi3K85rVzbIAxW7xt0hFz5EluMh7Ln25f97WcRDZDrUK2aDwatUZIoVitVGxIvLXUPERM-cq7hs-SRBa7NECnzKyhR7CRZnrmfSQAN3Kzc_MXDJknNYvz4a-lYwabpItmvdTQTl9mhdFyj-EvakmSG3VHvQSvamvkynjsptpD3vUeE5UpcqIhWVr8KT5_2IJ10ZzrPIoCmPS0ti4tg&sai=AMfl-YSny0jqCMc-3SqFZqxCya3VHMLNSBRBmKyQSmkkcbJaX0vEOFEMTJ87mm_bHXLbG10rNJ0qjVMwa1MLLr1yCY1mIvRqpHCkRtFMVUkuFNZwyMXU8ukMkNAwwRkOn_c&sig=Cg0ArKJSzGpraY2YUnYjEAE&uach_m=[UACH]&adurl=

Requested by

Host: pages.mandiant.com
URL: https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/ Frame 0716 19 KB
8 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:12:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 831
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8007
x-xss-protection: 0
server: cafe
etag: 8765308293129799388
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:12:41 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/ Frame 0716 3 KB
1 KB 25ms
10ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:26:17 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0716 120 KB
37 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37409
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652096384767712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 12 May 2022 17:26:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0716 0
0 33ms
17ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTw5WtJsuSHY0UYBcuEbfIqj3kM6CYshgts2CEPFI51fN3l_OwyWya4kvFYOVt0VfQ6oRSiGjSNzVxPuXHry0KZvtxNgw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 13384727401510389790
tpc.googlesyndication.com/simgad/ Frame 0716 139 KB
139 KB 40ms
26ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13384727401510389790

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

883cb76d4477b6d071f104d5c44d134c58bebcbba0fb8e181209270c4471cf1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 05:32:18 GMT
x-content-type-options: nosniff
age: 42854
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 142285
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 01:43:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 12 May 2023 05:32:18 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7473 0
0 45ms
44ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsthI32VlHr6UvMwaDrPpSlGEOXcNc9cZqE9da0DFc0lrrKAr2XyfzKy20ZuZixAJwTSuL5qbbJb1NSlIO0VKZ7SATFW4LzYXLufngNUjQz4y5EwJ1BiRFggL09EiqqbSSwoz6XXk0YrKqvTwxQ_K49fc2SWy9sxvu76lrbfYbeIYff2XlVJIW3-NmMFTmh5Lgwk4iCVHpIeSsn3juLqD8qhME5qrOzL3ZFI-AmXKZiYrcY-OAxr8oMFoJldp23vPUMl-SvMelAtsd3vrR3K8wJaAyxNUPWy66rgfqq1_GebKEFW&sai=AMfl-YSSFPY4Vro-ZOX9YxdVwt9IQiZrykrZlNVmMoiWnLyLXKxII-FczZh-f2Uvtbn4lPbNbKqCtpKy0uNxIwiHBx9VYHZMWMxqcGOXbEabqtbkoW5_gMRm5XnTn15bK-s&sig=Cg0ArKJSzKT8whRuE-COEAE&uach_m=[UACH]&adurl=

Requested by

Host: pages.mandiant.com
URL: https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/ Frame 7473 19 KB
8 KB 23ms
14ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:12:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 831
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8007
x-xss-protection: 0
server: cafe
etag: 8765308293129799388
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:12:41 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/ Frame 7473 3 KB
1 KB 18ms
9ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:26:17 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7473 120 KB
37 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37409
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652096384767712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 12 May 2022 17:26:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7473 0
0 27ms
17ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSZPXLFpFEKoMck8YD7WhxjWrBkI6vq1UhUx7f7xOC2AqJ9jCHB2OS-OfeBNW5Qm1IShe8J5x_FEwdmhbUwQ4g-FZsgYQ
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 14362888548162302237
tpc.googlesyndication.com/simgad/ Frame 7473 323 KB
323 KB 30ms
22ms Image
image/gif 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14362888548162302237

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2145b197e48c625d76c06e10318c51ff6678ee6ac5c652a4f4088195abf17c32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 12:46:19 GMT
x-content-type-options: nosniff
age: 103213
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 331107
x-xss-protection: 0
last-modified: Wed, 04 May 2022 09:57:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 May 2023 12:46:19 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 76D9 0
0 48ms
47ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYk2dMrkgEmCWY_8eYQk-dA7pOk5h6NGZ120u3S8bxL5Z7HAYicwDrT1teXh27vNtTZD-xk6XEiSkjZqYZ0bxrqZ88W3k_cJvaNrJmM9cS_igJZu1PmfofhB9UHx3yCh_3F-bP0gzdydlEu0bdXxxhKJnaNuNvSfkfwKgikqPwYEy1gtskTlIBjthm1rLXfprvvLedON9Y8b8_qFuiADo-p7Bz-mAErr8XPxhp1e0lJL2Jl_Qw4JXVNLTiSyphIsmejaePlYB9sBNbHNT5sO2gwZj3ZPQ8fPwYZZiwItrTxKzS&sai=AMfl-YSRscalDsW7mzkq_wgngBUM8lFGOG3eGLp8StoKoQ_LN4c_giTG5MgUhAEqqBPjXpwpbz9QvqbL1PDqiJx7qjzYuImAH-i45XiAyvjnOAKOhkirLdxwS6ZKd87g0gw&sig=Cg0ArKJSzJRwl29TEb4eEAE&uach_m=[UACH]&adurl=

Requested by

Host: pages.mandiant.com
URL: https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/ Frame 76D9 19 KB
8 KB 18ms
13ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:12:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 831
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8007
x-xss-protection: 0
server: cafe
etag: 8765308293129799388
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:12:41 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/ Frame 76D9 3 KB
1 KB 13ms
9ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:26:17 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 76D9 120 KB
37 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37409
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652096384767712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 12 May 2022 17:26:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 76D9 0
0 23ms
17ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRel9BxxJYOxAZ3FMLF0_bN4c5YMEFPIKUGf9M5Xr95zd4MjrJABB5x_xaDllNMd5MOZq3FZUZBrSv3CSTzftSOaLPRiw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 4399749991130777281
tpc.googlesyndication.com/simgad/ Frame 76D9 78 KB
78 KB 23ms
20ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4399749991130777281

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cef44fcbec04ee4e5604ce986c7ac6cd536618b4d3c8acde77660cb7e389e31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 08:26:13 GMT
x-content-type-options: nosniff
age: 32419
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 79485
x-xss-protection: 0
last-modified: Thu, 05 May 2022 05:30:48 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 12 May 2023 08:26:13 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A88D 0
0 47ms
45ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssQjmH8Kdar2CFDDf3gm3P4xBMNYJxERdMdRGBfiSvO0rhU6p8CnlMPOS0opEL5txWNDmSY3usGfm-DvvIvSACCWi_KoN9Ey6_Hm8kHXPgzg0K2dgC0Co-S_P5GKljLWp87cd-o2_FH3UWuZaLhi-WUNLWGm74sEcUSM8CfmIen-Qg-Ar10rJoYf3T7ysTkpr3cmgvrajY3RMauQgMivMbr8STqmNVSl8FM1D_YDaeuvvDDBjBySD975nPVhRzebgvxvJNdbe6yJJa0rlFYMbyyvzJEE3WJb2p0a9ow2RM2EUc&sai=AMfl-YQqKg252Ed6kI6-vU3KesnnX7XW_zkU3PYA5yKpjpg-hRQR8tnffBpEI2IfRpfRfEQGUdAQtUf9WUZhpwFE7qBTH3UhMJd9LyRx5hjAZrtSZlkTIua2Ms83-n4Egz8&sig=Cg0ArKJSzJnmaNLvBkXdEAE&uach_m=[UACH]&adurl=

Requested by

Host: pages.mandiant.com
URL: https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/ Frame A88D 19 KB
8 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:12:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 831
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8007
x-xss-protection: 0
server: cafe
etag: 8765308293129799388
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:12:41 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/ Frame A88D 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:26:17 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A88D 120 KB
37 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37409
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652096384767712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 12 May 2022 17:26:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A88D 0
0 18ms
18ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQKSZsFtu3oj32tgErgFfBfbV-0fveMkMTwUafGkBHu6A8rKz4GRLLYO08dZI-m4fUZdht2PjsSjFsrO6Y38KQmBxMI9w
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 10307784267471788818
tpc.googlesyndication.com/simgad/ Frame A88D 130 KB
130 KB 25ms
25ms Image
image/gif 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10307784267471788818

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32fd41d731cfca48bd5de986c853d6831f461d99facd921cc083b427ee692153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 11:17:05 GMT
x-content-type-options: nosniff
age: 108567
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132722
x-xss-protection: 0
last-modified: Wed, 04 May 2022 10:06:07 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 May 2023 11:17:05 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 37F8 0
0 45ms
45ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRgA9sswKv98Gk4ofbAWCK5OTJTHcwugXThbmkWAVQs2b1QDfIqDu_7Stbbut3Ptd8vu0GSH9hRr5ER6Dy-7NU59x-3f0tbJNvcr6Bk9fQVfYASvHhCrG2xbFkR53Zd34C7EIdamKVDIUtL2HKL4dK1E6zBXH2cY_5OJk_8316taykZPlAFd8Z2FSkv7rPwr0hmSu4FCFt7K8W4a4Ch4TdCgfSler0euLRx5JDQpYco9WNbjsCDRQ-adrfKh2iCDCu7dB9YdGypbtAd9xSM6Smo3W0iyPA1cW1USqg2Jd8og&sai=AMfl-YShfmk9vZMj2Bscn9rPcAMlx0XRGbN__NJ1roy4FQ8VvSk0v9E1MEAsL5Ma_EcHPB_p-mmwkz0rrx2_SbeR6fS81Ra-uWoj1XkcxGb8CMUieb58mupfIQXEErPC93c&sig=Cg0ArKJSzAG_HZTA3osOEAE&uach_m=[UACH]&adurl=

Requested by

Host: pages.mandiant.com
URL: https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/ Frame 37F8 19 KB
8 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:12:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 831
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8007
x-xss-protection: 0
server: cafe
etag: 8765308293129799388
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:12:41 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/ Frame 37F8 3 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:26:17 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 37F8 120 KB
37 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37409
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652096384767712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 12 May 2022 17:26:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 37F8 0
0 17ms
16ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRyOCLkeosJ6fPO6ul_K-AY5_utePtzIvV2415j6652NwCP7MEmyheot2wsFcbz1OGdXNTyszrXQcK3PnFVvAxtbuXZ0Q
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 9141309736678285347
tpc.googlesyndication.com/simgad/ Frame 37F8 18 KB
18 KB 22ms
22ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9141309736678285347

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

531e9af44c9c3cc163955e775a811007d736c385a4077335bbf258b9da3a4ea1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 06 May 2022 02:50:36 GMT
x-content-type-options: nosniff
age: 570956
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18180
x-xss-protection: 0
last-modified: Sun, 03 Apr 2022 05:24:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 06 May 2023 02:50:36 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0E5A 0
0 47ms
42ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPByUX5pQ2xHgDyLMpn6xE2ou6jP0YfZM7tyfhgIyElo2Tb-6fyh1idcJAm0GJ7yZy5dqtHGEbFqHUZFuTxpV3iCe4_xzfjZwvvxMx0Slxp4Cdkr62UWChZXQswGWbdTBgfDC8EJhAKo-Niw8MWOxM9f6uxDxenhYGXCg_qzXuHklzrGfprVDFiwcFLNzIQoUGtQgG36n4m7-kf3Rck2wBwc0WcgQ94QjM-4hUM1oYN0EMq2qwqrT4w_CXm7SOxI1cfwiOQxmdtVulw31RNiamjiQ-s1qWCSCPTvgPIE76-aDNsRYAdA&sai=AMfl-YTDlVNuPxQIJckByn6HirlzD8njey6I7amDqv90y6Ow9y1NRsh9FE7Ie3OkAS-fYuRNbLrqy1EsJYy2Ioim3N8W37dqcS1qb5lDjPFKfWDsD2Pmk3q5T5RIaTPNdmg&sig=Cg0ArKJSzAuRBX8zua4EEAE&uach_m=[UACH]&adurl=

Requested by

Host: pages.mandiant.com
URL: https://pages.mandiant.com/NTY1LVBFSS05NTIAAAGEVkIOTL5_s1eX0zZmjjpGyw-O7RWcwkSx9EtsB5XAL_rptnwlSyzun77jC8_57Czw-HVQlPA=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/ Frame 0E5A 19 KB
8 KB 16ms
11ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:12:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 831
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8007
x-xss-protection: 0
server: cafe
etag: 8765308293129799388
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:12:41 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/ Frame 0E5A 3 KB
1 KB 21ms
16ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220510/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 May 2022 17:26:17 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0E5A 120 KB
37 KB 33ms
27ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37409
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652096384767712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 12 May 2022 17:26:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0E5A 0
0 23ms
17ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSF4J_TlJc_KfY8_tQxJTA4ma49dRtjMnF6pugTutSa9FV88m0dcsdEB3JTUBErs0wYk-N0NdHCevx55jQdHzdXqbHOBQ
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 6191585294395192724
tpc.googlesyndication.com/simgad/ Frame 0E5A 323 KB
323 KB 24ms
19ms Image
image/gif 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6191585294395192724

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2145b197e48c625d76c06e10318c51ff6678ee6ac5c652a4f4088195abf17c32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 15:37:19 GMT
x-content-type-options: nosniff
age: 92953
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 331107
x-xss-protection: 0
last-modified: Wed, 04 May 2022 10:00:06 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 May 2023 15:37:19 GMT

GET
H2 200 recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
c.disquscdn.com/next/recommendations/styles/ Frame BC94 14 KB
3 KB 34ms
33ms Stylesheet
text/css 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/styles/recommendations.10022a97346f1c6e3798931bbd8e4bb5.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.a59fbd11efae764ccd959d61e4925fee.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3eee15d11eb29b6f2258cabfeeca39b3b900a7cae96fc7919b27789f3470b9f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 21:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17784187
x-cache: Hit from cloudfront
content-length: 2978
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 18 Oct 2021 21:05:37 GMT
server: nginx
etag: "616de1a1-ba2"
content-type: text/css; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Tue, 18 Oct 2022 21:23:25 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: 3NsluuqMJTAT3IvI5dewapEnD5hEOum7XEVTtVAyNPveb_LEUsyXcQ==
x-cache-hits: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0716 0
0 43ms
43ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst1uiWxdJUdr7bCoMXcQc2PDvRs8_HI9YZ1pdK8mUi8XG2yJJRT7_4iXqvQgowF_uH_ktQvLWH4UIqL0b2_OUMER4RiJa4ffPfy82JTGujsSVCc-HD9KAT88BIiDslDmT2tzAJBFEXR43F1DzWYeYh6Dl1DHzy41LLcCNs8KQS77ClVwPteuN0jEevFIPZyq0D1ruU9pUMDG9gg9sp9fyMLlWRklPiue6U2uf77nxJzBFMJK-N_TmcLKunVB5IU80wHkEUeM278AiDLVczcA8vI2JTLBYvgsU2lv-yItJgw8BRDbEp2toOx&sai=AMfl-YRKwxOS3FYHE_6LWSi-LDFdoyusLqRsW8f6Ak4OAuQJne8gpdb3ixwrWMw-7rcATxMxKyWQc_M2rrRytbu5KwxIFUJf6AgxrpC1z7en9wpm5rG1b7-8Nxv88etsVfA&sig=Cg0ArKJSzJ_sbXOz07SDEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 12 May 2022 17:26:32 GMT

GET
DATA 200
OK truncated
/ Frame 0716 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b22c6381f9a3ff5fcc3d049354b0b8edf49ceee6c455a49b3e666ede8832c535

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 76D9 0
0 42ms
42ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssin4FJ6O9WUUKB0kAqcJeSMxOAjXI-4AE2md90FN58LBy8LK1THBr0TmArEORhCLwhrsfFmtetv22B37wBTXcWa2dIFO_KlTSpLvaLNpBBS09iiHBDl6TUWoo71vpHlGdKV1W4WBA7-hiG7sKszu4HpdcgF1IwHman30FHS6zYzRL1gaDiH98W7f5BMGFzsJevcKZR1j2I3TsXw1Mp8oHxhy2oBThNpp5TkWOjjT7RTFEm5hlGpNQT9PCM9x9Yg96CiJinfqw6fj-iMPhDd8AGjwl9JjfMoQdlwPTSCYNwikRWlBU&sai=AMfl-YQ4xyAkrxs6FYeJ8CZoBynBdTVTmKdKYunSMtRxAdsVl5aPlPn9wcSkKBMbpVWFP6hBUs2XypQB_PeaK2oNQ34cqC1Ow_QYbaORGhecA49RvuLjbX10iXp_RKfdYhI&sig=Cg0ArKJSzKOsO4kMqmo9EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 12 May 2022 17:26:32 GMT

GET
DATA 200
OK truncated
/ Frame 76D9 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 74af217133cf8dd0a8be093dc568ebbe7ff93362a2286b53646420c3095f3691

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame E756 4 KB
4 KB 114ms
113ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=itwire&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

65308d3b0ee14eca6ace2f1fcea1ec8dbc444266ef803d3ee41f49e77f1679ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:32 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3646
X-XSS-Protection: 1; mode=block

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2AF5 0
0 42ms
42ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst9u1yQLCStUhaqEN9KxLPqH-11sENArCtKIWMZJGQ80gEncrAQAqH-E69tNH4a9aynxszjOFo0PV5yqOIELCpRmCk2MKA4xFj7uO2LM2sWNXiNYGD3ZOrzJBBW9twU-R4Ev61m6An411RkZTKNwYiGzc3rCB6DCSutmuMQIFATTBo0BzEWPkEex7xKL7ajozJ-CzaLIvGdjXRCrYB5wy7TQ9U4fMXRbbnWnv7wqDe9zpjw266Av8z96LWva1lJhhqqle1dTqDNX_Vrxb8I9YEWYmPNyV8zm-uGxg1wqBUkm6AHBC0&sai=AMfl-YQT6sNHuXw2PQpLDgz5Jx-uoqzfHWYuVrZggtf6PvwoWug870l8WPRkktt_rViBHGeMag3dtndRe9mMI1MR3pExALZG8YDGxFSPV8DgujUoVlCO4JSr2C4JuYVDVCc&sig=Cg0ArKJSzIGcmASzFt3pEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 12 May 2022 17:26:32 GMT

GET
DATA 200
OK truncated
/ Frame 2AF5 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84517b4438237af7dc9b008019d72e64e685981284e6f297448435ca5deb5ada

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js Show response
c.disquscdn.com/next/recommendations/ Frame BC94 65 KB
20 KB 25ms
24ms Script
application/javascript 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.a59fbd11efae764ccd959d61e4925fee.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

dbffe4825c6ba1f19ff48607381ad4384b0609b64998830502c130f00abe887d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 20:25:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18392449
x-cache: Hit from cloudfront
content-length: 20244
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 11 Oct 2021 20:15:56 GMT
server: nginx
etag: "61649b7c-4f14"
content-type: application/javascript; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Tue, 11 Oct 2022 20:25:43 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: MdjtN9m_ftehviTkGS7NnYTQZgjYs7qIwRxVu9cSejHTo5KfZShVBA==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame BC94 15 KB
15 KB 20ms
7ms Script
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.a59fbd11efae764ccd959d61e4925fee.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

82347b68e5bf085e7bead889840d94fa93ec99bb81e6d50a9eb842619796605a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/recommendations/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:32 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 28
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 15102
X-XSS-Protection: 1; mode=block

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0E5A 0
0 42ms
42ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvjHzrBCJXuprAOSiLbEk-GObtwFgRvrk9O8FVA4LVnDoPXdaP4yuZwL7hJ4T8djR7HDLOHK-trunJDOg7uRnQh3VdjgrOHLUIoKPSgo5TXT4VNTlEmYBUyG1sEf_FzR54bJAYXkd4N8o2vQeUwqr5Qneijlro_9PWQ-TS7Y5rIGJemoT0qa0A_Jy68RrSu_ZeahiFdhmGnvgNlF0gyTBmd0Bac3Rfw9JG271ZeWFKQ3ZAda8LYYxSiBpJIh8QiK09Pe5Zzwq1n5q8TiQIL4TMPPuX2cbKwWcyAG_mOKWVKuBW6oG4ao8aL&sai=AMfl-YS5_MzWDP08qQVWS1QUNuY9GraVcQkbPVYol3WwLVTt7G5NQ2G6xxopALwPeauWs6Ulh587C0QQzZuAzVU5i-M5ffu-nXteAZ-p-1R2yKHeNndgZ6MXe5wMTEkF9Dw&sig=Cg0ArKJSzPLJLGVJhu6VEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 12 May 2022 17:26:32 GMT

GET
DATA 200
OK truncated
/ Frame 0E5A 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ea68ce2553c9a6890e5c079936ddb541b987624eeb40b129a15d8d0aab77a2dc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7473 0
0 42ms
41ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssa_f7qeovsBLQ7KTCkGnVwRYRd5ON9vat_6i9Sj1qoJmS8xRPBPV9f-GKuf8RzHTs-BqoztvXemV0a9yKaaHPvhODy_HlAADbAMGNdoZ3jw2SpCvtE9YxD8RIYyDOIMkKzCOTdpZWpSQqS6liIwhHpocx1nPMkh2aWjNJU_gvyBhUFNqO6xAyVRNJtr6IkQfvp6j_bH1ayBb0WG-buj-Pu8yxPDgZg-SeKusTLvKkTfBHixWq54KczeKg_2Qpfpwrahg8K6EshCo5UkscQYw5yO5eAz_QJ-PoZIxGNnf16BioIsqs&sai=AMfl-YR0PruREr5OhD8br6KI6IlvuqlxdLUe2dbF0pH2upN1UomzW7bb98SUF327K1tSPr456Qq-hH2nhLYZFYfRz4CdVbioUsteuXJLdr08fHqwSzf6TPKsx4DUcIJ-mGI&sig=Cg0ArKJSzPX5Djh9LqkfEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 12 May 2022 17:26:32 GMT

GET
DATA 200
OK truncated
/ Frame 7473 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2f83e6036c67a97fea9f25eeb37019e5693b573f2abec847040419a635c4e64e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E245 0
0 42ms
42ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssbYbfi0R7BjRSdJi_7l3t_vrPJGogk9wqMRShUqcP-XuFedTRNt_3C2C3kjUHuHUINmeKHLcgcCnkaXD4koFlNrFzSHNMJq1Yya_TwZkPWlWiy2yOSUbQrfE6UoqUZNct3QmBHl4ofaPtgyprmq7nLUY9m0jpvssy5hNvTg44oFUXtwLKE-0Y-BdrF3C-GZdpTsVXJInbDQEStTVYd2kFS_mG7jBAzedvRVxG9rxadHf7FAllaEtgAzmqFfIern0D3SauvtaKE_OCU4ronZ2l4ah6S16yt7V5YRsagr1E&sai=AMfl-YTZtgHW7LwovuS9E9lPRz7LNs2lhON1XMHseTi1Oj3dCOzSm1ozU3vPINeT19ee14Eo71BSZ3Ww-SgIQoBNc1-5kcIRx4QkHuGQpl7UJoM57RGxAvQVVAeEMhijEf8&sig=Cg0ArKJSzMai1gaEkN81EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 12 May 2022 17:26:32 GMT

GET
DATA 200
OK truncated
/ Frame E245 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3301a14f839072c3d84e2e6d6019f3b6d2ad2aaefedd02a67dbd0c41832e86ff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A88D 0
0 44ms
44ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstrIBaADISJLVgx8r8VO_uJ9xnhQe75sqwv_Upnw6b_xV6qGMcq_yHdyrewyGwo_91aqX4x5WRKdG2Dy9Us7okMjOI_ldhcIHTeh_8Qlm-hl4efT6HNxtlSfyUqAeSKauWqEa_yOtW4SSoRskX7i6nfeDYsSDFhsL8qccFBjQBFfmj5w8S_6h03f6-UP_XgkI6qkqTYdJ5R9V6tnErIIPLTWyILP0x-a568fxWY9kd_NsJ0rHT4OyRPbE51D7qUkrZNOs0tV4_P2OVTEEMEHYYw_ScGslVe-eQc7gTTewEpPTpTzw&sai=AMfl-YSTi_7BFuzJAqW7aH-yBuRomAgttbtIm5A58OFg_CjIa1pwdfNUgrty-nJVzkcodAJGeLARqQwt6_mAZT82AArpZJTbkCAOGi8NPbfIGQr3LOVIGf7YbbvB31_AQng&sig=Cg0ArKJSzNF7czYBAW_ZEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 12 May 2022 17:26:32 GMT

GET
DATA 200
OK truncated
/ Frame A88D 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b682441f6f22c205ec30ae01997998e6346b1b3bf1ab498f398da151eb239de3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 37F8 0
0 47ms
46ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssFNQ68Kag_b-HigTI3cIAkhT7kph39DWGTSmb4bKzCZtdJ1nWGoKzkAS-q93h2wKQ2O_FI_pSOGJgo19vgeguIEy98TKNsXvXTZhUBBdkWhERcalGrUcwZ6QTDdgio2i0UgeYvC8OtTts9vOesyjgh_7Zf4xJsxfYqq3Yl9_Rlrcg4wJhfmk184KLKDIAI1QVH8oWVrtuVtRlDOIU7X7abT211AnkM_xqWRcaz1vMpBOAC5e1QaKyqNhTHKchnt8GZRKDgX3QwMzJtnYsmCBKuT9dMrKPdegYQzThVgrDCVLDU&sai=AMfl-YS7WlDMMO9em3IP7xFrs3XHu1Zb62aWYx92S0dtvEHp4znk43VUvWcxBT4P-TSVJlJWTugrLSAQdg1SWu-fU7VRBPIHa7BFStqZqNvzCZtCiSyveycGTfpVGX7HNm0&sig=Cg0ArKJSzEmVt9bE8PrLEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 12 May 2022 17:26:32 GMT

GET
DATA 200
OK truncated
/ Frame 37F8 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c2424c2c64d584b3f2360ea6ebc0efd5359f07b96a5469833f4f09e4d44c24c3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 58ms
22ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022050901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93530833a692fc04fbc3c67e0e8d4a07b6873ee9ed42e3a5d5662e768c29fa53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10658
x-xss-protection: 0

POST
H2 200 index.php Show response
itwire.com/ 16 B
342 B 327ms
327ms XHR
text/html 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to

Full URL

https://itwire.com/index.php?option=com_ajax&plugin=rstbox&format=raw&task=trackevent&box=49&event=open

Requested by

Host: itwire.com
URL: https://itwire.com/media/com_jchoptimize/cache/js/1b4778f91aa208954adc0b1f291a028d.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
X-CSRF-Token: 0beb0af2b38ecd7b6b83d65c40f3a22e
X-Ajax-Engine: EngageBox
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=0, public
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
expires: Thu, 12 May 2022 17:26:32 GMT

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame E756 1 KB
2 KB 122ms
122ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=9129872089&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

25b2f9fad5ce7e9052da7595f6f80e790c7e906dd10bb2796b1e4b164fb9bfa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:32 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control: stale-while-revalidate=30, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 1351
X-XSS-Protection: 1; mode=block

GET
H2 200 noavatar92.png
a.disquscdn.com/1647409581/images/ Frame E756 2 KB
2 KB 56ms
13ms Image
image/png 199.232.198.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1647409581/images/noavatar92.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.198.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1199689
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA6-C1
content-length: 1644
x-amz-cf-id: dD--S8btDyn4ws21rumbASG_QJ0iEfOPOsmmNYWFPiPtNzDjcl3H5A==
expires: Thu, 28 Apr 2022 20:11:43 GMT

GET
DATA 200
OK truncated
/ Frame E756 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame E756 13 KB
13 KB 25ms
25ms Image
image/svg+xml 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 14:37:41 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 1219731
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Fri, 28 Apr 2023 14:37:41 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: xdK0r4MIgVTMyCpNDSHpx0d_BaL8FED19fK4YE2SQeMUAar0Mp3FWA==
x-cache-hits: 0

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame E756 3 KB
3 KB 26ms
25ms Image
image/gif 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 04:58:07 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 8512105
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 26 Jan 2022 21:59:15 GMT
server: nginx
etag: "61f1c433-b9b"
content-type: image/gif
access-control-allow-origin: *
expires: Fri, 03 Feb 2023 04:58:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ReFwsUU4OpOf9IlxwFOiIUncJy5nAWR61jlP1ErXkM2sKuHK5lAYXw==
x-cache-hits: 0

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame E756 2 KB
2 KB 26ms
26ms Image
image/png 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 19:47:48 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 20036324
x-cache: Hit from cloudfront
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 22 Sep 2021 19:30:27 GMT
server: nginx
etag: "614b8453-6e3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 22 Sep 2022 19:47:48 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: bNuor22cTLC61eSvDU2_IUHblS_L20H-3K9wd1d4xHylVfZGUiQ5Nw==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame E756 8 KB
8 KB 39ms
39ms Font
application/octet-stream 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 09:58:18 GMT
via: 1.1 c35525724b74ec2ec80741ffbf1ff218.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 21886094
x-cache: Hit from cloudfront
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Tue, 24 Aug 2021 21:06:44 GMT
server: nginx
etag: "61255f64-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Thu, 01 Sep 2022 09:58:18 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: onoiqx2TFimaOAljQalY8wCuzM9BUT49491XTS7iyyDxt19dS4n7vg==
x-cache-hits: 0

GET
H2 200 0902_CDAO_Melbourne_ITwire_300x250px_PNG.png
itwire.com/images/ 97 KB
98 KB 262ms
262ms Image
image/png 101.0.65.50
HOSTOPIA-AU Hosto...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://itwire.com/images/0902_CDAO_Melbourne_ITwire_300x250px_PNG.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

101.0.65.50 Albion Park Rail, Australia, ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU),

Reverse DNS

50.65.0.101.static.digitalpacific.com.au

Software

nginx /

Resource Hash

681fcade87d611663d6286f25e76c7a9bb994fef5e519c002d269b7bdce56c10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 May 2022 06:32:35 GMT
server: nginx
content-type: image/png
expires: Mon, 11 Jul 2022 17:26:32 GMT
cache-control: max-age=5184000
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 99655
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE

GET
H2 200 alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js Show response
c.disquscdn.com/next/embed/ 78 KB
27 KB 26ms
25ms Script
application/javascript 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js

Requested by

Host: itwire.disqus.com
URL: https://itwire.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 05 May 2022 15:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 612062
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26578
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-67d2"
content-type: application/javascript; charset=utf-8
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
expires: Fri, 05 May 2023 15:25:30 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
timing-allow-origin: *
x-amz-cf-id: wPntx62NNllViYzKxobtyRe3u4jPZDnVY4uLfYf38US7vhjXG1aIFg==
x-cache-hits: 0

GET
H/1.1 200
OK lounge_dynamic.gif
referrer.disqus.com/juggler/telemetry/ Frame E756 43 B
339 B 113ms
96ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/telemetry/lounge_dynamic.gif?embed=194&frame=330&asset=244&render=2&total=753&frame_rtt=123&config_rtt=20

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 12 May 2022 17:26:32 GMT

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame BC94 4 KB
4 KB 114ms
113ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=itwire&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.a59fbd11efae764ccd959d61e4925fee.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

65308d3b0ee14eca6ace2f1fcea1ec8dbc444266ef803d3ee41f49e77f1679ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/recommendations/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:32 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3646
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame E756 43 B
339 B 127ms
96ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&load_time=443&event=init_embed&thread=9129872089&forum=itwire&forum_id=1380737&imp=25cgua62cn3ofi&thread_slug=itwire_mandiant_warns_of_incontroller_ics_malware&user_type=anon&referrer=https%3A%2F%2Fitwire.com%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame E756 13 KB
13 KB 25ms
25ms Image
image/svg+xml 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 14:37:41 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 1219731
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Fri, 28 Apr 2023 14:37:41 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: EbRlhxMOaVAzDvDG4gYhiSXHRbPVGgxmQZXVqR9h4qah6mGFHIIITg==
x-cache-hits: 0

GET
H/1.1 200
OK listRecommendations.json Show response
disqus.com/api/3.0/discovery/ Frame BC94 7 KB
8 KB 97ms
95ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/discovery/listRecommendations.json?forum=itwire&thread=ident%3A99737&limit=8&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.a59fbd11efae764ccd959d61e4925fee.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

89a261190fb7d16fbfac7bf148e49dd9c3ea81d2b3a4b9f90429899add493b85

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/recommendations/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 12 May 2022 17:26:32 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 691
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control: stale-while-revalidate=450, public, max-age=1800
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin
Content-Length: 7543
X-XSS-Protection: 1; mode=block

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
102 B 79ms
30ms Image
image/gif 2606:4700::6810:a00d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=1&rn=6.314058641863635
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a00d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
cf-cache-status: HIT
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
age: 8
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=15, must-revalidate
content-length: 43
accept-ranges: bytes
cf-ray: 70a4dc280ea901f4-ZRH
x-amz-request-id: VDJF9YR9H3R2021E
x-amz-id-2: Boxb5MGLdCq3YhWk/YXBIARKXQZFlEbZxiwqoKpG9In5F/bXGzJvKp+ERZPB9eL3wSwW7uRCWVU=

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
431 B 77ms
29ms Image
image/gif 2606:4700::6810:a00d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=2&rn=6.314058641863635
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a00d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
cf-cache-status: HIT
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
age: 8
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=15, must-revalidate
content-length: 43
accept-ranges: bytes
cf-ray: 70a4dc280ead01f4-ZRH
x-amz-request-id: VDJF9YR9H3R2021E
x-amz-id-2: Boxb5MGLdCq3YhWk/YXBIARKXQZFlEbZxiwqoKpG9In5F/bXGzJvKp+ERZPB9eL3wSwW7uRCWVU=

GET
H2 200 upvote-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame E756 8 KB
8 KB 29ms
28ms Image
image/png 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/upvote-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:21:53 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 279
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8170
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-1fea"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 12 May 2022 17:26:53 GMT
cache-control: max-age=300, public
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 5999iM0-W6u4nLJqySTYi9i0itGaCsTTAqtEwAr2LAYVjzgDnqs7rA==
x-cache-hits: 0

GET
H2 200 funny-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame E756 9 KB
9 KB 29ms
28ms Image
image/png 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/funny-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:24:39 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 120
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8883
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-22b3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 12 May 2022 17:29:32 GMT
cache-control: max-age=300, public
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: oPd6_cY7mhhWU85UQkPcYMU6H2YvXOqV5uz5cUqjKAzXrfRgQY8BwQ==
x-cache-hits: 0

GET
H2 200 love-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame E756 12 KB
12 KB 30ms
28ms Image
image/png 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/love-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:22:31 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 241
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 11910
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-2e86"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 12 May 2022 17:27:31 GMT
cache-control: max-age=300, public
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: XPkPjNXVkRRl3swbVDauOUWa1Y6-j-n2VwTh91NQQ0mvVcwzL6brew==
x-cache-hits: 0

GET
H2 200 surprised-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame E756 7 KB
8 KB 31ms
30ms Image
image/png 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/surprised-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:23:36 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 176
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7308
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-1c8c"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 12 May 2022 17:28:36 GMT
cache-control: max-age=300, public
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 39Kx0zrVW6-jJJdfaWIDsA6d-qq7eTGsRJOnxA585_UpXrtgA0D8hQ==
x-cache-hits: 0

GET
H2 200 angry-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame E756 20 KB
21 KB 77ms
76ms Image
image/png 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/angry-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:32 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 1
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 20675
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-50c3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 12 May 2022 17:31:31 GMT
cache-control: max-age=300, public
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: nsQ8tB6o_a6452aBMPxaU32n96p-awGu0X8ujhkmX4MZXDPCg_vcWA==
x-cache-hits: 0

GET
H2 200 sad-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame E756 9 KB
9 KB 32ms
31ms Image
image/png 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/sad-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=itwire&t_i=99737&t_u=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html&t_d=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&t_t=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&s_o=default&l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:24:13 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 139
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8986
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-231a"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 12 May 2022 17:29:13 GMT
cache-control: max-age=300, public
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: OV9zvlOTDr8Ssz19NAcXXlmgtqnSiAMV2iPWO91WLTdJn5qK_ggLEw==
x-cache-hits: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EA56 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://itwire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 440
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 12 May 2022 17:19:12 GMT
expires: Fri, 12 May 2023 17:19:12 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4775 783 B
535 B 17ms
17ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

95a6dd04391be3c28296d0a6a45b2d32d6c57d5488bd955d05c365951865fad5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uK68lGAOis7ld+JWjmzvRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://itwire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-uK68lGAOis7ld+JWjmzvRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 12 May 2022 17:26:32 GMT
expires: Thu, 12 May 2022 17:26:32 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4775 0
0 71ms
55ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022050901&jk=2918392569028600&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2 200 get
c.disquscdn.com/ Frame BC94 7 KB
8 KB 54ms
52ms Image
image/jpeg 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fitwire.com%2Fmedia%2Fk2%2Fitems%2Fcache%2F5223c0234f87cbf78044246af343dd95_XS.jpg&key=Hz7ijo4k0kFN55weJIFFQg&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

480d6c14ff719c8a234e1cc26fd5537d63317fc079ab00e6fdc2b77c2df63bf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 20 Apr 2022 10:54:17 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 1924336
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 7158
x-xss-protection: 1; mode=block
x-served-by: static-web-1
referrer-policy: same-origin
server: nginx
x-cache-hits: 0
content-type: image/jpeg
cache-control: max-age=2592000
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
x-amz-cf-id: KAX_fDrLhXLGCI8TzhyeFaGLwh3OvsoEsmLD79g-cu359eMcIYk1Zg==
expires: Fri, 20 May 2022 10:54:17 GMT

GET
H2 200 get
c.disquscdn.com/ Frame BC94 5 KB
6 KB 56ms
55ms Image
image/jpeg 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fitwire.com%2Fmedia%2Fk2%2Fitems%2Fcache%2F6737842cca50207557079acef03185cf_XS.jpg&key=11oNdVw3UGeJptYPBGY2vA&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

8aeb0ede2f0efe38f10834eea3a7e66f38a8609005af1e2192ed1271fbd2f011

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 05:29:38 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 1166214
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 5145
x-xss-protection: 1; mode=block
x-served-by: static-web-1
referrer-policy: same-origin
server: nginx
x-cache-hits: 0
content-type: image/jpeg
cache-control: max-age=2592000
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
x-amz-cf-id: 7SQeszICnDfECvftd_cKvmdLTa5YgLGPMZrGGIM36db_pisSnWZOgQ==
expires: Sun, 29 May 2022 05:29:38 GMT

GET
H2 200 get
c.disquscdn.com/ Frame BC94 5 KB
6 KB 54ms
53ms Image
image/jpeg 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fitwire.com%2Fmedia%2Fk2%2Fitems%2Fcache%2F9ff767664314c0a46a6e2bfe38e7b2d7_XS.jpg&key=r1vTEk4fIU4Pk91kzaTNXw&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

62ddf8c3a2118bbd365fd28fb2d261b63225c9f6c4cd6cef3aa7b6f0df20a39f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 02 May 2022 08:24:24 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 896529
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 5345
x-xss-protection: 1; mode=block
x-served-by: static-web-1
referrer-policy: same-origin
server: nginx
x-cache-hits: 0
content-type: image/jpeg
cache-control: max-age=2592000
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
x-amz-cf-id: L0fmEB2E_YfCtgVWz_9_Ok6XR1V6Fxo1aH2O8cOJmwOOEWyKw_5zzw==
expires: Wed, 01 Jun 2022 08:24:24 GMT

GET
H2 200 get
c.disquscdn.com/ Frame BC94 5 KB
5 KB 61ms
60ms Image
image/jpeg 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fitwire.com%2Fmedia%2Fk2%2Fitems%2Fcache%2Fee3e733c56a91b6bb9c96fc858de0863_XS.jpg&key=3XPm3Q7I2Tv2TYPe74docg&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

8e5d91a0b3c4f157767882e5d1d4399ca1d6acbffd85d3c49fabb826c4b2ab30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 21:27:04 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 1195169
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 4736
x-xss-protection: 1; mode=block
x-served-by: static-web-2
referrer-policy: same-origin
server: nginx
x-cache-hits: 0
content-type: image/jpeg
cache-control: max-age=2592000
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
x-amz-cf-id: EVTX3bJ7OLHq0-0c5iMqATsPMJbHkSVcbswoNWmLUzSbe_bpapgj3A==
expires: Sat, 28 May 2022 21:27:04 GMT

GET
H2 200 get
c.disquscdn.com/ Frame BC94 4 KB
4 KB 49ms
48ms Image
image/jpeg 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fitwire.com%2Fmedia%2Fk2%2Fitems%2Fcache%2F5786e9b64b8c498d8980f660c7b03a13_XS.jpg&key=WG5j6asIdf9dI7dd5GR0ig&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

547aba21a076c054a93297885bfce66127f32cc4919aef3e5ed11d08a907fdd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 03 May 2022 17:03:50 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 778963
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 3923
x-xss-protection: 1; mode=block
x-served-by: static-web-2
referrer-policy: same-origin
server: nginx
x-cache-hits: 0
content-type: image/jpeg
cache-control: max-age=2592000
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
x-amz-cf-id: uqflcc0iKxSiY7mJ6hjwpskNhz5KMDECgd4nXQXLLKu9uAJ7baZoSA==
expires: Thu, 02 Jun 2022 17:03:50 GMT

GET
H2 200 get
c.disquscdn.com/ Frame BC94 5 KB
5 KB 67ms
66ms Image
image/jpeg 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fitwire.com%2Fmedia%2Fk2%2Fitems%2Fcache%2Fa1f080b0596b9093473183efdaa2b3de_XS.jpg&key=-iOH-tASE7fAJwlJ3KbEzQ&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

604263336cb5047803ec55b5bd9bf1423b572b975b33e94b03e33ae9b200f30f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 02:01:21 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 141912
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 4906
x-xss-protection: 1; mode=block
x-served-by: static-web-1
server: nginx
x-cache-hits: 0
content-type: image/jpeg
cache-control: max-age=2592000
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
x-amz-cf-id: HF1X2UrSWtviVmJN0HqHicQvdkfz5zDgNC7rcWjIzAFrkLRcvOL00A==
expires: Fri, 10 Jun 2022 02:01:21 GMT

GET
H2 200 get
c.disquscdn.com/ Frame BC94 5 KB
6 KB 65ms
64ms Image
image/jpeg 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fitwire.com%2Fmedia%2Fk2%2Fitems%2Fcache%2F593a36da1c076fd0cb6987a5d4b8b6bf_XS.jpg&key=NNwTb8S3HYmUhPQC0rgKrA&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7a067a802058af9e9df8c7303f7e0c99fd5754555ce5b04661b9af6cb7800506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 22:57:30 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 2053743
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 5598
x-xss-protection: 1; mode=block
x-served-by: static-web-1
referrer-policy: same-origin
server: nginx
x-cache-hits: 0
content-type: image/jpeg
cache-control: max-age=2592000
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
x-amz-cf-id: H04GcDFRel7lsr4CrAcjyJ9kiXB-gMvronva7X60yPB0hrjwivXPNg==
expires: Wed, 18 May 2022 22:57:30 GMT

GET
H2 200 get
c.disquscdn.com/ Frame BC94 2 KB
3 KB 50ms
50ms Image
image/jpeg 2600:9000:20ae:fc00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fitwire.com%2Fmedia%2Fk2%2Fitems%2Fcache%2F7446176d1a1c7c86c962d9bf60fbbca7_XS.jpg&key=9c2UxyQjdtTy9UJOd10pfA&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:fc00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

24ec6d85f1507c3c5efdb629cfcdbf39b6beb30b08c59e641d4a1ede1202fe0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 03 May 2022 04:44:18 GMT
via: 1.1 66e7ff48bbb7e14aaadccfbad3f73cbe.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 823335
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 2473
x-xss-protection: 1; mode=block
x-served-by: static-web-1
referrer-policy: same-origin
server: nginx
x-cache-hits: 0
content-type: image/jpeg
cache-control: max-age=2592000
x-amz-cf-pop: WAW50-C1
accept-ranges: bytes
x-amz-cf-id: 8cZ82WJlmIogAx2RZTCxxhUtypLeoSwgkaM5Do9h2SAARfwXlrecwA==
expires: Thu, 02 Jun 2022 04:44:18 GMT

GET
H3 200 87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js Show response
pagead2.googlesyndication.com/bg/ Frame EA56 35 KB
13 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 07:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 208290
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13472
x-xss-protection: 0
last-modified: Mon, 02 May 2022 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 May 2023 07:35:03 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: itwire.com
URL: https://itwire.com/media/com_jchoptimize/cache/js/1b4778f91aa208954adc0b1f291a028d.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4044
date: Thu, 12 May 2022 16:19:09 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 12 May 2022 18:19:09 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
7ms Image
image/gif 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2144042819&t=event&_s=1&dl=https%3A%2F%2Fitwire.com%2Fguest-articles%2Fguest-research%2Fmandiant-warns-of-incontroller-ics-malware.html%3Fmkt_tok%3DNTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw&dr=https%3A%2F%2Fpages.mandiant.com%2F&ul=en-us&de=UTF-8&dt=iTWire%20-%20Mandiant%20warns%20of%20Incontroller%20ICS%20malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Pop-up&ea=open&el=Box%20%2349%20-%20Corinium&_u=CCCAgEABC~&jid=&gjid=&cid=978956477.1652376392&tid=UA-38385927-1&_gid=1685629270.1652376392&z=632988264

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 May 2022 20:28:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 75490
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EA56 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?zzYU2A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 17:26:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H/1.1 200
OK ping Show response
links.services.disqus.com/api/ 353 B
781 B 70ms
43ms XHR
text/javascript 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/ping
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 91e4dff3accec3b37292c191e5f4a276b274bdd9d9ebe611188384d6526f1519

Request headers

Referer: https://itwire.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 12 May 2022 17:26:33 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://itwire.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 353
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sync.gif
links.services.disqus.com/api/ 43 B
375 B 38ms
36ms Image
image/gif 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 12 May 2022 17:26:33 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK domains Show response
links.services.disqus.com/api/ 41 B
468 B 53ms
33ms XHR
text/javascript 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/domains
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 7cf06b0e3e3f3e8f15e118766e03af19f5ddab22bee4849fec823fb0276e5041

Request headers

Referer: https://itwire.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 12 May 2022 17:26:33 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://itwire.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 41
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK domains Show response
links.services.disqus.com/api/ 42 B
469 B 36ms
36ms XHR
text/javascript 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/domains
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 098c0309850d1dd5651a1f5466e04f80f62b338e33fde82fcf1938a78f546dbd

Request headers

Referer: https://itwire.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 12 May 2022 17:26:33 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://itwire.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0716 42 B
64 B 59ms
42ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuGpeCcUwY17yu3oBFjkPChDxr1gbsfXU-9H7OASvEcj4IFSvIuCRZmyK7Gd65hvNFlBdKWLwdLpIXNcpDAUNpro46wRNx8sFGQd-oB7pwvUDVF3pZA&sig=Cg0ArKJSzLwL3XhE9g6xEAE&id=lidar2&mcvt=1151&p=270,1037,520,1337&mtos=1151,1151,1151,1151,1151&tos=1151,0,0,0,0&v=20220509&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=722149785&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652376392420&rpt=123&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 May 2022 17:26:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E245 42 B
64 B 58ms
42ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst_5I6XaHlOYS3_LeQ6WBJChP0tqFoCo9BlLUsN1q7UoJb4ZxNWyNVX-0hhPIGu-GIDpjUF6C0G656XT_-fkVn1wXwXTcBXS8EUP_fZhXdv70hsR2ar&sig=Cg0ArKJSzFVDUutIYlSGEAE&id=lidar2&mcvt=1050&p=64,439,154,1167&mtos=1050,1050,1050,1050,1050&tos=1050,0,0,0,0&v=20220509&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=4066883799&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652376392414&rpt=234&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 May 2022 17:26:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7473 42 B
64 B 55ms
41ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthkZFUIpoC4ltp63xxaWrSIcCy4MJSh80jiOMky9g3kbIt9A06wbRrpwxrwrhOd_Gi3aWlnFe44XbMM6TVlnZ39oNI6zJw5wmHHYqpEhftkXrmboMS&sig=Cg0ArKJSzPzdiWA7pA4FEAE&id=lidar2&mcvt=1051&p=634,1037,884,1337&mtos=1051,1051,1051,1051,1051&tos=1051,0,0,0,0&v=20220509&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=1491631762&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652376392425&rpt=211&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 May 2022 17:26:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2AF5 42 B
64 B 56ms
43ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss62w7qBpoGnFdMmZfFgg83XTktcEOwErll4vNNyRn_5TXTsyqGmsiSH6c74aL5NPRxxR0Eau_zXkgGJ7L2CSU5sdgQQRV2Fypq0BSgoZ2Kd8Si9qMI&sig=Cg0ArKJSzNbijKsmIVqIEAE&id=lidar2&mcvt=1052&p=64,1170,154,1350&mtos=1052,1052,1052,1052,1052&tos=1052,0,0,0,0&v=20220509&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=888817850&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652376392368&rpt=246&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 May 2022 17:26:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 115ms
114ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022050901&jk=2918392569028600&bg=!uLulu__NAAZX5TVhd-U7ACkAdvg8WoZRnoh91fj8C-oaytpCansLP1Eg4HX4CTAZBq5g2jI1T5k-3AIAAABuUgAAAAJoAQeZAqeHNvm7lmmcfHFgRUnqApGnvlnoQmB_kkOEheMQKaiQZEPTIoNFwVOUxT9hdHdMXD_T76dplCxYZpWmOCQ4Cv_dxFDE4P4vYcuKHnvLuzAZH70gy7nTPpMwtrnjTMtO51txmHv_pFna2rSrjEjP8KxuH2cDdt1-UtS5vaOxEpG9UeknUwhHmuYRultgWpcRqZlq39NiHH6LT-6FiJWmsnyN4F57Vn_XyrZSPr3H0GHy2oo_dfFmaCqeh1mbjGtxo-0quxgLv7EH7wsg0g3GYUndafMUWLbsWDGEvj1OYKbFE4HPvYo85ingktSa4uewrU1QFtp1M_szcItC5PyP1lmTtH7aq3kz3_OlLcU5Qi1A2g_MwPPRWzAaf1TOq-F4U5-7hSx7d5xUiM3wgE13ZoVqkM9ZaQxcu1-0uRJhXvM5AW528S9qIINNmZJ0748Z7lVOQYbiMu2xO0MoqJkht67wm-cK-nmZ_DfF9e_Mz_BwtA0913WcQwdB_qJVDYrXuGRgb4D7FLXRLYy-fbpPkM4xcXy3DaGxgi93x0meffhCU3pUuspPDYbM1HWLazO_EK94y6HqsG5BSuzn81AvP1ts-CEAuEmT7ZR8Bv2yG8UBVeoC4BTRpl8RBC4zThgsOqW6Q33UfgL8xAfytrJG_MR-umdoqlXliZgAFjCPRTs2hNx1EZvZlGNuFOZRJsQmkfgl1yd8PHVn_cOfHbVrdSpqnbfmqflznwcCXcBu0WdBb9v68hZyUFKkGuDiwKsyxUHBXfRt5ByCrjD_p9Rqpk8AftMtHfKc-q6LLh-g14cl8S3bbW9V7rI1Trpn4wEjp48cj_Vv7KATI4Otaf4Ii4ZBcRsg2MSF3LkiK6bSjW3OzxQvvBaRjbmUjga3_sciiC9I4q_JFtWX
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://itwire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

149 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
pages.mandiant.com/	1969-12-31 23:59:59	Name: BIGipServerab_mailtracking_80 Value: !93roBdRyB8SgTuvaQbCLRqc3TBcuinyXzlFm6OrKk9d0cLMKt38Znou2/cWvwyjc7lBxFtSrmmUoy+I=
.pages.mandiant.com/	1970-01-20 02:59:38	Name: __cf_bm Value: 6SuypikqJFThK1h9P3twZ3LTcEL6kwreQVOm4Pdw5TI-1652376388-0-AYpMoKgwOWlQ52stgWzA7ewP9enxdL81eG8mDCI2eR/6xs34v7FsdWmqcYa7y9iDshGCW4VekP3TDttSwFj9mbM=
itwire.com/	1969-12-31 23:59:59	Name: 4ed59069e9b3a8f3da7e9add8084ea3d Value: 6fb3b92ac79fa0c1a617ee7c8e49d14d
.itwire.com/	1970-01-20 20:30:48	Name: _ga Value: GA1.2.978956477.1652376392
.itwire.com/	1970-01-20 03:01:02	Name: _gid Value: GA1.2.1685629270.1652376392
.itwire.com/	1970-01-20 02:59:36	Name: _gat Value: 1
.itwire.com/	1970-01-20 20:30:48	Name: sc_is_visitor_unique Value: rx4176767.1652376392.8B32F9C7568B4FBF7B48EFA8D5688D7B.1.1.1.1.1.1.1.1.1
.statcounter.com/	1970-01-21 22:48:12	Name: is_unique Value: sc4176767.1652376391.0
itwire.com/	1970-01-20 05:13:31	Name: onwbchtSound Value: 1
itwire.com/	1970-01-20 07:23:07	Name: onwbchtblocked Value: 0
itwire.com/	1970-01-20 05:13:31	Name: onwbchttimesVisited Value: 1
.quantserve.com/	1970-01-20 12:29:50	Name: mc Value: 627d4347-db101-86dd5-776ae
.itwire.com/	1970-01-20 12:24:05	Name: __qca Value: P0-1082422906-1652376391873
itwire.com/	1970-01-20 11:45:12	Name: onwbchtsessionrandom Value: 220451
itwire.com/	1970-01-20 05:13:31	Name: onwbchtlastvisit Value: 2022-5-12
itwire.com/	1970-01-20 11:45:12	Name: onwbchtclientid Value: 307752903
.itwire.com/	1970-01-20 12:21:12	Name: __gads Value: ID=0fe294504162050d-2253e28e93cd00ed:T=1652376391:S=ALNI_Maf3FQ1KSvt48VOyeb43VqJo0R7ng
.doubleclick.net/	1970-01-20 12:21:12	Name: IDE Value: AHWqTUlMTcjBjq_K97EYNeEIsTktnNf9zCXNKgEifGWoIYeRLL14VCCWKw1vVKlk1YA
disqus.com/	1970-01-20 02:59:38	Name: __jid Value: 25cguel266155p
.disqus.com/	1970-01-20 11:45:12	Name: disqus_unique Value: 25cgui13a6ppq9
itwire.com/	1970-01-21 03:59:36	Name: nrid Value: 1a1fafa34d2b35aa

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw(Line 894) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://secure.statcounter.com/counter/counter.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://itwire.com/guest-articles/guest-research/mandiant-warns-of-incontroller-ics-malware.html?mkt_tok=NTY1LVBFSS05NTIAAAGEVkIOTJULkE5YSW3D35Wep4MMu6m_bz19g4D_X0OxFP6xw3Gz_aC_3GcA8YZi5ck7Zoy9-Wqb2iIiobEQYgD07YIhLINbYPBVTuhK_Frw(Line 894) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://secure.statcounter.com/counter/counter.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://itwire.com/templates/ja_nex/images/icon-twitter-bt.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://itwire.com/templates/ja_nex/images/icon-facebook-bt.png Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; img-src 'self';script-src 'self' 'sha256-ePvPR3cn72fuHVQBK09ahm3MnsqJ49FRCbm5cdCOUmc=';object-src 'none';form-action 'none';frame-src 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2c99126c99a9b78edbf633a547dbd694.safeframe.googlesyndication.com
a.disquscdn.com
adservice.google.com
adservice.google.de
c.disquscdn.com
c.statcounter.com
cdn.viglink.com
cdnjs.cloudflare.com
disqus.com
fonts.googleapis.com
fonts.gstatic.com
itwire.com
itwire.disqus.com
links.services.disqus.com
pagead2.googlesyndication.com
pages.mandiant.com
pixel.quantserve.com
referrer.disqus.com
rules.quantcount.com
secure.quantserve.com
secure.statcounter.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.onwebchat.com
101.0.65.50
104.17.73.206
104.20.229.67
142.250.185.66
151.101.128.134
199.232.192.64
199.232.196.134
199.232.198.49
2600:9000:20ae:fc00:6:8656:f5c0:93a1
2600:9000:2315:8400:6:44e3:f8c0:93a1
2606:4700::6810:a00d
2606:4700::6811:180e
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:802::2002
2a00:1450:4001:808::2001
2a00:1450:4001:809::200a
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:813::2001
2a00:1450:4001:828::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2002
54.171.144.161
010c2e34dbc2aaadf863b6025f837d39a6d507fcb2389f306875b60242429822
02930f00dfaeed3ddcfeb7632f102f8c420302aaeedff7dc6b0a9cd4ac7300aa
081d1ad7c7dfc87352920c3787304daa941f32d64931f5e39fbdc5fbcb26664f
091472df015e6b258e179ae19265bb52356cd9a0aca2600f69980e4c2c093da7
098c0309850d1dd5651a1f5466e04f80f62b338e33fde82fcf1938a78f546dbd
11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a
1268c71905211085b0ee4ab4f0c1a5b98138d84fb0b448680c3569725b4cb3ae
195286a8bbab6d00a6ffab517c4d90116206538c9cf3029b2da85f6991893cfc
1ec88e885c117a31b27b4ec7a6bbb8aa94b028aa41249ddd4d011eed2bc580c7
1f1cf7bd9e3c3ba3be3b5d7854ef5d5c9572aed530916d0e6182310f2fd23ca6
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
2145b197e48c625d76c06e10318c51ff6678ee6ac5c652a4f4088195abf17c32
24ec6d85f1507c3c5efdb629cfcdbf39b6beb30b08c59e641d4a1ede1202fe0b
25b2f9fad5ce7e9052da7595f6f80e790c7e906dd10bb2796b1e4b164fb9bfa4
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2ab954cf803f8473417a13d502bc7dfba9884317b2ae54b3ca9ee20cb42c6840
2c0f90dbab56a1b5112f72da04c142ce14d447d4cdb3ba2ee0a744f91d1f4a0a
2cef44fcbec04ee4e5604ce986c7ac6cd536618b4d3c8acde77660cb7e389e31
2f83e6036c67a97fea9f25eeb37019e5693b573f2abec847040419a635c4e64e
317cd1ea02f28e6a7d47716b9a8a8ce59ece347b606697ea63257836795ef627
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
32fd41d731cfca48bd5de986c853d6831f461d99facd921cc083b427ee692153
3301a14f839072c3d84e2e6d6019f3b6d2ad2aaefedd02a67dbd0c41832e86ff
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
3799af4e438c74187ed47bd396db6a74ac282b195987ffd5e47400e9252749a9
3ca74d29ced3561beffa6cfb2afd2715b0260a4907cc8d6fefd069c0c7d7ddd5
3cb1d46cf091f5277135d1bd3456598754c616afdae7654d7bf1a2ea87f985d0
3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb
3eee15d11eb29b6f2258cabfeeca39b3b900a7cae96fc7919b27789f3470b9f9
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
427cf530861f76c89c9a5a767cd4c0a9cd81e2a19880cfb8ee0aa6b4f8ce4788
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46f260d0f1ef12daf34c2b4bed6ed0a664484071f1fb40a578741a9d79d1767f
480d6c14ff719c8a234e1cc26fd5537d63317fc079ab00e6fdc2b77c2df63bf3
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907
4ef894d7c2274656fe54a71c63ee6c204a3585d533ac281614eb54df129e919f
4f2426a9ba3a69484b59c28fe75665b51a3f779d1cb359e426f2c0d8552697f4
4f26ecfc3fa7e6ee6de449aa3a121e113a05d64f2d0e7c379a9c2373451069ef
4f594ee0aa3c94e1786290f3bf143c8e8a318e6d08f3fe6d1043e2274df74237
531e9af44c9c3cc163955e775a811007d736c385a4077335bbf258b9da3a4ea1
547aba21a076c054a93297885bfce66127f32cc4919aef3e5ed11d08a907fdd8
54ad84408709bbeafbae0188ec33d81bacf3f7019cf871374c99d2b52b2a1247
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5b79c3d8b042d767832af62a1766e7bc2ab90b0043036caf2f3ee84b70b8843b
5f9811380f3e1206d1c6fb11a3029efbdd1a43806b251ede9c507ded295acd9f
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
604263336cb5047803ec55b5bd9bf1423b572b975b33e94b03e33ae9b200f30f
6188135f984e2ff0352d6218a20717f620efda7d4644dfad19b792735a37cc8d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62ddf8c3a2118bbd365fd28fb2d261b63225c9f6c4cd6cef3aa7b6f0df20a39f
649012b332a2b49caadfc15c29bb643d81498c64f0a1c98941723902bfd0fe73
64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd
65308d3b0ee14eca6ace2f1fcea1ec8dbc444266ef803d3ee41f49e77f1679ff
67e20412839ef6162b0515930aa078d5f125d4b873ea8452a7bb982e261f2081
681fcade87d611663d6286f25e76c7a9bb994fef5e519c002d269b7bdce56c10
6a21bde2397cf7061572f67604fcbe76cd33dc1cbe84e2ff4519ddd6869b0099
746023e2560c82cdbf7252e3fdf2ac8a5b3ae37066058df28d71b05dfad58a87
74af217133cf8dd0a8be093dc568ebbe7ff93362a2286b53646420c3095f3691
7a067a802058af9e9df8c7303f7e0c99fd5754555ce5b04661b9af6cb7800506
7a6b4eed223dbc6571351878ab8da852a478aef8c917597d0be6a81eaa0b395f
7cf06b0e3e3f3e8f15e118766e03af19f5ddab22bee4849fec823fb0276e5041
7d251e5a947f0089b450fef99e28c0de91025bf5a4d6cc0c00289de402a3ff88
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
7e43e7f65a34f2c8add39ab9bfe96400e69fecac5a3c90066cd5bc561c509971
82347b68e5bf085e7bead889840d94fa93ec99bb81e6d50a9eb842619796605a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84517b4438237af7dc9b008019d72e64e685981284e6f297448435ca5deb5ada
8784042e14531617c1aef40d7623d3dd1d0b24730721c779e0c3ae86ed03990e
87a1ce40f862c3e099ecca9b74c2d15ae0f6b5506e8a2152bc4be9384eb80b4e
883cb76d4477b6d071f104d5c44d134c58bebcbba0fb8e181209270c4471cf1e
89a261190fb7d16fbfac7bf148e49dd9c3ea81d2b3a4b9f90429899add493b85
89a422cb7b8c024ae2dcef40b03e2eb2e31bd6ca5dedbd4362ceb43fa0b70ac3
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8aeb0ede2f0efe38f10834eea3a7e66f38a8609005af1e2192ed1271fbd2f011
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8e5d91a0b3c4f157767882e5d1d4399ca1d6acbffd85d3c49fabb826c4b2ab30
8f931f60a55c58028462cadf0c49671e7312d30c78ccd50797f315697968e872
91e4dff3accec3b37292c191e5f4a276b274bdd9d9ebe611188384d6526f1519
93530833a692fc04fbc3c67e0e8d4a07b6873ee9ed42e3a5d5662e768c29fa53
95a6dd04391be3c28296d0a6a45b2d32d6c57d5488bd955d05c365951865fad5
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
9846ff5f53af71c48c80e06368fca4b1d8c2f71b96f5255894d84b0969d47bfe
9b96fe0a7d9b194599c4a2982ba5efb84aa3999dae35fd93cc1c7e64659e20b4
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0bd9bfaf4def6656a9233d93df518c01be681326e72cd9e00aa73fd29702b83
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a61d76c569225503adc18e0ef5c959c9d8eb528966bc1b6085b298bd44df23c5
a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0
a6aa9e41c73328b4ab3c5f772d4470a4d47da2cf8434843e5f811b9e604dc674
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa61eb9fd8427b1bd849d8da1215aba5475895ee41369aacadacc79a4c56d398
b22c6381f9a3ff5fcc3d049354b0b8edf49ceee6c455a49b3e666ede8832c535
b4648b8d4875af3cd0752447c252189b32e793e124bcac595701327e85f61581
b682441f6f22c205ec30ae01997998e6346b1b3bf1ab498f398da151eb239de3
b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e
b902d7ba78659a80d05f31e599aba4dec14072711d49c42eb3188a716adaf642
b957d62f1d74b3111469d2621aeec643b4fbb40be37edb9b0aaacbe75c7b6c52
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c2424c2c64d584b3f2360ea6ebc0efd5359f07b96a5469833f4f09e4d44c24c3
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cced813da69e3a1d8c5f76fd08a76c891aa6439929e2bb7e10513b9bc89fc2d8
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0
d0adde3dbacff8517465f50351349787679009192ed6e7da116a05db571708d8
d3ba528397068da7f0dbf9f4c9dea23a1b8edc796e25364461a7076b138eeb46
d5b46b44f5ac824a8dd7e0e53d51ee32abe3acd6b1850d05cf1fedb62fce0cd0
db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984
dbffe4825c6ba1f19ff48607381ad4384b0609b64998830502c130f00abe887d
dc8217182c8e42850f33282cb2942ca1e1d94cd386d25e503276457d9b42f856
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
e14e57988f7e9fa2353c068a855d39e48624dc4f6d9c3af31c595f5839c7682c
e3ae0f120f30b95b1bc51b7440fb005c41cfc4560e3701763552c07b03a55a46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
e4a76eb8b93e2c19706f33a670089d8b96eac30a03d8aa64f3aba32392e2fc0e
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
ea68ce2553c9a6890e5c079936ddb541b987624eeb40b129a15d8d0aab77a2dc
eb2697b60c526a1d4980e0874700e7c2b4f43bb9292770f71bb4bb972506e415
eced437d4bb8a726d823bb80013c37e1e0eb81069618e7cc57ff1eadf0d0cff4
ede4fdbaa1ac707296953a78476c6f3225934a17e2491860abb2193c946cb591
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06
f63095ac2921fd77a7c5d1b519ae6fa58e9f1733cd522fd231b11efa169dc137
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7918176165033d8695b203a4afd1f9dcf4e208c02c72907ca88ec88f7b9b32f
ff3f38603fdc7a304a7a63e7f595196aa9196a0dfe7be01314361924dc29e01a
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

itwire.com Open in urlscan Pro 101.0.65.50 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

198 Requests

100 %HTTPS

63 %IPv6

18 Domains

27 Subdomains

25 IPs

5 Countries

3668 kBTransfer

7522 kBSize

21 Cookies

16 Outgoing links

Page URL History

Redirected requests

198 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

itwire.com Open in urlscan Pro
101.0.65.50 Public Scan

Screenshot
Live screenshot

Full Image

198
Requests

100 %
HTTPS

63 %
IPv6

18
Domains

27
Subdomains

25
IPs

5
Countries

3668 kB
Transfer

7522 kB
Size

21
Cookies

198 HTTP transactions
9 data transactions