urlscan.io logo urlscan.io
SecurityTrails logo

www.itpro.com Open in urlscan Pro
151.101.130.114  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://futureplc.slgnt.eu/optiext/optiextension.dll?ID=0wx0rI0koaJtWuBrss5bXUfh3GPJIwv8yHORGwIeQAbQ8dzKCLxuFKRZTzhWJkZaNJf...
Effective URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-net...
Submission: On August 05 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 120 IPs in 5 countries across 86 domains to perform 364 HTTP transactions. The main IP is 151.101.130.114, located in San Francisco, United States and belongs to FASTLY, US. The main domain is www.itpro.com.
TLS certificate: Issued by R11 on July 16th 2024. Valid for: 3 months.
This is the only time www.itpro.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
2 151.101.130.114 54113 (FASTLY)
24 2600:9000:26c... 16509 (AMAZON-02)
4 2600:9000:20e... 16509 (AMAZON-02)
10 18.238.55.102 16509 (AMAZON-02)
14 151.101.2.114 54113 (FASTLY)
11 2600:9000:261... 16509 (AMAZON-02)
1 2600:9000:220... 16509 (AMAZON-02)
4 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:21d... 16509 (AMAZON-02)
4 2607:f8b0:400... 15169 (GOOGLE)
4 18.238.49.91 16509 (AMAZON-02)
1 52.85.131.58 16509 (AMAZON-02)
1 18.238.80.52 16509 (AMAZON-02)
3 52.17.165.159 16509 (AMAZON-02)
3 2600:9000:21d... 16509 (AMAZON-02)
1 34.225.45.248 14618 (AMAZON-AES)
1 52.205.167.202 14618 (AMAZON-AES)
1 35.190.59.101 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
4 5 2600:9000:26c... 16509 (AMAZON-02)
1 20.49.104.19 8075 (MICROSOFT...)
1 2600:9000:220... 16509 (AMAZON-02)
9 209.85.144.101 15169 (GOOGLE)
3 173.194.175.97 15169 (GOOGLE)
1 3 2001:4860:480... 15169 (GOOGLE)
2 2a03:2880:f00... 32934 (FACEBOOK)
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
2 7 34.117.77.79 396982 (GOOGLE-CL...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
7 34.248.170.187 16509 (AMAZON-02)
1 3.162.103.73 16509 (AMAZON-02)
1 2600:1408:c40... 20940 (AKAMAI-ASN1)
1 2600:9000:211... 16509 (AMAZON-02)
1 35.241.9.51 15169 (GOOGLE)
4 8 68.67.160.186 29990 (ASN-APPNEX)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 108.138.115.149 16509 (AMAZON-02)
1 18.134.80.43 16509 (AMAZON-02)
12 142.251.163.155 15169 (GOOGLE)
1 13.35.93.71 16509 (AMAZON-02)
1 18.238.80.119 16509 (AMAZON-02)
1 37.19.207.34 60068 (CDN77 _)
1 172.253.62.157 15169 (GOOGLE)
10 2a04:4e42:400... 54113 (FASTLY)
1 52.73.249.18 14618 (AMAZON-AES)
2 34.95.69.49 396982 (GOOGLE-CL...)
4 34.107.254.252 396982 (GOOGLE-CL...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 74.125.192.148 15169 (GOOGLE)
1 2600:1408:540... 20940 (AKAMAI-ASN1)
1 18.160.10.80 16509 (AMAZON-02)
1 3 54.86.2.203 14618 (AMAZON-AES)
2 2 35.244.154.8 396982 (GOOGLE-CL...)
3 4 52.223.40.198 16509 (AMAZON-02)
3 4 34.199.95.167 14618 (AMAZON-AES)
2 3 3.230.62.22 14618 (AMAZON-AES)
1 108.138.128.28 16509 (AMAZON-02)
2 104.18.35.167 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 157.240.229.1 32934 (FACEBOOK)
14 2a03:2880:f10... 32934 (FACEBOOK)
2 130.211.23.194 396982 (GOOGLE-CL...)
2 13.32.151.21 16509 (AMAZON-02)
1 152.199.5.228 15133 (EDGECAST)
3 2607:f8b0:400... 15169 (GOOGLE)
2 4 18.154.227.84 16509 (AMAZON-02)
12 2607:f350:3:2... 27630 (AS-XFERNET)
1 4 172.64.151.101 13335 (CLOUDFLAR...)
1 52.5.0.17 14618 (AMAZON-AES)
2 23.52.9.13 16625 (AKAMAI-AS)
1 1 23.9.159.188 16625 (AKAMAI-AS)
2 23.55.205.215 16625 (AKAMAI-AS)
4 4 3.225.218.10 14618 (AMAZON-AES)
4 2600:9000:251... 16509 (AMAZON-02)
4 4 35.211.178.172 19527 (GOOGLE-2)
1 1 52.90.184.229 14618 (AMAZON-AES)
1 195.244.31.11 63140 (IGUANA-WO...)
1 18.210.96.54 14618 (AMAZON-AES)
6 2600:9000:250... 16509 (AMAZON-02)
3 3 34.98.64.218 396982 (GOOGLE-CL...)
1 1 2607:f350:3:2... 27630 (AS-XFERNET)
2 2 52.45.43.30 14618 (AMAZON-AES)
2 3 52.223.22.214 16509 (AMAZON-02)
1 1 67.202.105.24 32748 (STEADFAST)
2 8.28.7.81 62713 (AS-PUBMATIC)
2 207.65.37.179 62713 (AS-PUBMATIC)
1 69.173.154.9 26667 (RUBICONPR...)
2 34.206.91.202 14618 (AMAZON-AES)
2 3.162.125.30 16509 (AMAZON-02)
2 3.222.206.48 14618 (AMAZON-AES)
1 3 35.244.193.51 15169 (GOOGLE)
3 18.164.99.9 16509 (AMAZON-02)
5 174.129.126.64 14618 (AMAZON-AES)
4 2602:803:c002... 26667 (RUBICONPR...)
1 74.119.117.6 19750 (AS-CRITEO)
2 147.75.195.77 54825 (PACKET)
1 1 2600:1f18:730... 14618 (AMAZON-AES)
1 3.225.72.197 14618 (AMAZON-AES)
4 4 209.85.144.155 15169 (GOOGLE)
1 1 198.8.71.130 54312 (ROCKETFUEL)
2 2 34.36.216.150 396982 (GOOGLE-CL...)
2 2 34.111.113.62 396982 (GOOGLE-CL...)
1 1 54.197.190.99 14618 (AMAZON-AES)
1 1 216.200.232.249 6461 (ZAYO-6461)
1 1 185.184.8.90 204995 (RTB-HOUSE...)
1 1 63.251.28.231 13789 (INTERNAP-...)
2 2 198.148.27.131 19189 (PULSEPOINT)
1 1 69.173.146.5 26667 (RUBICONPR...)
1 1 8.28.7.83 62713 (AS-PUBMATIC)
4 54.157.99.80 14618 (AMAZON-AES)
1 52.46.155.104 16509 (AMAZON-02)
3 2607:f8b0:400... 15169 (GOOGLE)
5 2607:f8b0:400... 15169 (GOOGLE)
9 142.251.16.157 15169 (GOOGLE)
11 172.66.42.247 13335 (CLOUDFLAR...)
1 2a04:4e42:200... 54113 (FASTLY)
2 216.239.34.181 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 18.238.49.15 16509 (AMAZON-02)
1 52.94.231.7 16509 (AMAZON-02)
3 2607:f8b0:400... 15169 (GOOGLE)
2 2620:100:a00b::4 19750 (AS-CRITEO)
4 2600:9000:247... 16509 (AMAZON-02)
3 172.66.41.9 13335 (CLOUDFLAR...)
2 18.164.124.93 16509 (AMAZON-02)
2 3.231.77.198 14618 (AMAZON-AES)
1 34.107.165.188 396982 (GOOGLE-CL...)
1 18.205.222.134 14618 (AMAZON-AES)
1 2600:9000:261... 16509 (AMAZON-02)
1 23.221.240.246 16625 (AKAMAI-AS)
1 104.18.38.76 13335 (CLOUDFLAR...)
1 2600:9000:23c... 16509 (AMAZON-02)
8 2600:1f18:1ac... 14618 (AMAZON-AES)
1 108.139.29.127 16509 (AMAZON-02)
1 2 2600:9000:26f... 16509 (AMAZON-02)
1 2600:9000:247... 16509 (AMAZON-02)
4 2600:9000:251... 16509 (AMAZON-02)
6 104.18.30.150 13335 (CLOUDFLAR...)
2 34.193.77.136 ()
364 120
1    2606:4700::6811:7912 (United States)

ASN13335 (CLOUDFLARENET, US)
futureplc.slgnt.eu
2    151.101.130.114 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.itpro.com
24    2600:9000:26c1:4000:6:4010:e280:93a1 (United States)

ASN16509 (AMAZON-02, US)
vanilla.futurecdn.net
4    2600:9000:20e2:9000:1b:ce45:6040:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.mos.cms.futurecdn.net
10    18.238.55.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-55-102.jfk52.r.cloudfront.net
cdn.privacy-mgmt.com
14    151.101.2.114 (San Francisco, United States)

ASN54113 (FASTLY, US)
search-api.fie.futurecdn.net
slice.vanilla.futurecdn.net
11    2600:9000:261f:5400:5:a6be:f9c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
bordeaux.futurecdn.net
1    2600:9000:2209:7200:15:a2ae:35c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
champagne.futurecdn.net
4    2607:f8b0:400d:c0e::64 (Morganton, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
ampcid.google.com
1    2606:4700::6812:1f20 (United States)

ASN13335 (CLOUDFLARENET, US)
6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
1    2600:9000:21dd:2a00:19:ee95:9600:93a1 (United States)

ASN16509 (AMAZON-02, US)
freyr.futurecdn.net
4    2607:f8b0:400d:c0b::61 (Morganton, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
4    18.238.49.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-91.jfk52.r.cloudfront.net
uk-script.dotmetrics.net
1    52.85.131.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-131-58.iad50.r.cloudfront.net
cdn.parsely.com
1    18.238.80.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-52.jfk52.r.cloudfront.net
mos.fie.futurecdn.net
3    52.17.165.159 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-165-159.eu-west-1.compute.amazonaws.com
eventsproxy.gargantuan.futureplc.com
3    2600:9000:21dd:d000:12:b587:d880:93a1 (United States)

ASN16509 (AMAZON-02, US)
ads.servebom.com
1    34.225.45.248 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-45-248.compute-1.amazonaws.com
sommelier.futurehybrid.tech
1    52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com
p1.parsely.com
1    35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com
r.skimresources.com
2    2607:f8b0:400d:c0f::9b (Morganton, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
5    2600:9000:26c1:4600:1:a3fa:7cc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.jwplayer.com
1    20.49.104.19 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
sr.studiostack.com
1    2600:9000:2209:7000:1:a3fa:7cc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
content.jwplatform.com
9    209.85.144.101 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: qv-in-f101.1e100.net
www.google-analytics.com
3    173.194.175.97 (United States)

ASN15169 (GOOGLE, US)
PTR: qs-in-f97.1e100.net
www.googletagmanager.com
3    2001:4860:4802:34::181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
2    2a03:2880:f003:100:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2606:4700:20::681a:932 (United States)

ASN13335 (CLOUDFLARENET, US)
futureplc-com.videoplayerhub.com
1    2606:4700:10::ac43:293c (United States)

ASN13335 (CLOUDFLARENET, US)
btloader.com
7    34.117.77.79 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com
ml314.com
1    2606:4700:20::ac43:45bf (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.brandmetrics.com
7    34.248.170.187 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-170-187.eu-west-1.compute.amazonaws.com
p.cpx.to
s.cpx.to
1    3.162.103.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-103-73.iad61.r.cloudfront.net
cdn.p-n.io
1    2600:1408:c400:9::17cd:6986 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
functions.adnami.io
1    2600:9000:211c:de00:d:5ce3:a4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rm-script.dotmetrics.net
1    35.241.9.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.9.241.35.bc.googleusercontent.com
6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co
8    68.67.160.186 (Colonia, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
secure.adnxs.com
1    2606:4700::6812:1791 (United States)

ASN13335 (CLOUDFLARENET, US)
cadmus.script.ac
4    108.138.115.149 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-115-149.jfk50.r.cloudfront.net
c.amazon-adsystem.com
1    18.134.80.43 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-134-80-43.eu-west-2.compute.amazonaws.com
prod.euid.eu
12    142.251.163.155 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f155.1e100.net
securepubads.g.doubleclick.net
1    13.35.93.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-93-71.jfk50.r.cloudfront.net
cdn.adsafeprotected.com
1    18.238.80.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-119.jfk52.r.cloudfront.net
ats-wrapper.privacymanager.io
1    37.19.207.34 (Ashburn, United States)

ASN60068 (CDN77 _, GB)
PTR: 37-19-207-34.bunnyinfra.net
cdn.pbxai.com
1    172.253.62.157 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f157.1e100.net
stats.g.doubleclick.net
10    2a04:4e42:400::626 (United States)

ASN54113 (FASTLY, US)
ssl.p.jwpcdn.com
assets-jpcust.jwpsrv.com
1    52.73.249.18 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-249-18.compute-1.amazonaws.com
in.ml314.com
2    34.95.69.49 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.69.95.34.bc.googleusercontent.com
i.clean.gg
4    34.107.254.252 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 252.254.107.34.bc.googleusercontent.com
api.permutive.com
2    2606:4700:20::681a:246 (United States)

ASN13335 (CLOUDFLARENET, US)
ad-delivery.net
1    74.125.192.148 (United States)

ASN15169 (GOOGLE, US)
PTR: qn-in-f148.1e100.net
ad.doubleclick.net
1    2600:1408:5400:19::173e:e619 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
macro.adnami.io
1    18.160.10.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-10-80.iad12.r.cloudfront.net
config.aps.amazon-adsystem.com
3    54.86.2.203 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-86-2-203.compute-1.amazonaws.com
dpm.demdex.net
2    35.244.154.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
4    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
4    34.199.95.167 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-95-167.compute-1.amazonaws.com
sync.crwdcntrl.net
bcp.crwdcntrl.net
3    3.230.62.22 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-62-22.compute-1.amazonaws.com
ps.eyeota.net
1    108.138.128.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-28.jfk50.r.cloudfront.net
tags.crwdcntrl.net
2    104.18.35.167 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn-ima.33across.com
1    2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.id5-sync.com
1    157.240.229.1 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-iad3.fbcdn.net
connect.facebook.net
14    2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    130.211.23.194 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 194.23.211.130.bc.googleusercontent.com
api.btloader.com
2    13.32.151.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-151-21.iad66.r.cloudfront.net
geo.privacymanager.io
1    152.199.5.228 (United States)

ASN15133 (EDGECAST, US)
entitlements.jwplayer.com
3    2607:f8b0:400d:c0e::5f (Morganton, United States)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
4    18.154.227.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-154-227-84.iad55.r.cloudfront.net
sb.scorecardresearch.com
12    2607:f350:3:2569:0:10:0:d (United States)

ASN27630 (AS-XFERNET, US)
sync.go.sonobi.com
4    172.64.151.101 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
ssum-sec.casalemedia.com
htlb.casalemedia.com
1    52.5.0.17 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-0-17.compute-1.amazonaws.com
sync.bfmio.com
2    23.52.9.13 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-9-13.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    23.9.159.188 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-9-159-188.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
2    23.55.205.215 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-55-205-215.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
4    3.225.218.10 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-218-10.compute-1.amazonaws.com
pixel.advertising.com
ups.analytics.yahoo.com
4    2600:9000:2511:a600:b:b084:ebc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
pixel.servebom.com
4    35.211.178.172 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
1    52.90.184.229 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-90-184-229.compute-1.amazonaws.com
match.sharethrough.com
1    195.244.31.11 (Newark, United States)

ASN63140 (IGUANA-WORLDWIDE, US)
visitor.omnitagjs.com
1    18.210.96.54 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-210-96-54.compute-1.amazonaws.com
cs-server-s2s.yellowblue.io
6    2600:9000:2501:ce00:b:b084:ebc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
pixel.servebom.com
3    34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
u.openx.net
1    2607:f350:3:2569:0:10:0:200c (United States)

ASN27630 (AS-XFERNET, US)
purch-sync.go.sonobi.com
2    52.45.43.30 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-43-30.compute-1.amazonaws.com
ap.lijit.com
3    52.223.22.214 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
1    67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
2    8.28.7.81 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
2    207.65.37.179 (United States)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
1    69.173.154.9 (United States)

ASN26667 (RUBICONPROJECT, US)
prebid-server.rubiconproject.com
2    34.206.91.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-91-202.compute-1.amazonaws.com
tlx.3lift.com
2    3.162.125.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-125-30.iad61.r.cloudfront.net
hb.undertone.com
2    3.222.206.48 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-206-48.compute-1.amazonaws.com
ads.yieldmo.com
3    35.244.193.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.193.244.35.bc.googleusercontent.com
lexicon.33across.com
3    18.164.99.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-99-9.jfk50.r.cloudfront.net
aax.amazon-adsystem.com
5    174.129.126.64 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-174-129-126-64.compute-1.amazonaws.com
pixel.adsafeprotected.com
4    2602:803:c002:200::32 (United States)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    74.119.117.6 (United States)

ASN19750 (AS-CRITEO, US)
bidder.criteo.com
2    147.75.195.77 (Parsippany, United States)

ASN54825 (PACKET, US)
prebid.a-mo.net
sync.a-mo.net
1    2600:1f18:730:b110:cdff:49d9:20e2:24d0 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
rp.liadm.com
1    3.225.72.197 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-72-197.compute-1.amazonaws.com
rp4.liadm.com
4    209.85.144.155 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: qv-in-f155.1e100.net
cm.g.doubleclick.net
1    198.8.71.130 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
2    34.36.216.150 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 150.216.36.34.bc.googleusercontent.com
pixel-sync.sitescout.com
2    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
1    54.197.190.99 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-190-99.compute-1.amazonaws.com
sync.srv.stackadapt.com
1    216.200.232.249 (Frederick, United States)

ASN6461 (ZAYO-6461, US)
sync.mathtag.com
1    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, CY)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
1    63.251.28.231 (Secaucus, United States)

ASN13789 (INTERNAP-BLK3, US)
ads.stickyadstv.com
2    198.148.27.131 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
1    69.173.146.5 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
4    54.157.99.80 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-157-99-80.compute-1.amazonaws.com
api.pbxai.com
1    52.46.155.104 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
3    2607:f8b0:400d:c0d::84 (Morganton, United States)

ASN15169 (GOOGLE, US)
8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com
5    2607:f8b0:400d:c0f::84 (Morganton, United States)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
9    142.251.16.157 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f157.1e100.net
pagead2.googlesyndication.com
11    172.66.42.247 (United States)

ASN13335 (CLOUDFLARENET, US)
resources.infolinks.com
router.infolinks.com
1    2a04:4e42:200::626 (United States)

ASN54113 (FASTLY, US)
assets-jpcust.jwpsrv.com
2    216.239.34.181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
1    2607:f8b0:400d:c04::95 (Morganton, United States)

ASN15169 (GOOGLE, US)
s0.2mdn.net
2    18.238.49.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-15.jfk52.r.cloudfront.net
check.analytics.rlcdn.com
1    52.94.231.7 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
aax-us-east.amazon-adsystem.com
3    2607:f8b0:400d:c02::5e (Morganton, United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2620:100:a00b::4 (United States)

ASN19750 (AS-CRITEO, US)
static.criteo.net
4    2600:9000:247b:3e00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
3    172.66.41.9 (United States)

ASN13335 (CLOUDFLARENET, US)
router.infolinks.com
rt3027.infolinks.com
resources.infolinks.com
2    18.164.124.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-124-93.jfk50.r.cloudfront.net
analytics.rlcdn.com
2    3.231.77.198 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-231-77-198.compute-1.amazonaws.com
idx.liadm.com
1    34.107.165.188 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 188.165.107.34.bc.googleusercontent.com
api.rlcdn.com
1    18.205.222.134 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-222-134.compute-1.amazonaws.com
ads.yieldmo.com
1    2600:9000:261f:f000:1f:2473:9080:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.undertone.com
1    23.221.240.246 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-221-240-246.deploy.static.akamaitechnologies.com
acdn.adnxs.com
1    104.18.38.76 (None, )

ASN13335 (CLOUDFLARENET, US)
js-sec.indexww.com
1    2600:9000:23cb:6400:1c:2afd:fb00:93a1 (United States)

ASN16509 (AMAZON-02, US)
d-code.liadm.com
8    2600:1f18:1aca:4282:7f9d:427e:9ca6:5b95 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dt.adsafeprotected.com
1    108.139.29.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-127.jfk50.r.cloudfront.net
api.intentiq.com
2    2600:9000:26fa:5400:1b:6b7d:2300:93a1 (United States)

ASN16509 (AMAZON-02, US)
sync.intentiq.com
1    2600:9000:2479:3200:1b:6b7c:c940:93a1 (United States)

ASN16509 (AMAZON-02, US)
prd.jwpltx.com
4    2600:9000:2512:d200:e:f12b:c80:93a1 (United States)

ASN16509 (AMAZON-02, US)
tungsten-service.prod.na.adsqtungsten.a9.amazon.dev
6    104.18.30.150 (None, )

ASN13335 (CLOUDFLARENET, US)
www.dianomi.com
2    34.193.77.136 (None, )

ASN- ()
k.p-n.io
Apex Domain
Subdomains		 Transfer
56 futurecdn.net
vanilla.futurecdn.net — Cisco Umbrella Rank: 23136
cdn.mos.cms.futurecdn.net — Cisco Umbrella Rank: 20050
search-api.fie.futurecdn.net — Cisco Umbrella Rank: 25138
bordeaux.futurecdn.net — Cisco Umbrella Rank: 24319
champagne.futurecdn.net — Cisco Umbrella Rank: 33995
freyr.futurecdn.net — Cisco Umbrella Rank: 27768
slice.vanilla.futurecdn.net — Cisco Umbrella Rank: 27945
mos.fie.futurecdn.net — Cisco Umbrella Rank: 43493
1 MB
20 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 280
ad.doubleclick.net — Cisco Umbrella Rank: 210
cm.g.doubleclick.net — Cisco Umbrella Rank: 363
225 KB
18 adsafeprotected.com
cdn.adsafeprotected.com — Cisco Umbrella Rank: 6270
pixel.adsafeprotected.com — Cisco Umbrella Rank: 1139
static.adsafeprotected.com — Cisco Umbrella Rank: 1040
dt.adsafeprotected.com — Cisco Umbrella Rank: 974
131 KB
17 googlesyndication.com
8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 203
pagead2.googlesyndication.com — Cisco Umbrella Rank: 157
74 KB
14 infolinks.com
resources.infolinks.com — Cisco Umbrella Rank: 9368
router.infolinks.com — Cisco Umbrella Rank: 4312
rt3027.infolinks.com — Cisco Umbrella Rank: 108331
134 KB
14 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
9 KB
13 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 1537
purch-sync.go.sonobi.com — Cisco Umbrella Rank: 41121
10 KB
13 servebom.com
ads.servebom.com — Cisco Umbrella Rank: 28312
pixel.servebom.com — Cisco Umbrella Rank: 20004
23 KB
12 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
22 KB
10 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 394
config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 999
aax.amazon-adsystem.com — Cisco Umbrella Rank: 501
s.amazon-adsystem.com — Cisco Umbrella Rank: 399
aax-us-east.amazon-adsystem.com — Cisco Umbrella Rank: 1294
103 KB
10 privacy-mgmt.com
cdn.privacy-mgmt.com — Cisco Umbrella Rank: 4305
96 KB
9 rubiconproject.com
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1494
eus.rubiconproject.com — Cisco Umbrella Rank: 948
prebid-server.rubiconproject.com — Cisco Umbrella Rank: 1367
fastlane.rubiconproject.com — Cisco Umbrella Rank: 780
pixel.rubiconproject.com — Cisco Umbrella Rank: 555
7 KB
9 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 383
secure.adnxs.com — Cisco Umbrella Rank: 764
acdn.adnxs.com — Cisco Umbrella Rank: 961
33 KB
8 ml314.com
ml314.com — Cisco Umbrella Rank: 3108
in.ml314.com — Cisco Umbrella Rank: 17091
15 KB
7 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 855
image6.pubmatic.com — Cisco Umbrella Rank: 1487
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 744
image2.pubmatic.com — Cisco Umbrella Rank: 1373
661 B
7 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 689
check.analytics.rlcdn.com — Cisco Umbrella Rank: 4821
analytics.rlcdn.com — Cisco Umbrella Rank: 4585
api.rlcdn.com — Cisco Umbrella Rank: 1369
15 KB
7 jwpcdn.com
ssl.p.jwpcdn.com — Cisco Umbrella Rank: 2745
303 KB
7 cpx.to
p.cpx.to — Cisco Umbrella Rank: 16638
s.cpx.to — Cisco Umbrella Rank: 12865
6 KB
7 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
589 KB
6 dianomi.com
www.dianomi.com — Cisco Umbrella Rank: 14117
49 KB
6 33across.com
cdn-ima.33across.com — Cisco Umbrella Rank: 1594
ssc-cms.33across.com — Cisco Umbrella Rank: 1474
lexicon.33across.com — Cisco Umbrella Rank: 2352
8 KB
6 jwplayer.com
cdn.jwplayer.com — Cisco Umbrella Rank: 3714
entitlements.jwplayer.com — Cisco Umbrella Rank: 3655
5 KB
6 google.com
ampcid.google.com — Cisco Umbrella Rank: 4317
analytics.google.com — Cisco Umbrella Rank: 238
www.google.com Failed
1 KB
5 liadm.com
rp.liadm.com — Cisco Umbrella Rank: 1645
rp4.liadm.com — Cisco Umbrella Rank: 4911
idx.liadm.com — Cisco Umbrella Rank: 2445
d-code.liadm.com — Cisco Umbrella Rank: 5362
38 KB
5 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 632
tlx.3lift.com — Cisco Umbrella Rank: 998
3 KB
5 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 1261
tags.crwdcntrl.net — Cisco Umbrella Rank: 1256
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1296
14 KB
5 pbxai.com
cdn.pbxai.com — Cisco Umbrella Rank: 12400
api.pbxai.com — Cisco Umbrella Rank: 22183
10 KB
5 dotmetrics.net
uk-script.dotmetrics.net — Cisco Umbrella Rank: 5959
rm-script.dotmetrics.net — Cisco Umbrella Rank: 7539
34 KB
4 amazon.dev
tungsten-service.prod.na.adsqtungsten.a9.amazon.dev — Cisco Umbrella Rank: 2230
4 jwpsrv.com
assets-jpcust.jwpsrv.com — Cisco Umbrella Rank: 4962
216 KB
4 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 499
2 KB
4 casalemedia.com
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 892
htlb.casalemedia.com — Cisco Umbrella Rank: 785
9 KB
4 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 278
4 KB
4 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 505
2 KB
4 permutive.com
api.permutive.com — Cisco Umbrella Rank: 3370
561 B
3 intentiq.com
api.intentiq.com — Cisco Umbrella Rank: 2553
sync.intentiq.com — Cisco Umbrella Rank: 1598
3 KB
3 gstatic.com
www.gstatic.com
29 KB
3 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 952
417 B
3 undertone.com
hb.undertone.com — Cisco Umbrella Rank: 5845
cdn.undertone.com — Cisco Umbrella Rank: 4854
1 KB
3 openx.net
us-u.openx.net — Cisco Umbrella Rank: 864
u.openx.net — Cisco Umbrella Rank: 1176
935 B
3 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 612
738 B
3 googleapis.com
imasdk.googleapis.com — Cisco Umbrella Rank: 588
143 KB
3 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 1596
2 KB
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 319
2 KB
3 privacymanager.io
ats-wrapper.privacymanager.io — Cisco Umbrella Rank: 3209
geo.privacymanager.io — Cisco Umbrella Rank: 2826
92 KB
3 p-n.io
cdn.p-n.io — Cisco Umbrella Rank: 5948
k.p-n.io
57 KB
3 btloader.com
btloader.com — Cisco Umbrella Rank: 1573
api.btloader.com — Cisco Umbrella Rank: 1813
21 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
76 KB
3 futureplc.com
eventsproxy.gargantuan.futureplc.com — Cisco Umbrella Rank: 24059
604 B
2 criteo.net
static.criteo.net — Cisco Umbrella Rank: 992
31 KB
2 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 1077
2 KB
2 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 646
1 KB
2 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 1117
989 B
2 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1162
sync.a-mo.net — Cisco Umbrella Rank: 3188
20 KB
2 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 1228
771 B
2 ad-delivery.net
ad-delivery.net — Cisco Umbrella Rank: 1603
1 KB
2 clean.gg
i.clean.gg — Cisco Umbrella Rank: 2186
104 B
2 adnami.io
functions.adnami.io — Cisco Umbrella Rank: 20307
macro.adnami.io — Cisco Umbrella Rank: 14661
27 KB
2 parsely.com
cdn.parsely.com — Cisco Umbrella Rank: 4801
p1.parsely.com — Cisco Umbrella Rank: 3692
24 KB
2 itpro.com
www.itpro.com
137 KB
1 jwpltx.com
prd.jwpltx.com — Cisco Umbrella Rank: 3118
203 B
1 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 1124
1 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 449
17 KB
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 969
521 B
1 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 592
302 B
1 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 1642
862 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 1245
1 KB
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 1308
732 B
1 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 944
220 B
1 yellowblue.io
cs-server-s2s.yellowblue.io — Cisco Umbrella Rank: 2901
1 omnitagjs.com
visitor.omnitagjs.com — Cisco Umbrella Rank: 1229
1 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 804
318 B
1 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 3169
318 B
1 bfmio.com
sync.bfmio.com — Cisco Umbrella Rank: 2757
1 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 1233
28 KB
1 euid.eu
prod.euid.eu — Cisco Umbrella Rank: 30321
14 KB
1 script.ac
cadmus.script.ac — Cisco Umbrella Rank: 2483
52 KB
1 prmutv.co
6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co — Cisco Umbrella Rank: 49438
384 B
1 brandmetrics.com
cdn.brandmetrics.com — Cisco Umbrella Rank: 3983
1 videoplayerhub.com
futureplc-com.videoplayerhub.com — Cisco Umbrella Rank: 37264
662 B
1 jwplatform.com
content.jwplatform.com — Cisco Umbrella Rank: 5800
46 KB
1 studiostack.com
sr.studiostack.com — Cisco Umbrella Rank: 32798
26 KB
1 skimresources.com
r.skimresources.com — Cisco Umbrella Rank: 5881
363 B
1 futurehybrid.tech
sommelier.futurehybrid.tech — Cisco Umbrella Rank: 26698
3 KB
1 permutive.app
6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app — Cisco Umbrella Rank: 31383
223 KB
1 slgnt.eu
futureplc.slgnt.eu — Cisco Umbrella Rank: 510824
1 KB
364 86
Domain Requested by
24 vanilla.futurecdn.net www.itpro.com
vanilla.futurecdn.net
14 www.facebook.com www.itpro.com
12 sync.go.sonobi.com cadmus.script.ac
www.itpro.com
12 securepubads.g.doubleclick.net bordeaux.futurecdn.net
cadmus.script.ac
imasdk.googleapis.com
securepubads.g.doubleclick.net
www.itpro.com
12 www.google-analytics.com www.itpro.com
www.google-analytics.com
11 bordeaux.futurecdn.net www.itpro.com
bordeaux.futurecdn.net
cadmus.script.ac
10 resources.infolinks.com cadmus.script.ac
www.itpro.com
10 pixel.servebom.com cadmus.script.ac
www.itpro.com
10 search-api.fie.futurecdn.net www.itpro.com
search-api.fie.futurecdn.net
10 cdn.privacy-mgmt.com www.itpro.com
cdn.privacy-mgmt.com
9 pagead2.googlesyndication.com cadmus.script.ac
www.itpro.com
8 dt.adsafeprotected.com www.itpro.com
7 ssl.p.jwpcdn.com content.jwplatform.com
cadmus.script.ac
7 ib.adnxs.com 3 redirects 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
cadmus.script.ac
7 ml314.com 2 redirects www.itpro.com
ml314.com
7 www.googletagmanager.com www.itpro.com
www.googletagmanager.com
cadmus.script.ac
6 www.dianomi.com cadmus.script.ac
www.itpro.com
6 s.cpx.to cadmus.script.ac
www.itpro.com
5 tpc.googlesyndication.com cadmus.script.ac
5 pixel.adsafeprotected.com cdn.adsafeprotected.com
www.itpro.com
5 analytics.google.com 1 redirects www.googletagmanager.com
cadmus.script.ac
5 cdn.jwplayer.com 4 redirects vanilla.futurecdn.net
4 tungsten-service.prod.na.adsqtungsten.a9.amazon.dev www.itpro.com
4 static.adsafeprotected.com www.itpro.com
4 assets-jpcust.jwpsrv.com www.itpro.com
4 api.pbxai.com cadmus.script.ac
4 cm.g.doubleclick.net 4 redirects
4 fastlane.rubiconproject.com cadmus.script.ac
4 x.bidswitch.net 4 redirects
4 sb.scorecardresearch.com 2 redirects www.itpro.com
4 match.adsrvr.org 3 redirects cadmus.script.ac
4 api.permutive.com 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
4 c.amazon-adsystem.com bordeaux.futurecdn.net
c.amazon-adsystem.com
www.itpro.com
4 slice.vanilla.futurecdn.net www.itpro.com
cadmus.script.ac
4 uk-script.dotmetrics.net www.itpro.com
uk-script.dotmetrics.net
cadmus.script.ac
4 cdn.mos.cms.futurecdn.net www.itpro.com
3 router.infolinks.com cadmus.script.ac
3 www.gstatic.com cadmus.script.ac
3 8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com cadmus.script.ac
3 aax.amazon-adsystem.com c.amazon-adsystem.com
3 lexicon.33across.com 1 redirects www.itpro.com
cdn-ima.33across.com
3 ads.yieldmo.com cadmus.script.ac
3 eb2.3lift.com 2 redirects cadmus.script.ac
3 ups.analytics.yahoo.com 3 redirects
3 imasdk.googleapis.com cadmus.script.ac
3 ps.eyeota.net 2 redirects www.itpro.com
3 sync.crwdcntrl.net 3 redirects
3 dpm.demdex.net 1 redirects www.itpro.com
3 connect.facebook.net www.googletagmanager.com
cadmus.script.ac
3 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
3 ads.servebom.com bordeaux.futurecdn.net
cadmus.script.ac
3 eventsproxy.gargantuan.futureplc.com freyr.futurecdn.net
bordeaux.futurecdn.net
2 k.p-n.io cadmus.script.ac
2 sync.intentiq.com 1 redirects www.itpro.com
2 idx.liadm.com cadmus.script.ac
d-code.liadm.com
2 analytics.rlcdn.com cadmus.script.ac
2 static.criteo.net cadmus.script.ac
static.criteo.net
2 check.analytics.rlcdn.com cadmus.script.ac
2 bh.contextweb.com 2 redirects
2 pixel.tapad.com 2 redirects
2 pixel-sync.sitescout.com 2 redirects
2 hb.undertone.com cadmus.script.ac
2 tlx.3lift.com cadmus.script.ac
2 hbopenbid.pubmatic.com cadmus.script.ac
2 htlb.casalemedia.com cadmus.script.ac
2 image6.pubmatic.com www.itpro.com
2 ap.lijit.com 2 redirects
2 us-u.openx.net 2 redirects
2 eus.rubiconproject.com cadmus.script.ac
2 ads.pubmatic.com cadmus.script.ac
2 ssum-sec.casalemedia.com 1 redirects cadmus.script.ac
2 geo.privacymanager.io cadmus.script.ac
2 api.btloader.com cadmus.script.ac
futureplc-com.videoplayerhub.com
2 cdn-ima.33across.com cadmus.script.ac
2 idsync.rlcdn.com 2 redirects
2 ad-delivery.net www.itpro.com
2 i.clean.gg cadmus.script.ac
2 www.itpro.com www.itpro.com
1 prd.jwpltx.com www.itpro.com
1 api.intentiq.com resources.infolinks.com
1 rt3027.infolinks.com resources.infolinks.com
cadmus.script.ac
1 d-code.liadm.com cadmus.script.ac
1 js-sec.indexww.com cadmus.script.ac
1 sync.a-mo.net cadmus.script.ac
1 acdn.adnxs.com cadmus.script.ac
1 cdn.undertone.com cadmus.script.ac
1 api.rlcdn.com cadmus.script.ac
1 aax-us-east.amazon-adsystem.com www.itpro.com
1 s0.2mdn.net cadmus.script.ac
1 s.amazon-adsystem.com cadmus.script.ac
1 image2.pubmatic.com 1 redirects
1 secure.adnxs.com 1 redirects
1 u.openx.net 1 redirects
1 pixel.rubiconproject.com 1 redirects
1 ads.stickyadstv.com 1 redirects
1 creativecdn.com 1 redirects
1 sync.mathtag.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 p.rfihub.com 1 redirects
1 rp4.liadm.com www.itpro.com
1 rp.liadm.com 1 redirects
1 prebid.a-mo.net cadmus.script.ac
1 bidder.criteo.com cadmus.script.ac
1 bcp.crwdcntrl.net tags.crwdcntrl.net
1 prebid-server.rubiconproject.com cadmus.script.ac
1 ssc-cms.33across.com 1 redirects
1 purch-sync.go.sonobi.com 1 redirects
1 cs-server-s2s.yellowblue.io cadmus.script.ac
1 visitor.omnitagjs.com cadmus.script.ac
1 match.sharethrough.com 1 redirects
1 pixel.advertising.com 1 redirects
1 secure-assets.rubiconproject.com 1 redirects
1 sync.bfmio.com cadmus.script.ac
1 entitlements.jwplayer.com content.jwplatform.com
1 cdn.id5-sync.com cadmus.script.ac
1 tags.crwdcntrl.net cadmus.script.ac
1 config.aps.amazon-adsystem.com cadmus.script.ac
1 macro.adnami.io cadmus.script.ac
1 ad.doubleclick.net www.itpro.com
1 in.ml314.com ml314.com
1 cdn.pbxai.com bordeaux.futurecdn.net
1 ats-wrapper.privacymanager.io bordeaux.futurecdn.net
1 cdn.adsafeprotected.com bordeaux.futurecdn.net
1 prod.euid.eu bordeaux.futurecdn.net
1 cadmus.script.ac bordeaux.futurecdn.net
1 6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
1 rm-script.dotmetrics.net www.itpro.com
1 functions.adnami.io www.googletagmanager.com
1 cdn.p-n.io www.googletagmanager.com
1 p.cpx.to www.itpro.com
1 cdn.brandmetrics.com www.itpro.com
1 btloader.com www.itpro.com
1 futureplc-com.videoplayerhub.com 1 redirects
1 content.jwplatform.com vanilla.futurecdn.net
1 sr.studiostack.com www.itpro.com
1 r.skimresources.com search-api.fie.futurecdn.net
1 p1.parsely.com www.itpro.com
1 sommelier.futurehybrid.tech bordeaux.futurecdn.net
1 ampcid.google.com www.google-analytics.com
1 mos.fie.futurecdn.net www.itpro.com
1 cdn.parsely.com www.itpro.com
1 freyr.futurecdn.net www.itpro.com
1 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app www.itpro.com
1 champagne.futurecdn.net www.itpro.com
1 futureplc.slgnt.eu 1 redirects
0 www.google.com Failed cadmus.script.ac
364 146
Subject Issuer Validity Valid
www.itpro.co.uk
R11		 2024-07-16 -
2024-10-14		 3 months crt.sh
vanilla.futurecdn.net
Amazon RSA 2048 M02		 2023-11-02 -
2024-11-30		 a year crt.sh
cdn.mos.cms.futurecdn.net
Amazon RSA 2048 M02		 2023-11-02 -
2024-11-30		 a year crt.sh
*.privacy-mgmt.com
Amazon RSA 2048 M01		 2023-10-08 -
2024-11-05		 a year crt.sh
hawk.techradar.com
R11		 2024-06-14 -
2024-09-12		 3 months crt.sh
*.futurecdn.net
Amazon RSA 2048 M02		 2023-09-08 -
2024-10-06		 a year crt.sh
*.google-analytics.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
permutive.app
Cloudflare Inc ECC CA-3		 2024-03-05 -
2024-12-31		 10 months crt.sh
*.dotmetrics.net
Amazon RSA 2048 M03		 2024-07-23 -
2025-08-20		 a year crt.sh
slice.vanilla.futurecdn.net
R11		 2024-07-23 -
2024-10-21		 3 months crt.sh
*.parsely.com
Amazon RSA 2048 M03		 2024-04-05 -
2025-05-04		 a year crt.sh
mos.fie.futurecdn.net
Amazon RSA 2048 M03		 2023-11-15 -
2024-12-13		 a year crt.sh
*.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
eventsproxy.gargantuan.futureplc.com
R11		 2024-06-12 -
2024-09-10		 3 months crt.sh
*.servebom.com
Amazon RSA 2048 M02		 2023-10-19 -
2024-11-15		 a year crt.sh
sommelier.futurehybrid.tech
R10		 2024-08-05 -
2024-11-03		 3 months crt.sh
skimresources.com
WR3		 2024-07-20 -
2024-10-18		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
jwplayer.com
Amazon RSA 2048 M02		 2023-10-27 -
2024-11-23		 a year crt.sh
*.studiostack.com
Go Daddy Secure Certificate Authority - G2		 2023-12-06 -
2025-01-04		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-05-14 -
2024-08-12		 3 months crt.sh
event-horizon.gcp.bomm.in
WR3		 2024-06-23 -
2024-09-21		 3 months crt.sh
brandmetrics.com
WE1		 2024-06-27 -
2024-09-25		 3 months crt.sh
p.cpx.to
Amazon RSA 2048 M03		 2024-04-24 -
2025-05-23		 a year crt.sh
pushlycdn.com
Amazon RSA 2048 M03		 2023-12-16 -
2025-01-12		 a year crt.sh
functions.adnami.io
R11		 2024-06-11 -
2024-09-09		 3 months crt.sh
*.prmutv.co
R3		 2024-05-23 -
2024-08-21		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2024-02-14 -
2025-03-16		 a year crt.sh
script.ac
E6		 2024-06-23 -
2024-09-21		 3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-12-30 -
2024-12-04		 a year crt.sh
prod.euid.eu
Amazon RSA 2048 M02		 2024-03-27 -
2025-04-26		 a year crt.sh
*.adsafeprotected.com
Amazon RSA 2048 M03		 2024-04-21 -
2025-05-19		 a year crt.sh
*.privacymanager.io
Amazon RSA 2048 M03		 2024-06-26 -
2025-07-24		 a year crt.sh
cdn.pbxai.com
R10		 2024-07-18 -
2024-10-16		 3 months crt.sh
*.jwplayer.com
GlobalSign Atlas R3 DV TLS CA 2024 Q2		 2024-07-02 -
2025-08-03		 a year crt.sh
*.ml314.com
Amazon RSA 2048 M02		 2023-10-16 -
2024-11-12		 a year crt.sh
i.clean.gg
WR3		 2024-07-03 -
2024-10-01		 3 months crt.sh
api.permutive.com
R10		 2024-06-13 -
2024-09-11		 3 months crt.sh
ad-delivery.net
WE1		 2024-07-15 -
2024-10-13		 3 months crt.sh
*.doubleclick.net
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
config.aps.amazon-adsystem.com
Amazon RSA 2048 M02		 2024-01-21 -
2025-02-19		 a year crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M01		 2023-10-08 -
2024-11-05		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-06 -
2024-09-30		 a year crt.sh
id5-sync.com
WE1		 2024-08-02 -
2024-10-31		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2024-04-23 -
2025-05-25		 a year crt.sh
api.btloader.com
WR3		 2024-08-02 -
2024-10-31		 3 months crt.sh
entitlements.jwplayer.com
GeoTrust TLS RSA CA G1		 2024-05-12 -
2025-06-12		 a year crt.sh
upload.video.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
s.cpx.to
Amazon RSA 2048 M02		 2024-04-24 -
2025-05-23		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2023-12-07 -
2025-01-07		 a year crt.sh
casalemedia.com
E5		 2024-06-17 -
2024-09-15		 3 months crt.sh
*.bfmio.com
Amazon RSA 2048 M02		 2024-02-15 -
2025-03-14		 a year crt.sh
*.pubmatic.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-26 -
2024-11-26		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-07-30 -
2025-04-03		 8 months crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA		 2024-07-02 -
2025-08-01		 a year crt.sh
*.yellowblue.io
Amazon ECDSA 256 M03		 2024-03-18 -
2025-04-16		 a year crt.sh
*.3lift.com
Amazon RSA 2048 M02		 2024-03-13 -
2025-04-10		 a year crt.sh
*.undertone.com
Amazon RSA 2048 M02		 2024-07-02 -
2025-07-29		 a year crt.sh
*.yieldmo.com
Amazon RSA 2048 M03		 2024-07-15 -
2025-08-14		 a year crt.sh
alt1-3ps.amazon-adsystem.com
Amazon RSA 2048 M03		 2024-03-29 -
2025-04-28		 a year crt.sh
fw.adsafeprotected.com
Amazon RSA 2048 M03		 2024-02-28 -
2025-03-28		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-06-18 -
2024-09-17		 3 months crt.sh
*.a-mo.net
R11		 2024-07-04 -
2024-10-02		 3 months crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2024-10-26		 a year crt.sh
api.pbxai.com
Amazon RSA 2048 M03		 2024-04-17 -
2025-05-16		 a year crt.sh
s.amazon-adsystem.com
Amazon RSA 2048 M01		 2024-04-24 -
2025-04-17		 a year crt.sh
tpc.googlesyndication.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
infolinks.com
WE1		 2024-06-12 -
2024-09-10		 3 months crt.sh
analytics.rlcdn.com
Amazon RSA 2048 M02		 2024-05-26 -
2025-06-24		 a year crt.sh
aax-us-east.amazon-adsystem.com
Amazon RSA 2048 M01		 2024-03-19 -
2025-03-07		 a year crt.sh
*.gstatic.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-06-27 -
2024-09-24		 3 months crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M02		 2024-04-25 -
2025-05-24		 a year crt.sh
*.liadm.com
Amazon RSA 2048 M02		 2024-07-31 -
2025-08-29		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2024-02-06 -
2025-03-05		 a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2023-08-24 -
2024-08-24		 a year crt.sh
indexww.com
WE1		 2024-08-03 -
2024-11-02		 3 months crt.sh
dt.adsafeprotected.com
Amazon RSA 2048 M03		 2024-04-25 -
2025-05-23		 a year crt.sh
*.intentiq.com
Amazon RSA 2048 M03		 2024-03-26 -
2025-04-24		 a year crt.sh
lexicon.33across.com
WR3		 2024-07-11 -
2024-10-09		 3 months crt.sh
jwpltx.com
Amazon RSA 2048 M03		 2023-10-12 -
2024-11-09		 a year crt.sh
tungsten-service.prod.na.adsqtungsten.a9.amazon.dev
Amazon RSA 2048 M03		 2024-03-12 -
2025-04-10		 a year crt.sh
dianomi.com
E5		 2024-06-28 -
2024-09-26		 3 months crt.sh
*.p-n.io
Amazon RSA 2048 M03		 2023-12-08 -
2025-01-03		 a year crt.sh

This page contains 39 frames:

Primary Page: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Frame ID: 963F97AF66992EC64DC9DB03B9EADAD9
Requests: 289 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D3255%26svc%3Dus%26id%3D2%26uid%3D&r=1171&s=181869&C=1
Frame ID: 29B4DE20513D46DF202C66883C96EB7A
Requests: 1 HTTP requests in this frame

Frame: https://sync.bfmio.com/sync_iframe?gdpr=0&gc=&ifpl=5&ifg=4&id=Purch&gce=1
Frame ID: 2932F2997A6242B4548C2D17F7BFC65C
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?r=2369&p=156007&predirect=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D5391%26svc%3Dus%26id%3D46%26uid%3D
Frame ID: 99863F731DB0DD765ABDE3BFD766DF85
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=11868&endpoint=us-east&r=4258
Frame ID: F5A7301C731C3E58C08862130EF8597A
Requests: 1 HTTP requests in this frame

Frame: https://pixel.servebom.com/partner?&svc=us&id=57&uid=y-BmNVrOxE2uGb9LYLUKpwxiisaEBIR4Xj~A
Frame ID: 384299A4617AF9C75067F13E6E0D4C09
Requests: 1 HTTP requests in this frame

Frame: https://pixel.servebom.com/partner?svc=us&id=61&uid=y-_rx4DJNE2uK14Jh8SqzY8GErABv6KnA-~A
Frame ID: DEDF4332F0C490EBF8729376C20FDA45
Requests: 1 HTTP requests in this frame

Frame: https://pixel.servebom.com/partner?cb=7721&svc=us&id=62&uid=3c82e640-f4c3-40ed-bb04-5704e47b66be&cookie_age=0
Frame ID: 463EF924EFA599FB7BF992B210C2A31C
Requests: 1 HTTP requests in this frame

Frame: https://pixel.servebom.com/partner?svc=us&id=64&uid=24039c5b-f546-451a-b072-135b2d89a060
Frame ID: 9A8533ED6A5D7FC1AB08EBAC07A937E5
Requests: 1 HTTP requests in this frame

Frame: https://visitor.omnitagjs.com/visitor/isync?uid=ebd167208cfac599416ddea5dbceb5dd&name=FUTURE_PLC&url=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D7272%26svc%3Dus%26id%3D65%26uid%3DPARTNER_USER_ID
Frame ID: 7A3CA4899A5E99D1B82287795249FDE4
Requests: 1 HTTP requests in this frame

Frame: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D5710%26svc%3Dus%26id%3D66%26uid%3D%7BpartnerId%7D
Frame ID: 745CAB582B85C0502C5A66AA598A7F9D
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 556B364B4340AA146ECA0E1592A18C12
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=gg_n-mediagrid_n-index_n-Ogury_rx_n-MediaNet_smrt_n-undertone_n-sharethrough_n-onetag_pm-db5_ym_rbd_kg_an-db5_sovrn_n-Rise_3lift
Frame ID: 8B4391273A9556035278E66D7DB7225F
Requests: 1 HTTP requests in this frame

Frame: https://8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1221E1716128B948777639B7ABFC1F22
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstwRbNddW0pJJHYeQaFh_EQFazb7yD58cTNBAokiXuGLKjvHGm_p-A0SYREP9qDYa7iqxnj_CkPFmLJ_ajhkasnjUAeyUyf6M0mhfwTwejNUIaMN8-bNtAu_-HoUbYER8-3hQoPQTnbtfZMyXzkoP_Hlwx-8nBwfN-dysmGhjJX7sutVuliw3hPyApHQ7oWCs887OoXQ7zYnl2Y1uVQNCYONe0Ekce6wvrYRjimi1HHYSw4sxu7niW4ftvhV5fSvAzXbAP3GtmI0WFfsNQahTlFCk5MEVmsaU8AQcaKpKLBmFY6L8_k8i3imWEHRG40RJ9c_afkv4jkuiQfxB_AEod1CfYXlEzsZqrpOhLIejSJu1zQEfk6uRhe-JbSAFi9BLYbbHq9PSJMJ3VgyzsECuQL4kQZ6FU&sai=AMfl-YTTYmpITyLn4O9vSzOiezhmjdiJXCqm4FF-kunZ7SFCV7N1tvcZwzLgT8E9ZiEjZubrbMYJ-15jHREwqrdpImR73BbKZQzYdxGUrgbbOtHgCCIZ-hZoloy3R-uIiHozXr0DZCvBUrpY4ufU310mzWc&sig=Cg0ArKJSzOj91gPNmsCnEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 7AF1C2B1EF9A3659ED76853A8E2BC234
Requests: 11 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsunekYwOK7Vbc64S9ajWeG23S4Y47DkcBHH94E3604z2roR-nYCG5eYMMqQOvWws8SF5KrUKbroT7blcz9ThXe3c6LEA5J8dGu83npJIA5KwG7OAVZh_Yag2aulEHwwQpFOmN3Va7vUalvV6qQ6vmLNSLTkulGRVcuojHQ9MTWr3hYbzFmggF4VzAZNnolinIuHijTUWZyYvdhZoRmbKRqSYzDLGJUQYrnvCB4Y5hWlzZFSzQsJL6jOGdjSAX99P2pnrleSy18dni5tLywF2xtv4niYM3QwDBkwzBTRX53paV8Eu-UQww3-7Pw3oxyq28P9__dHmxjF16Xjt8Fw3MXNLNswAX9Q2-FpRoClppilYs01yBIuAhHh7oSycZd1LxYQsVz4myeHf9OOifD3zqfPmvQtUaijhTY&sai=AMfl-YQgL8uZUufEvSHRxq3rKV97jEw8f5iCHhaVvLK6qut8vz49-fwhZz0GRwHY0HbaAVWKZrnJXTO9SYDebw3j6qD7j99ftDyaDwrS8zy4iOKb0FRzJ3_-Zceen4far9U-XBmzvIcFoYXAUiMNf_uc3IE&sig=Cg0ArKJSzHi0_3RK8wBaEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 1BD4FBEA48140C5ACE7457631A61D014
Requests: 10 HTTP requests in this frame

Frame: https://8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: CD05ABAE387A379197579B6EDD810B71
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssV0e7TV7WblZPchZftQxB9ilvGUqul4is74AL5qkFkfbZoWZIX9Ceqv6-Vnu6STROwQlS0segXFFvJ9YPT7HpVuZln3-e5QNRweNAKlZEtsS22WsHQGcQ6dBbWXzWbtl4y_nlog-l_m7NMuNnzuw9oHERas6YdyL3d2Fkvpjs6-JPO2LIPwLXkggeFM8J7o3kCge2F5aZGwzY_o4W0sdLyYXnLo3nrob34FGr2LHQgBFLYlT-Vwp1w-aL8P-vmQmq2tt0-V7v-Ax2z_pi5xkY4o0rAej2XM8Cs2Zy0QzE7Gjm5h1mIxcnRwvtKBc-snd4QNdG8gecXtEdRBXeSQdozLAkr2XLR2AxXct2wr1lysx_r5wxQXIqfnw&sai=AMfl-YR2FZhCu7DgyZwjJRyMqMORMRQGkoCoFaHenm6yEVglPCaZqaTuQ68_YYaHSE-QDTscBhBS1CYg25tPKnc06Nl8YMR3x1ofhU40gI-JqzBzTCDnNo_qUZLD410kYsm_rIBmotNnl-aO7YklpOlFpOc&sig=Cg0ArKJSzK7a7THej99YEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: C538F4A96A921F74A9EA7F4A6932F874
Requests: 9 HTTP requests in this frame

Frame: https://8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 146ED8C26FABE467500BC3D619E5F751
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.653.0_en.html
Frame ID: 4496FA4775254EBD65F0964D1F6C43DD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 1E4328BE6F95CCA677825706B6AA7077
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.653.0_en.html
Frame ID: 9EF250B61E43D986A7E6FABDEB3B068B
Requests: 1 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=923193&campId=300x250&pubId=4971039325&chanId=22905714311&placementId=6435228879&pubCreative=138458895445&pubOrder=2801906293&cb=1000001850&adsafe_par&impId=a5c3a8ea-5335-11ef-bf97-0e86acdf905b&custom=1,pre_right_1&custom2=mpu1&custom3=itprocom&custom4=358&custom5=no
Frame ID: 6E51CF8316DBA178E0481C16F0F4E8F7
Requests: 2 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=923193&campId=970x250&pubId=4676654121&chanId=22905713822&placementId=6749414608&pubCreative=138481120911&pubOrder=3562784821&cb=1008586515&adsafe_par&impId=a5c3a8e9-5335-11ef-bf97-0e86acdf905b&custom=1,pre_inline_1&custom2=top-leaderboard&custom3=itprocom&custom4=358&custom5=no
Frame ID: 3F5B5C22120A5FC87BBEBF1EB206E9AD
Requests: 2 HTTP requests in this frame

Frame: https://aax-us-east.amazon-adsystem.com/e/dtb/admi?b=JLUvyQ-ytQrnw27M3nr7vdwAAAGRIuhPOQEAAAvYAUFhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICBCPXr3&rnd=2516059301221722867536840&pp=14qvbwg&p=fael1c
Frame ID: DD26A348150AB623D848C66A37A2B9C3
Requests: 1 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3272039&wsid=0&pdom=www.itpro.com&purl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&usprivacy=1YNN
Frame ID: CBBBE965E26BE013D6EEC58EA008BE39
Requests: 1 HTTP requests in this frame

Frame: https://ads.yieldmo.com/pbcas?us_privacy=1YNN&gdpr=0&gdpr_consent=&type=iframe
Frame ID: D29DB77B5C62D3558D74694E09D1BCA0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.undertone.com/js/usersync.html?gdpr=0&gdprstr=&ccpa=1YNN
Frame ID: EFAE7DF802C44A37F04486000E62F0AF
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 22576B581B877096A451C998A4AEE326
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?us_privacy=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7&
Frame ID: 4076CC5337ACDF57EDED298EF6C0128A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=162345&gdpr=0&gdpr_consent=&us_privacy=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7
Frame ID: C4F58DF7FDA15CE6279BD3F5564DAA48
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=0&us_privacy=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7
Frame ID: B9793DDE163FF5CA277091C6D18CF936
Requests: 1 HTTP requests in this frame

Frame: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1YNN&_e=CuYESg13d3cuaXRwcm8uY29tUgthYXMtNDk1N2NmNVoIcGJhMS4zLjRqDXd3dy5pdHByby5jb236AQY4LjQ3LjDoAgCIA8--w7UGqANB6gMkYzhhYTAxYTQtZWRiOS00M2YxLWI3MDAtNmQzMGJlMzQ2ZjhkogSkA2h0dHBzOi8vd3d3Lml0cHJvLmNvbS9zZWN1cml0eS9jeWJlci1jcmltZS9yZXNlYXJjaGVycy1kaXNjb3Zlci1oaWdobHktc29waGlzdGljYXRlZC1vcGVyYXRpb24tdXNpbmctYS0zMDAwLXN0cm9uZy1uZXR3b3JrLW9mLWdob3N0LWFjY291bnRzLXRvLXNwcmVhZC1tYWx3YXJlLW9uLWdpdGh1Yj91dG1fc291cmNlPVNlbGxpZ2VudCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj1JVFBfU0VDVVJJVFlfQlVMTEVUSU5fQVVHXzIwMjQmdXRtX2NvbnRlbnQ9SVRQX1NFQ1VSSVRZX0JVTExFVElOX0FVR18yMDI0JnV0bV90ZXJtPTI1OTE1OTc0Jm1faT1kU3RLa0YzeVVqUHUyUDdRdEpEVE10THRXb3lZMXE3NTRuTDJuQ3JUR3g5JTJCS2VhcnIlMkJldGxVb1RnbTdHeHJKajJwbFliUGx2UXlweXRhJTJCNHRNcjFBaFRxektPVkRqNmRkY6oEA0RDSLIFA1VTROoFB2Rlc2t0b3D6BQNueTXABgDIBgGqBwN3ZWLKBwlpdHByby5jb23gBwGCCAlpdHByby5jb22KCAZjaHJvbWU
Frame ID: FC00BF8230FDA80A7B6D27D942E9260A
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: C5EFAFE7B4984BF9D6022712F2FCEF53
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.4.js
Frame ID: 872C0518F53B5976EEB5BEE02B477EC5
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.4.js
Frame ID: 8974F995A85D0D9E718DC74AFB623844
Requests: 1 HTTP requests in this frame

Frame: https://resources.infolinks.com/static/container-4.0.html
Frame ID: 35CB891EF8545804C0589A0E7F6E9EFD
Requests: 1 HTTP requests in this frame

Frame: https://www.dianomi.com/partner/dianomi/css/dianomi-context.css?v=1.1
Frame ID: 964C5F5E116858FA8169B5BA6033BBD9
Requests: 3 HTTP requests in this frame

Frame: https://www.dianomi.com/smartads.epl?id=10250&numAds=8&cf=2250.1505.ITPRO&url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&unitId=dianomi-10250-ZrDfU0yQW05fJzEjtZsz2wAAAEQ0&responsiveHeight=1&contextfeedFrameId=1505-785&gdpr_consent=null&gdpr=null&canServeAds=true&canCookie=true&partner_tcf_status=2.0&partnerTcfStatus=2.0
Frame ID: E5F50A43050081C875222DEBF7228AD7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Researchers discover “highly sophisticated’ operation using a 3,000-strong network of ghost accounts to spread malware on GitHub | ITPro

Page URL History Show full URLs

  1. https://futureplc.slgnt.eu/optiext/optiextension.dll?ID=0wx0rI0koaJtWuBrss5bXUfh3GPJIwv8yHORGwIeQAbQ8dz... HTTP 302
    https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-usi... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

364
Requests

88 %
HTTPS

32 %
IPv6

86
Domains

146
Subdomains

120
IPs

5
Countries

4343 kB
Transfer

17003 kB
Size

419
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://futureplc.slgnt.eu/optiext/optiextension.dll?ID=0wx0rI0koaJtWuBrss5bXUfh3GPJIwv8yHORGwIeQAbQ8dzKCLxuFKRZTzhWJkZaNJfELTAydugpMoyW0wcdzzMGQK5G0YGGHs4V710x HTTP 302
    https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75
  • https://futureplc-com.videoplayerhub.com/galleryplayer.js HTTP 301
  • https://btloader.com/tag?h=futureplc-com&upapi=true
Request Chain 100
  • https://analytics.google.com/g/collect?v=2&tid=G-H58Q5KTB4D&gtm=45je47v0v9182436040z89184126532za200zb9184126532&_p=1722867532336&_gaz=1&gcs=G111&gcd=13r3v3r3r5&npa=0&dma=0&tcfd=10648&tag_exp=95250752&cid=1843726432.1722867533&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1722867533&sct=1&seg=0&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&en=page_view&_fv=1&_ss=2&_c=1&tfd=2047 HTTP 302
  • https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1843726432.1722867533&dbk=9989071995411533352&dma=0&en=page_view&gcs=G111&gtm=45je47v0v9182436040z89184126532za200zb9184126532&npa=0&tid=G-H58Q5KTB4D&dl=https%3A%2F%2Fwww.itpro.com%3F
Request Chain 133
  • https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3646078572539412529&redir= HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3646078572539412529&redir=
Request Chain 134
  • https://idsync.rlcdn.com/395886.gif?partner_uid=3646078572539412529 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzY0NjA3ODU3MjUzOTQxMjUyORAAGg0Izr7DtQYSBQjoBxAAQgBKAA HTTP 307
  • https://ml314.com/csync.ashx?fp=4b543cf578192e4efae8ca40866b1d3150032d2419229d523d145a4fef5f2091f4cb09cee1a4f8eb&person_id=3646078572539412529&eid=50082
Request Chain 135
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
  • https://ml314.com/utsync.ashx?eid=53819&et=0&fp=48c3f041-3e95-40ba-9b98-d1e5372b4104&gdpr=0&gdpr_consent=
Request Chain 136
  • https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3646078572539412529 HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3646078572539412529 HTTP 302
  • https://ml314.com/csync.ashx?fp=5908e6c1f62489d97c7b0c6c4cb95f0d&eid=50146&person_id=3646078572539412529
Request Chain 137
  • https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
  • https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2EsCWkdP6eb8sPh-8upXANINLOQp6GmThCy237czK-3s&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_pid%3Dr8hrb20 HTTP 302
  • https://ml314.com/csync.ashx?fp=2EsCWkdP6eb8sPh-8upXANINLOQp6GmThCy237czK-3s&person_id=3646078572539412529&eid=50052&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_pid%3Dr8hrb20 HTTP 302
  • https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Request Chain 154
  • https://sb.scorecardresearch.com/cs/10055482/beacon.js HTTP 302
  • https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Request Chain 161
  • https://ssum-sec.casalemedia.com/usermatch?r=1171&s=181869&cb=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D3255%26svc%3Dus%26id%3D2%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D3255%26svc%3Dus%26id%3D2%26uid%3D&r=1171&s=181869&C=1
Request Chain 164
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=11868&endpoint=us-east&r=4258 HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=11868&endpoint=us-east&r=4258
Request Chain 165
  • https://pixel.advertising.com/ups/58164/sync?gdpr=0&gdpr_consent=&_origin=1&redir=true HTTP 301
  • https://ups.analytics.yahoo.com/ups/58164/sync?gdpr=0&gdpr_consent=&_origin=1&redir=true HTTP 302
  • https://pixel.servebom.com/partner?&svc=us&id=57&uid=y-BmNVrOxE2uGb9LYLUKpwxiisaEBIR4Xj~A
Request Chain 166
  • https://ups.analytics.yahoo.com/ups/58290/sync?redir=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58290/sync?redir=true&verify=true HTTP 302
  • https://pixel.servebom.com/partner?svc=us&id=61&uid=y-_rx4DJNE2uK14Jh8SqzY8GErABv6KnA-~A
Request Chain 167
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D7721%26svc%3Dus%26id%3D62%26uid%3D%24%7BBSW_UUID%7D%26cookie_age%3D%24%7BCOOKIE_AGE%7D HTTP 302
  • https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D7721%26svc%3Dus%26id%3D62%26uid%3D%24%7BBSW_UUID%7D%26cookie_age%3D%24%7BCOOKIE_AGE%7D HTTP 302
  • https://pixel.servebom.com/partner?cb=7721&svc=us&id=62&uid=3c82e640-f4c3-40ed-bb04-5704e47b66be&cookie_age=0
Request Chain 168
  • https://match.sharethrough.com/universal/v1?supply_id=dSvJjhJF HTTP 302
  • https://pixel.servebom.com/partner?svc=us&id=64&uid=24039c5b-f546-451a-b072-135b2d89a060
Request Chain 171
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D6214%26svc%3Dus%26id%3D23%26uid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fpixel.servebom.com%252Fpartner%253Fcb%253D6214%2526svc%253Dus%2526id%253D23%2526uid%253D%2524UID HTTP 302
  • https://pixel.servebom.com/partner?cb=6214&svc=us&id=23&uid=8544957376819976494
Request Chain 172
  • https://us-u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=de2d90e5-4d26-4c8c-a342-3edcde51fdb1&ph=25af9286-f23b-4b02-abcd-f2ee3b564dab&r=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D2713%26svc%3Dus%26id%3D22%26uid%3D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&gdpr=0&gdpr_consent=&id=de2d90e5-4d26-4c8c-a342-3edcde51fdb1&ph=25af9286-f23b-4b02-abcd-f2ee3b564dab&r=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D2713%26svc%3Dus%26id%3D22%26uid%3D HTTP 302
  • https://pixel.servebom.com/partner?cb=2713&svc=us&id=22&uid=7ded7626-175f-00a1-10a2-8c80b0d42a90
Request Chain 173
  • https://purch-sync.go.sonobi.com/us?https://pixel.servebom.com/partner?cb=5370&svc=us&id=9&uid=[UID] HTTP 302
  • https://pixel.servebom.com/partner?cb=5370&svc=us&id=9&uid=63f1a1cd-c9e8-4f0a-b97c-ff4127efb843
Request Chain 174
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D5705%26svc%3Dus%26id%3D24%26uid%3D%24UID HTTP 307
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D5705%26svc%3Dus%26id%3D24%26uid%3D%24UID&sovrn_retry=true HTTP 307
  • https://pixel.servebom.com/partner?cb=5705&svc=us&id=24&uid=JHGaALZH0G2OhhTTRTKJc_Dl
Request Chain 175
  • https://eb2.3lift.com/getuid?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D4976%26svc%3Dus%26id%3D14%26uid%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D4976%26svc%3Dus%26id%3D14%26uid%3D%24UID HTTP 302
  • https://pixel.servebom.com/partner?cb=4976&svc=us&id=14&uid=4287211908149823403099
Request Chain 176
  • https://ssc-cms.33across.com/ps/?ri=0013300001kQj3GAAS&ru=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D5655%26svc%3Dus%26id%3D59%26uid%3D33XUSERID33X HTTP 302
  • https://pixel.servebom.com/partner?cb=5655&svc=us&id=59&uid=212729161477666
Request Chain 187
  • https://lexicon.33across.com/v1/envelope?pid=0013300001kQj3GAAS&src=aps&ver=1.12.3&us_privacy=1YNN&gpp=DBABLA%7EBVQqAAAAAgA.QA&gpp_sid=7 HTTP 307
  • https://lexicon.33across.com/v1/envelope?pid=0013300001kQj3GAAS&src=aps&ver=1.12.3&us_privacy=1YNN&gpp=DBABLA%7EBVQqAAAAAgA.QA&gpp_sid=7&b=1&tp=tZ5D2VjN%2FWfRLBvPD91cnEsUQpgBiMewYCqQIz5mp7g%3D
Request Chain 204
  • https://rp.liadm.com/j?dtstmp=1722867535068&did=did-0043&se=e30&duid=ee7a5467f5a4--01j4hegjh3vbydcmr0sx2napcp&tv=8.47.0&pu=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&us_privacy=1YNN&wpn=prebid&gdpr=0&cd=.itpro.com HTTP 302
  • https://rp4.liadm.com/j?dtstmp=1722867535068&did=did-0043&se=e30&duid=ee7a5467f5a4--01j4hegjh3vbydcmr0sx2napcp&tv=8.47.0&pu=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&us_privacy=1YNN&wpn=prebid&gdpr=0&cd=.itpro.com&i6=MjAwMTo1NTA6MWQwNToxOjoxMg%3D%3D&n3pc=true
Request Chain 206
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=3c82e640-f4c3-40ed-bb04-5704e47b66be&google_hm=M2M4MmU2NDAtZjRjMy00MGVkLWJiMDQtNTcwNGU0N2I2NmJl&gdpr_consent=&gdpr=0 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEMV3jgG7a11r3rk2MUb4-0Q&google_cver=1&ssp=sonobi&bsw_param=3c82e640-f4c3-40ed-bb04-5704e47b66be&gdpr_consent=&gdpr=0 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=3c82e640-f4c3-40ed-bb04-5704e47b66be&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 207
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=48c3f041-3e95-40ba-9b98-d1e5372b4104&pubid=
Request Chain 208
  • https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1920574156666283085
Request Chain 209
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=140&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=140&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553%26partner_url%3Dhttps%253A%252F%252Fsync.go.sonobi.com%252Fus.gif%253Fnw%253Dbs%2526nuid%253D7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553&partner_url=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dbs%26nuid%3D7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553&partner_url=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dbs%26nuid%3D7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=bs&nuid=7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553&gdpr=0&gdpr_consent=
Request Chain 210
  • https://sync.srv.stackadapt.com/sync?nid=286 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=st&nuid=CH4xsdExW1RVsOzUyOzYsiaEdk0
Request Chain 211
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dif%26nuid%3D[MM_UUID] HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=if&nuid=ad7b66b0-df4f-4500-9723-6bb53b165bb1
Request Chain 212
  • https://creativecdn.com/cm-notify?pi=sonobi HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=rh&nuid=dyuPae2CiZZKG9h04ucCYmKrx8231kEeP6IkZ_nU-DI&pi=sonobi
Request Chain 213
  • https://ads.stickyadstv.com/user-matching?id=3703&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=fw&nuid=f7b12ced3a3f77cae6df837e36a11c9d&gdpr=0&gdpr_consent=
Request Chain 214
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=4cfaf80b-30bf-4a24-8ad4-5dc9dbc991fd&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=c2dSaE5ESU5pQzVaRzBfUVJrUFZkdw&gdpr=&gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEDzGFv1d6uzz9h_HnZ3OOIM&google_cver=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=OtbdQJhemzbV
Request Chain 215
  • https://ib.adnxs.com/getuid?https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=$UID HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=8227823255572650278
Request Chain 217
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=NGNmYWY4MGItMzBiZi00YTI0LThhZDQtNWRjOWRiYzk5MWZk HTTP 302
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESEDG5ZXYUGrmd3BD1p6GAEB4&google_cver=1
Request Chain 218
  • https://sb.scorecardresearch.com/b?c1=2&c2=10055482&cs_fpcu=d7da1d0dcfbb4feba64a0feb9da1d1bb&cs_it=b8&cv=4.0.0%2B2301240627&ns__t=1722867535122&ns_c=UTF-8&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=0&cs_cmp_id=6&cs_cmp_sv=1&cs_cmp_rt=0&c7=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&c8=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&cs_fpcu=d7da1d0dcfbb4feba64a0feb9da1d1bb&cs_it=b8&cv=4.0.0%2B2301240627&ns__t=1722867535122&ns_c=UTF-8&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=0&cs_cmp_id=6&cs_cmp_sv=1&cs_cmp_rt=0&c7=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&c8=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&c9=
Request Chain 219
  • https://pixel.rubiconproject.com/token?pid=34010&customParamenters HTTP 302
  • https://s.cpx.to/sync?dsp=rubicon&dsp_uid=LZH2UI73-I-1PCS&customParamenters=
Request Chain 220
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm HTTP 302
  • https://s.cpx.to/sync?dsp_uid=CAESENsJpGcCPkAEN-ACtZd-SKk&dsp=dbm&google_cver=1
Request Chain 221
  • https://u.openx.net/w/1.0/cm?id=f0f39a70-2c21-4d5d-af4b-7350637edcd5&r=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3DOPENX%26dsp_uid%3D%7BOPENX_ID%7D HTTP 302
  • https://s.cpx.to/sync?dsp=OPENX&dsp_uid=53337cb3-7658-0170-1cab-c10c0dfb0bf4
Request Chain 222
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Ffire.js%3Fdsp%3Dapp_nexus%26dsp_uid%3D%24UID%26pid%3D12529%26url%3Dhttps%253A%252F%252Fwww.itpro.com%252Fsecurity%252Fcyber-crime%252Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%253Futm_source%253DSelligent%2526utm_medium%253Demail%2526utm_campaign%253DITP_SECURITY_BULLETIN_AUG_2024%2526utm_content%253DITP_SECURITY_BULLETIN_AUG_2024%2526utm_term%253D25915974%2526m_i%253DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%25252BKearr%25252BetlUoTgm7GxrJj2plYbPlvQypyta%25252B4tMr1AhTqzKOVDj6ddc%26hn_ver%3D78%26fid%3D077a9d12-97f8-4141-8d24-6bdc2703f26a%26dsp%3DTTD%26dsp_uid%3D0e365dc4-1852-45c2-ba63-fb539bbe7a2c HTTP 302
  • https://s.cpx.to/fire.js?dsp=app_nexus&dsp_uid=8227823255572650278&pid=12529&url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&hn_ver=78&fid=077a9d12-97f8-4141-8d24-6bdc2703f26a&dsp=TTD&dsp_uid=0e365dc4-1852-45c2-ba63-fb539bbe7a2c
Request Chain 223
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID HTTP 302
  • https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=EF052076-B46A-4770-A15A-AF0F1FC8093D
Request Chain 257
  • https://cdn.jwplayer.com/strips/ffZUX3mV-120.vtt HTTP 301
  • https://assets-jpcust.jwpsrv.com/strips/ffZUX3mV-120.vtt
Request Chain 262
  • https://cdn.jwplayer.com/v2/media/ffZUX3mV/poster.jpg?width=720 HTTP 302
  • https://assets-jpcust.jwpsrv.com/thumbnails/9xpNLR0j-720.jpg
Request Chain 281
  • https://cdn.jwplayer.com/strips/ffZUX3mV-120.jpg HTTP 301
  • https://assets-jpcust.jwpsrv.com/strips/ffZUX3mV-120.jpg
Request Chain 321
  • https://cdn.jwplayer.com/v2/media/vOlFj47S/poster.jpg?width=120 HTTP 302
  • https://assets-jpcust.jwpsrv.com/thumbnails/AECRGZMD-120.jpg
Request Chain 326
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=328512134&rnd=164056&iiqidtype=2&iiqpcid=6d1247dc-035d-4b7e-ae6b-b2bd14006251&iiqpciddate=1722867538583&tsrnd=403_1722867538585&fbp=646215245&jsver=5.36&abtp=100&abtg=A HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=328512134&rnd=164056&iiqidtype=2&iiqpcid=6d1247dc-035d-4b7e-ae6b-b2bd14006251&iiqpciddate=1722867538583&tsrnd=403_1722867538585&fbp=646215245&jsver=5.36&abtp=100&abtg=A&ckls=true&ci=C0hrfHQxoy&nc=false&trid=-999590801

364 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github
www.itpro.com/security/cyber-crime/
Redirect Chain
  • https://futureplc.slgnt.eu/optiext/optiextension.dll?ID=0wx0rI0koaJtWuBrss5bXUfh3GPJIwv8yHORGwIeQAbQ8dzKCLxuFKRZTzhWJkZaNJfELTAydugpMoyW0wcdzzMGQK5G0YGGHs4V710x
  • https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_med...
733 KB
113 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7b81815362ab845bed0ce2a4f884d1bbf64098022fee123f10968de5169d51d5
Security Headers
Name Value
Content-Security-Policy frame-ancestors self
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
4968
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
no-store,private
content-encoding
br
content-length
114729
content-security-policy
frame-ancestors self
content-type
text/html; charset=utf-8
date
Mon, 05 Aug 2024 14:18:52 GMT
last-modified
Mon, 05 Aug 2024 12:56:02 GMT
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-age
3559
x-article-id
isNAebwboJikNSvfuqhMB6
x-cache
MISS-CLUSTER
x-cache-hits
10, 0
x-country-code
US
x-country-code-real
US
x-frame-options
SAMEORIGIN
x-ftr-backend
varnish-leopard
x-ftr-backend-server
leopard1
x-ftr-balancer
vanilla-mochi-http-haproxy-prod-2
x-ftr-cache-status
HIT HIT
x-ftr-request-id
928d5348-5dd9-4e44-b0b9-e62a9d953e00 00000000000000000000FFFF9D344589:C73C_00000000000000000000FFFFB9711938:01BB_66B0D9CA_442EB6:1DF1C2
x-modified-date
1721911936
x-served-by
cache-lon420137-LON, cache-mia-kmia1760040-MIA
x-timer
S1722867532.158445,VS0,VE103
xkey
itpro-platform-responsive itpro-article-isNAebwboJikNSvfuqhMB6 itpro-articletype-news itpro-articletemplate-standard itpro-article-age-ancient itpro-region-US itpro-language-en itpro-modifieddate-1721911936 itpro-author-LGHjuzptxh2qbgMqRfjHmL itpro-tag-v3RKdcTGDyVWgDWDkV1ym7 itpro-tag-nRS3q9Hbwso6TtGimTsYdB itpro-flexi-page-guid-itpro_page_layout_news itpro-curatedlist-9ityrXgfTSfprh6HG4gK9c itpro-flexi-controller-FlexiPageLayout:index itpro-flexi-site-guid-itpro_en_us itpro-flexi-layout-news itpro-flexi-route-custom_route_1666094972 itpro-version-1024514 itpro-server-phpfpm-d9d5746b4-bjszh itpro-hawkwidgets-16.82.0-f973f3a120753ce14db814f7555bffa435a94597

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
8ae76b39d8c367da-MIA
content-length
563
content-type
text/html; charset=UTF-8
date
Mon, 05 Aug 2024 14:18:51 GMT
location
https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
referrer-policy
strict-origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubdomains
x-xss-protection
1; mode=block
OpenSans-400-Regular.woff2
vanilla.futurecdn.net/itpro/1024514/media/shared/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/1024514/media/shared/fonts/OpenSans-400-Regular.woff2
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
355ed062ee95dabbc5ec6da25a77d578df031563a64c639aa0df171e62275f0b
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
Origin
https://www.itpro.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 11:23:09 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 b0785dd15b9c7ed21cde8fa5e473d0a2.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
10543
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-01
x-ftr-request-id
00000000000000000000FFFF40FC422D:2CFE_00000000000000000000FFFFB971193C:01BB_66B0B61C_8A539:382894
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
84b3URvLK18qI1_DUcm7-bgcQay7y9pH68CI06tdA0ija9bEMTvrlA==
OpenSans-600-SemiBold.woff2
vanilla.futurecdn.net/itpro/1024514/media/shared/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/1024514/media/shared/fonts/OpenSans-600-SemiBold.woff2
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7c498397aa84d61b57d5596d59dedf2f74d135c85b512adef492daf87e58e786
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
Origin
https://www.itpro.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 11:22:50 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 b0785dd15b9c7ed21cde8fa5e473d0a2.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
10562
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC44EC:8474_00000000000000000000FFFFB971193B:01BB_66B0B609_1B1759:E23B0
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
sB-3ndY_QLWrjyJ814Uu87VywZaszxXL9otQSVTOzQxBUvymp0LHCQ==
oSKTqhpaGbKM8XRhq2AUaG-650-80.jpg.webp
cdn.mos.cms.futurecdn.net/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mos.cms.futurecdn.net/oSKTqhpaGbKM8XRhq2AUaG-650-80.jpg.webp
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e2:9000:1b:ce45:6040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
f60bdb24790ab913d70825c0219bfd407a988a304a276a3ef1f1795cb8d7a475
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-backend
default
age
950581
x-ftr-realm
pip
x-ftr-backend
mos_kodiak
x-ftr-cache-status
MISS
x-svc-build-time
Thu Jul 18 09:43:41 UTC 2024
x-served-by
kodiak-varnish-f96658d5b-qlk9m
x-ftr-balancer
bulk-proxy-1
x-svc-go-version
1.22.5
etag
30f70f7f816a27a8b8d65da511258183
x-svc-name
kodiak-svc
access-control-allow-methods
GET, OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=5184000
x-svc-version
latest
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
expires
Mon, 23 Sep 2024 14:15:51 UTC
date
Thu, 25 Jul 2024 14:15:51 GMT
via
1.1 2e8c2e7cad8a51072f754f4edb4b5714.cloudfront.net (CloudFront)
x-svc-env
prod
xkey
/proof/oSKTqhpaGbKM8XRhq2AUaG.jpg
x-amz-cf-pop
IAD79-C2
x-cache
Hit from cloudfront
x-ftr-dc
uk-lon1
alt-svc
h3=":443"; ma=86400
content-length
16754
x-ftr-request-id
00000000:6F5A_00000000:01BB_66A25E16_26CFC51:172E
access-control-max-age
1728000
x-ftr-backend-server
kube
access-control-allow-credentials
true
accept-ranges
bytes
x-amz-cf-id
OCKWTX0Ns1b8c-OEXrs8mxOTGQzNNgQdxsJqw_6uHAv0JCNolaLPMg==
wrapperMessagingWithoutDetection.js
cdn.privacy-mgmt.com/unified/ 		129 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.privacy-mgmt.com/unified/wrapperMessagingWithoutDetection.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-102.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fb6ab1073cde3166b6000e29997f96d96645c9cba747ba4058dfd6bdd3de5600

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:09:23 GMT
content-encoding
gzip
via
1.1 1466638cc0a1aa93138e5454e3ed52fa.cloudfront.net (CloudFront)
last-modified
Thu, 01 Aug 2024 14:41:37 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P4
age
570
x-amz-server-side-encryption
AES256
etag
W/"733d2b8eabf5d16a3959bf362390f403"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=3600
x-amz-cf-id
lKK5N4VNe53wvXScAix4oq9AJtetJuAVrrjoFme4hUiPpcTWxa34zQ==
responsive.js
search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/ 		676 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/responsive.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c1249bd6073a4d074ea27bcf7c527bea2fa3d7b8510847914ca3875dfbcb29f5
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:52 GMT
content-encoding
br
x-hawk-country
strict-transport-security
max-age=31557600
via
1.1 varnish, 1.1 varnish
age
758
x-hawk-area
US
x-ftr-dc
uk-lon2
x-cache
HIT, HIT
x-ftr-realm
pip
x-ftr-backend
fie-assets
x-ftr-cache-status
HIT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-ftr-expires
Mon, 05 Aug 2024 12:46:12 GMT
x-ftr-balancer
hawkproxyprodred
x-served-by
cache-lon420117-LON, cache-mia-kmia1760095-MIA
x-ftr-request-id
00000000:2502_00000000:01BB_66B0C4E3_24F024:2F57
last-modified
Mon, 05 Aug 2024 10:38:13 GMT
x-timer
S1722867532.458632,VS0,VE1
etag
W/"66b0ab95-a8e23"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
fievarnishprodred
cache-control
max-age=1200, immutable, stale-if-error=172800, stale-while-revalidate=172800
content-length
145802
accept-ranges
bytes
x-cache-hits
3, 1
itpro-site.js
search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/itpro-site.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3a3c7af129666b6ad90013dc7da1ea8857454306d9c35120816a44a838750dc3
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:52 GMT
content-encoding
br
x-hawk-country
strict-transport-security
max-age=31557600
via
1.1 varnish, 1.1 varnish
age
3093
x-hawk-area
US
x-ftr-dc
uk-lon1
x-cache
HIT, HIT
x-ftr-realm
pip
x-ftr-backend
fie-assets
x-ftr-cache-status
HIT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-ftr-expires
Mon, 05 Aug 2024 13:27:07 GMT
x-ftr-balancer
hawkproxyprodblue
x-served-by
cache-lon420133-LON, cache-mia-kmia1760095-MIA
x-ftr-request-id
00000000:7EA5_00000000:01BB_66B0CE7D_56A468:10DA
last-modified
Mon, 05 Aug 2024 10:38:13 GMT
x-timer
S1722867532.458862,VS0,VE1
etag
W/"66b0ab95-521"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
fievarnishprodwhite
cache-control
max-age=1200, immutable, stale-if-error=172800, stale-while-revalidate=172800
x-resp-is-stale
true
content-length
542
accept-ranges
bytes
x-cache-hits
21, 0
promotion.js
search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/ 		136 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/promotion.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8b76f18f3b53e80550678b79794d98c3898fb17913062cb82f37228ee4786bee
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:52 GMT
content-encoding
br
x-hawk-country
strict-transport-security
max-age=31557600
via
1.1 varnish, 1.1 varnish
age
761
x-hawk-area
US
x-ftr-dc
uk-lon1
x-cache
HIT, HIT
x-ftr-realm
pip
x-ftr-backend
fie-assets
x-ftr-cache-status
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-ftr-expires
Mon, 05 Aug 2024 12:46:08 GMT
x-ftr-balancer
hawk-proxy-185-113-25-40
x-served-by
cache-lon420128-LON, cache-mia-kmia1760095-MIA
x-ftr-request-id
00000000:769B_00000000:01BB_66B0C4DF_31BB25:481C
last-modified
Mon, 05 Aug 2024 10:38:13 GMT
x-timer
S1722867532.458960,VS0,VE0
etag
W/"66b0ab95-21fd4"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
fievarnishprodred
cache-control
max-age=1200, immutable, stale-if-error=172800, stale-while-revalidate=172800
content-length
29786
accept-ranges
bytes
x-cache-hits
5, 3
bordeaux.js
bordeaux.futurecdn.net/ 		452 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/bordeaux.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:5400:5:a6be:f9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d707a8faf4af3138081365716b1852e959262f8e80b307e7337f1087688b8583

Request headers

Referer
https://www.itpro.com/
Origin
https://www.itpro.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
7CdGQZ37c_7sTAGSnA.aQLw0PRuQ6a8q
content-encoding
gzip
x-amz-meta-bordeaux-version
5.54.0
date
Mon, 05 Aug 2024 13:53:12 GMT
via
1.1 d2b8f634cf8ac5ec77dee366297223bc.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
age
1541
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 01 Aug 2024 14:14:19 GMT
server
AmazonS3
etag
W/"7682b21b7974e4600405a40117787c67"
vary
Accept-Encoding, Origin
content-type
application/javascript
access-control-allow-origin
https://www.itpro.com
access-control-allow-credentials
true
x-amz-cf-id
lnW0fRbW9lrSZjIgQz8S1Tf5YjnYFYQ0WyKO7xCB-Xkz9K2CBuXZLw==
champagne.js
champagne.futurecdn.net/ 		46 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://champagne.futurecdn.net/champagne.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2209:7200:15:a2ae:35c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c0ba6f628d77979b587f1466188ebd4e251d2829adaf1642c0e261e9da5a0911
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
Origin
https://www.itpro.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 2c7d387775f2e52dd268d2f49202b5d2.cloudfront.net (CloudFront)
date
Mon, 05 Aug 2024 14:09:14 GMT
last-modified
Wed, 03 Apr 2024 15:24:59 GMT
champagne-version
latest
x-amz-cf-pop
EWR53-P1
etag
W/"660d74cb-b893"
age
578
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-amz-cf-id
6We_4fBhGlAHFrMJyMp4X6qDdp9BdpioaEtwZhSbXaE4uUxOKEJJww==
flexisites.min.css
vanilla.futurecdn.net/itpro/1024514/media/css/ 		390 KB
51 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/1024514/media/css/flexisites.min.css
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c9b247eda2ed9c6f0517da1d7edf7482405dc939074cf6d78975892b1f93dcf3
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 11:22:49 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
10563
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-01
x-ftr-request-id
00000000000000000000FFFF40FC423B:1A70_00000000000000000000FFFFB971193C:01BB_66B0B609_8A071:382894
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
qAB6MCc6FfE053KJXX5IKkHMoOdWFhtq8dnJiWa5lM2fy9d1JWlZzg==
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0e::64 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 05 Aug 2024 12:32:36 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
6376
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 05 Aug 2024 14:32:36 GMT
6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js
6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/ 		1 MB
223 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1f20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b5282bb31b99ae57490af721c0b3930782311ed47a00cb16074a01a973aa6fa

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:52 GMT
content-encoding
br
cf-cache-status
HIT
x-goog-meta-oid
6093eccf-6734-4877-ac8b-83d6d0e27b46
age
0
x-guploader-uploadid
AHxI1nOf7l4vLB0qxNRONqr_4lbxS24pqd2DVebaL2BmS7Vj-iH0F9NxJyRkBM6xHit8xrUnXVA
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
content-length
227671
last-modified
Thu, 01 Aug 2024 14:17:47 GMT
server
cloudflare
etag
"d40a3410b69089b716c16c12da483a94"
vary
Accept-Encoding
x-goog-generation
1722521867342855
content-type
application/javascript
x-goog-hash
crc32c=lMBkRw==, md5=1Ao0ELaQibcWwWwS2kg6lA==
cache-control
public, max-age=900
x-goog-stored-content-length
227671
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8ae76b3dbcf2d99d-MIA
expires
Mon, 05 Aug 2024 14:33:52 GMT
freyr.js
freyr.futurecdn.net/ 		80 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freyr.futurecdn.net/freyr.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:2a00:19:ee95:9600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d4191259e90b27d0d1f1bd056ea23512273574f38d357bc7fa8f7e7d7f200ceb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
br
via
1.1 ee623581f95aa65c7c8707871d87b790.cloudfront.net (CloudFront)
date
Mon, 05 Aug 2024 14:15:16 GMT
last-modified
Tue, 21 May 2024 13:11:30 GMT
x-amz-cf-pop
EWR53-C2
age
217
etag
W/"664c9d82-1411d"
vary
Accept-Encoding
freyr-version
6.9.0
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
8FZFAsJRQ56vbZdifGABGi1sgdA1NFYE6PHaU10fpn22w_FcfF1HMA==
gtm.js
www.googletagmanager.com/ 		330 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WWBWRXL
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
53c8c0a9dc4a7ac59b808b821af9f6648578256b1a170b9f195629a8f2100c7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:52 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89811
x-xss-protection
0
last-modified
Mon, 05 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Aug 2024 14:18:52 GMT
door.js
uk-script.dotmetrics.net/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uk-script.dotmetrics.net/door.js?d=www.itpro.com&t=itprous
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-91.jfk52.r.cloudfront.net
Software
Kestrel /
Resource Hash
aa4b94fa80e280aca72d20b655035008e91e0a64db808553f82746ed2c437219

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:52 GMT
content-encoding
br
via
1.1 def26d054ec95b961e8352e3cd4fae7e.cloudfront.net (CloudFront)
server
Kestrel
x-amz-cf-pop
JFK52-P3
etag
".www.itpro.com.itprous.303.2024080514"
vary
Accept-Encoding
x-cache
Miss from cloudfront
p3p
policyref="https://uk-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
content-type
application/javascript
cache-control
private
x-amz-cf-id
vFr4nEMAccCtBGx_xtsSw5uCEluQh-jhmJOMFUdiOajdMN_bmSlE1A==
flexi.js
vanilla.futurecdn.net/itpro/1024514/media/shared/js/ 		22 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/flexi.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
4c1d72b7278fa6856b19e8b04c3bed88ca313ca448fcff75f9f701f200986a66
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 11:22:50 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
10562
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC43B3:63A0_00000000000000000000FFFFB971193B:01BB_66B0B60A_1B1786:E23B0
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
jx288B0xut2JwU7rp65ziWqadzU94GCtClq55OBY-SG0IvZUofAMFg==
externals.js
slice.vanilla.futurecdn.net/13-0-11/js/ 		137 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://slice.vanilla.futurecdn.net/13-0-11/js/externals.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f65329a3db68a68c542fe17485430268a4f86882c6e579344e42a862d43ef2b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:52 GMT
content-encoding
br
via
1.1 varnish
strict-transport-security
max-age=31536000
age
620268
x-cache
HIT
x-ftr-backend
van-prod
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
39373
x-served-by
cache-mia-kmia1760057-MIA
x-ftr-balancer
vanilla-mochi-http-haproxy-prod-2
x-ftr-request-id
00000000000000000000FFFF8CF8524A:D7B6_00000000000000000000FFFFB9711938:01BB_66A7685F_A67F411:12EE0B
last-modified
Mon, 29 Jul 2024 09:20:18 GMT
x-timer
S1722867533.653138,VS0,VE0
etag
W/"22508-190fdca6788"
vary
accept-encoding, Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-ftr-backend-server
http.van-prod
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
22333
main-CnRVpWvq.js
www.itpro.com/vite/assets/ 		65 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.itpro.com/vite/assets/main-CnRVpWvq.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9ef9e8c03f203e12b05a9fa4eeef7f755806838a557fb5321cf7989dcde0b9f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:52 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=31536000
age
2080626
x-cache
HIT-CLUSTER
x-ftr-backend
varnish-leopard
x-age
0
x-ftr-cache-status
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
23987
x-ftr-balancer
vanilla-mochi-http-haproxy-prod-2
x-served-by
cache-lon4229-LON, cache-mia-kmia1760040-MIA
x-ftr-request-id
00000000000000000000FFFF9D34451D:D319_00000000000000000000FFFFB9711938:01BB_66911FDA_2153FE60:39B084
last-modified
Fri, 12 Jul 2024 12:13:15 GMT
x-country-code-real
US
x-timer
S1722867532.368769,VS0,VE1
etag
W/"66911ddb-1026f"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
leopard2
cache-control
no-store,private
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-country-code
US
x-cache-hits
13, 0
US.svg
vanilla.futurecdn.net/itpro/media/shared/img/flags/nosize/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/img/flags/nosize/US.svg
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c0a177730664a02710981330dacbe32e843153f32945016aa1e7b377ed4f9819
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 01:03:11 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
1775741
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-01
x-ftr-request-id
00000000000000000000FFFF40FC4248:77D6_00000000000000000000FFFFB971193C:01BB_6695C6CF_1DE67ED:11592
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
1S1_5CXJY_Pt5295A8j291Jlv5o5saClZxdLjzM20L5-vqgQU-M4Ww==
hawklinks.js
search-api.fie.futurecdn.net/hl/es6/ 		169 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/hl/es6/hawklinks.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e4a3244265d56628662429fe1217ba4b1f5692a87831c9e68e09abf5bf45a6a1
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.itpro.com/
Origin
https://www.itpro.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:52 GMT
content-encoding
br
x-hawk-country
strict-transport-security
max-age=31557600
via
1.1 varnish, 1.1 varnish
age
1148
x-hawk-area
US
x-ftr-dc
uk-lon2
x-cache
HIT, HIT
x-ftr-realm
pip
x-ftr-backend
fie-assets
x-ftr-cache-status
HIT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-ftr-expires
Mon, 05 Aug 2024 08:19:38 GMT
x-ftr-balancer
hawk-proxy-185-113-25-36
x-served-by
cache-lon4247-LON, cache-mia-kmia1760077-MIA
x-ftr-request-id
00000000:A69F_00000000:01BB_66B0866B_454165:13E5
last-modified
Thu, 25 Jul 2024 08:49:54 GMT
x-timer
S1722867532.465252,VS0,VE0
etag
W/"66a211b2-2a3f5"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
fievarnishprodred
cache-control
max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
content-length
37847
accept-ranges
bytes
x-cache-hits
595, 28
main.dcfe34adb1631f11541e.bundle.js
vanilla.futurecdn.net/itpro/1024514/media/shared/js/ 		114 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
417e4656c1f16fcbeb4f3c64712cc142124bf2f1f617ba7a8c9c812df0aa5df6
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 11:22:45 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
10567
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC457A:3D1C_00000000000000000000FFFFB971193B:01BB_66B0B605_1B1688:E23B0
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
7XKyo1VUJw9tf78e_hOVx_cDEon6ziyBx-3DHMbMv3dqv4xD8__-zg==
p.js
cdn.parsely.com/keys/itpro.com/ 		65 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.parsely.com/keys/itpro.com/p.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.131.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-131-58.iad50.r.cloudfront.net
Software
nginx /
Resource Hash
af4904dfba625213c0e0b59a0203184072811fc9179ef21ec36e172de5261a54

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
public
date
Mon, 05 Aug 2024 06:32:29 GMT
content-encoding
gzip
via
1.1 c57d1eb27f41d3e95fc5060845849c06.cloudfront.net (CloudFront)
last-modified
Wed, 15 May 2024 14:16:08 GMT
server
nginx
x-amz-cf-pop
IAD50-C2
age
27983
etag
W/"6644c3a8-10291"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400, public
x-amz-cf-id
xUz2P1Uv6EDEa79Msuyab4J4TNhQ0iwhe1MV216Kk5XPdq3q38nnvQ==
expires
Tue, 06 Aug 2024 06:32:29 GMT
itpro.min.css
vanilla.futurecdn.net/itpro/1024514/media/css/ 		255 B
957 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/1024514/media/css/itpro.min.css
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e540b8efca2df42fe182279b7e1495af9cda40d1eef3189017a6f09d25b381fc
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 11:24:06 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
10485
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC443C:19CE_00000000000000000000FFFFB971193B:01BB_66B0B656_1B26AF:E23B0
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
tZfe5tyQy9SdCHCKsKP1KhQYBKFvvcdUdnAbISEMgPDxmVSFDXFMOA==
OpenSans-700-Bold.woff2
vanilla.futurecdn.net/itpro/1024514/media/shared/fonts/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/1024514/media/shared/fonts/OpenSans-700-Bold.woff2
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
2f8405195ca878bae465b73e5d375cc0bf135b8db2893e48a081115de519e457
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
Origin
https://www.itpro.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 11:24:06 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 b0785dd15b9c7ed21cde8fa5e473d0a2.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
10486
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC457A:E7A2_00000000000000000000FFFFB971193B:01BB_66B0B656_1B269F:E23B0
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
emMP45e5s8qaF-WxjklnzkKYVD_q6eafq1Qo9lYXiPqEzFvX-HEs-A==
flexisites.woff
vanilla.futurecdn.net/itpro/1024514/media/fonts/ 		7 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/1024514/media/fonts/flexisites.woff
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
2c6d13081750bfcfb93cb02b49b291d1055d5ec08d4e2e7ea8205b089c0ab390
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
Origin
https://www.itpro.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 11:35:29 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 b0785dd15b9c7ed21cde8fa5e473d0a2.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
9803
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC457A:F88A_00000000000000000000FFFFB971193B:01BB_66B0B901_1B9E06:E23B0
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
SLYUh5EcEywCue_sob49jTMh9UHOcY5Q6feiEmIaKpIcXRqDG4x0sg==
OpenSans-300-Light.woff2
vanilla.futurecdn.net/itpro/1024514/media/shared/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/1024514/media/shared/fonts/OpenSans-300-Light.woff2
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
33bf41558b24231dfe07d3fbae63916cd253a33ef2e85fb79645071f3907870f
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
Origin
https://www.itpro.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 11:24:06 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 b0785dd15b9c7ed21cde8fa5e473d0a2.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
10486
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC424F:73FE_00000000000000000000FFFFB971193B:01BB_66B0B656_1B26AC:E23B0
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
wIZB2UJ5iKT3937kSPVo-woYCJQslFVoTWGEvbt_VeECPNBUDif9xA==
hlwce5dqzq4wsnmg-16040076574048.jpeg
mos.fie.futurecdn.net/logos/models/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mos.fie.futurecdn.net/logos/models/hlwce5dqzq4wsnmg-16040076574048.jpeg
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-52.jfk52.r.cloudfront.net
Software
nginx /
Resource Hash
d81ecdfd770abb03106fc5106e92380e2ee6dc602ffdd25f3d6e2e622fdf5a10
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 15:43:56 GMT
via
1.1 a8894be3cc09919d8cad0be355a10772.cloudfront.net (CloudFront)
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
JFK52-P5
age
1982095
x-cache
Hit from cloudfront
x-ftr-dc
uk-lon2
x-ftr-realm
pip
x-ftr-backend
s3-futureplc-engineering-accessors, mos
alt-svc
h3=":443"; ma=86400
content-length
14272
x-ftr-balancer
cleversafe-proxy-2, bulkproxyprodred
x-ftr-request-id
00000000:8F81_00000000:0050_666B0A43_169217D:1777A, 00000000:3D7C_00000000:0050_666B0B97_2F05DE7:35D3
last-modified
Thu, 29 Oct 2020 21:40:57 GMT
server
nginx
etag
"8d6a8139d9085d797db649ca8cd161d5"
vary
Accept-Encoding
content-type
image/jpeg
x-ftr-backend-server
cs-acc-s3-futureplc-engineering-3.corp, mos03
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
access-control-allow-headers
*
x-amz-cf-id
2d3nvj3923kSGpBD0Ozx5p7pRu1bEi1sYUSYxAKH6U-YxDF9argsyw==
access-control-allow-method
GET,OPTIONS
expires
Mon, 12 Aug 2024 15:43:56 GMT
RedwCmfxCPMtSW8N8UwyxY-1280-80.jpg.webp
cdn.mos.cms.futurecdn.net/ 		94 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mos.cms.futurecdn.net/RedwCmfxCPMtSW8N8UwyxY-1280-80.jpg.webp
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e2:9000:1b:ce45:6040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
1cc8530b559210c58000482599dc69939b32ebc5942e12007e4aacb48299fce9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-backend
default
age
7550
x-ftr-realm
pip
x-ftr-backend
mos_kodiak
x-ftr-cache-status
MISS
x-svc-build-time
Tue Jul 30 14:24:22 UTC 2024
x-served-by
kodiak-varnish-f96658d5b-qlk9m
x-ftr-balancer
bulkproxyprodred
x-svc-go-version
1.22.5
etag
debbf25bd03191b042e4d2fb65703a7f
x-svc-name
kodiak-svc
access-control-allow-methods
GET, OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=5184000
x-svc-version
latest
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
expires
Fri, 04 Oct 2024 12:13:02 UTC
date
Mon, 05 Aug 2024 12:13:02 GMT
via
1.1 2e8c2e7cad8a51072f754f4edb4b5714.cloudfront.net (CloudFront)
x-svc-env
prod
xkey
/proof/RedwCmfxCPMtSW8N8UwyxY.jpg
x-amz-cf-pop
IAD79-C2
x-cache
Hit from cloudfront
x-ftr-dc
uk-lon2
alt-svc
h3=":443"; ma=86400
content-length
96614
x-ftr-request-id
00000000:4FF6_00000000:01BB_66B0C1CD_188CF9C:72E3
access-control-max-age
1728000
x-ftr-backend-server
kube
access-control-allow-credentials
true
accept-ranges
bytes
x-amz-cf-id
NJaUJlh9_haTuzc9EwOOoHvpueKstP0DuajlHIG5t04yPBqWWwAGaA==
c4070499-90e1-4ea6-b639-3371b1862d89
https://www.itpro.com/ 		702 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.itpro.com/c4070499-90e1-4ea6-b639-3371b1862d89
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0b8330a87803dae67c96bbdc03b0bfc72f37eff34dd72bbe4bd0829897407cd1

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length
719189
Content-Type
publisher:getClientId
ampcid.google.com/v1/ 		3 B
367 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0e::64 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.itpro.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
x-xss-protection
0
gdpr-tcf.da52e36b5e2f05c6aae3.bundle.js
cdn.privacy-mgmt.com/unified/4.25.1/ 		156 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.privacy-mgmt.com/unified/4.25.1/gdpr-tcf.da52e36b5e2f05c6aae3.bundle.js
Requested by
Host: cdn.privacy-mgmt.com
URL: https://cdn.privacy-mgmt.com/unified/wrapperMessagingWithoutDetection.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-102.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
924e5cdd56019f10cefe4b4a8b8f6ca2295efdde1f670ebf02a1001f063d6e7f

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 01 Aug 2024 14:42:30 GMT
content-encoding
br
via
1.1 1466638cc0a1aa93138e5454e3ed52fa.cloudfront.net (CloudFront)
last-modified
Thu, 01 Aug 2024 14:16:34 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P4
age
344183
etag
W/"bdb59e0d65d41ca36dfd737b94eac1d0"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=31536000
x-amz-cf-id
nEKLRbtKivKMzghKAs1RtYEDGiA0-xi-ShpW7F3cVbOjbw9WujzKpw==
usnat-uspapi.424a28a7602f5d18dde1.bundle.js
cdn.privacy-mgmt.com/unified/4.25.1/ 		210 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.privacy-mgmt.com/unified/4.25.1/usnat-uspapi.424a28a7602f5d18dde1.bundle.js
Requested by
Host: cdn.privacy-mgmt.com
URL: https://cdn.privacy-mgmt.com/unified/wrapperMessagingWithoutDetection.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-102.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
87053da4324f73f1254f505e432b68e7d263b38c6b0d7a94676e177fe3dbd16f

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 01 Aug 2024 14:42:31 GMT
content-encoding
br
via
1.1 1466638cc0a1aa93138e5454e3ed52fa.cloudfront.net (CloudFront)
last-modified
Thu, 01 Aug 2024 14:16:34 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P4
age
344182
etag
W/"893213c926e949fe02cffcfe2e87d0bd"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=31536000
x-amz-cf-id
RaTaaFGnrhksYmVOvionXBcqCSdoq8uqkIJ7znujPsEOH2mac4IwVw==
get_site_data
cdn.privacy-mgmt.com/mms/v2/ 		208 B
616 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.privacy-mgmt.com/mms/v2/get_site_data?hasCsp=true&href=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github&account_id=200
Requested by
Host: cdn.privacy-mgmt.com
URL: https://cdn.privacy-mgmt.com/unified/wrapperMessagingWithoutDetection.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-102.jfk52.r.cloudfront.net
Software
/
Resource Hash
9af85f31381f718dec61afdb8292c8e9b473cf2236d005566b692c98a57fe639
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:52 GMT
strict-transport-security
max-age=15552000; includeSubdomains
x-sp-mms-node
ip-10-128-17-204
via
1.1 e4063174e49a72dbf23ed047ff7d7c56.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
x-cache
Miss from cloudfront
cache-control
max-age=3600, s-maxage=86400
access-control-allow-credentials
true
x-amz-cf-id
CfcFusKU_SBWkMAFKDvLpnNfqESBH-HwyQrIY6-lSDTvlSLBSiMJSA==
merchant-domains.php
search-api.fie.futurecdn.net/ 		719 KB
101 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/merchant-domains.php?site=ITPROUS
Requested by
Host: search-api.fie.futurecdn.net
URL: https://search-api.fie.futurecdn.net/hl/es6/hawklinks.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e53d53b45ba79b86c31054a9e29da8052d34b85257edf2aa4307a02551d6f5cb
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:52 GMT
content-encoding
br
x-hawk-country
strict-transport-security
max-age=31557600
via
1.1 varnish, 1.1 varnish
age
1222
x-hawk-area
US
x-ftr-dc
uk-lon1
x-cache
HIT, HIT
x-ftr-realm
pip
x-ftr-backend
fie-api
x-ftr-cache-status
HIT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-ftr-expires
Mon, 05 Aug 2024 14:18:31 GMT
x-ftr-balancer
hawk-proxy-185-113-25-40
x-served-by
cache-lon4222-LON, cache-mia-kmia1760077-MIA
x-ftr-request-id
00000000:8D17_00000000:01BB_66B0DA87_267BE7:481B
content-length
102740
x-timer
S1722867533.826481,VS0,VE1
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8;
access-control-allow-origin
*
x-ftr-backend-server
fievarnishprodred
cache-control
max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
access-control-allow-credentials
true
x-resp-is-stale
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area
x-cache-hits
5, 0
future.adtech.freyr.v1.PageViewEvent
eventsproxy.gargantuan.futureplc.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://eventsproxy.gargantuan.futureplc.com/future.adtech.freyr.v1.PageViewEvent
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.17.165.159 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-165-159.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.itpro.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
date
Mon, 05 Aug 2024 14:18:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
enlarge-images.af98e9834bf4bfaa40f3.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/enlarge-images.af98e9834bf4bfaa40f3.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b0e7bdcb46ea789052bd4bc094f6b6f5829ea6821db0109ecb0b30cc115875d9
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 12:04:05 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
1563287
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-01
x-ftr-request-id
00000000000000000000FFFF40FC4564:6C3E_00000000000000000000FFFFB971193C:01BB_669904B5_22DE835:11592
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
RkhcfPpK1yRvPW-SseFV_XwAuSBHee-CnmNv-Ua6OJrx_mbd5FBlbA==
fancy-box-resize.5a260cb5f1fd5d018fa5.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/fancy-box-resize.5a260cb5f1fd5d018fa5.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
f675d9886939cdfa47a9fbe4bd16bcb2e212e0c95a5d45e7baf95baad29f07bf
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 06:40:37 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
632295
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-01
x-ftr-request-id
00000000000000000000FFFF40FC457C:8BE2_00000000000000000000FFFFB971193C:01BB_66A73964_1B137:2DF25E
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
JSx_DojiKPWrhVsaxRFSiFoP87Kmxhr3YNZaCMP0xult5he5KfzLqw==
topics.71b67ce542657ad41ca9.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		813 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/topics.71b67ce542657ad41ca9.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d56fdf57f25e8a4c79b0c9bc9a959ee1e77aa7569729e97cc53fa50348a12b72
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 12:04:05 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
1563287
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-01
x-ftr-request-id
00000000000000000000FFFF40FC45FE:A968_00000000000000000000FFFFB971193C:01BB_669904B5_22DE83A:11592
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
VD3IvU_b16uhi5ePqcOtvkESL5DOgod7Pgx61R8YLEpwNgpy3fwGKg==
embed-resize.a9fcce80b12045aed2ac.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/embed-resize.a9fcce80b12045aed2ac.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
2c483137847048876305e1be8f1bf2b58daae7be986a37e3bc7c8ea955bd2d6f
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 01:03:12 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
1775740
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-01
x-ftr-request-id
00000000000000000000FFFF40FC423B:201E_00000000000000000000FFFFB971193C:01BB_6695C6D0_1DE67F6:11592
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
GkqNc9yF3Z1citGGAeuioqyeyLLhoasWLUD0bJKW95i_nnpb5hRemA==
jwplayer-autopause.01a8f7bbe47ff6aa3b50.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/jwplayer-autopause.01a8f7bbe47ff6aa3b50.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b5c2fedc2c334db8d5741ba5e0223149c8c399120df49cdf83df9fb23e7dc071
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 05:31:07 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
636465
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC42AB:D856_00000000000000000000FFFFB971193B:01BB_66A7291B_31FCD21:19E862
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
3CAzCWkkqevHiOICGrIL7Gc6cwcDQPNlOmDbeHlxRc20ivVx8u_kbA==
jwplayer-sticky-desktop.6da37ba842e5ee203a13.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/jwplayer-sticky-desktop.6da37ba842e5ee203a13.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
310ec95e17507fe06109a54d3c96db6a6286b35d903d31d7691e12b8c46702bc
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 30 Jul 2024 00:21:34 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
568638
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC44EC:242E_00000000000000000000FFFFB971193B:01BB_66A8320E_45472:6C9A7
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
OpB7v80Sm_WqjvlN4PZHyP7Xmiodp4LVBfQyEFn1Rbpr9qdgrt2o4g==
jwplayer-sticky-mobile-editorial.4c4e377b6df668d452ac.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/jwplayer-sticky-mobile-editorial.4c4e377b6df668d452ac.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
743eeeb5a70c2aa157091852dc451fcf61b09e4e5819be575e4f3e8985f33065
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 20:25:40 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
582792
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC42AB:4E00_00000000000000000000FFFFB971193B:01BB_66A7FAC4_149EB:6C9A7
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
l1OKJip3IOYSqJ7uJMmgbFQLR3_Z72tzuqR28vAt_srguuHy8Q3Zag==
jwplayer-unmute.405e5c2b0df09d877cd5.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/jwplayer-unmute.405e5c2b0df09d877cd5.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
70e399190484d543b22988906fe79388c338b959205ba6034be3f2b77a6aa8fd
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 19 Jul 2024 11:02:32 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
1480580
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC443C:6BE0_00000000000000000000FFFFB971193B:01BB_669A47C8_230BE35:19E862
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
8SR-NvhLSH84gClZJCMzQ9cOHedS6I4qdHa_zDXFue8PA3T3mtfYaw==
jwplayer-carousel.ed7c5bb6f0cfd78330cc.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/jwplayer-carousel.ed7c5bb6f0cfd78330cc.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
34a728ab4c4fd61585ca4d3d148533f13b6788ee5ce7e02cda845239cae48fb7
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 30 Jul 2024 13:06:48 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
522724
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC44EC:9F88_00000000000000000000FFFFB971193B:01BB_66A8E566_14A9DD:6C9A7
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
gIcKfrep7BIFRW_VvvkgBnpG3jeFuIp7rLdh6mYhLlxq1fufSnZ21Q==
open-ahead-embeds.b529595a77174e0166af.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/open-ahead-embeds.b529595a77174e0166af.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
58bbcc2692dc655f38caf71fa557de27cd47ec0148dc7bba2205c175ed7bfe94
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 13:19:46 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
3546
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-01
x-ftr-request-id
00000000000000000000FFFF40FC4300:4646_00000000000000000000FFFFB971193C:01BB_66B0D172_CFDDF:382894
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
nlGiUBNsArTP7K9bSKIb3-97vIBIPj9k6I5l_8k7DfemJy9CzyoPPw==
sticky-nav-responsive.96d5cef7f2132d2f93dc.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/sticky-nav-responsive.96d5cef7f2132d2f93dc.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b0556ee4836bedc71ab34916e58d41b6422875d378d2490f98dde15fba0d595
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 01:03:12 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
1775740
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-01
x-ftr-request-id
00000000000000000000FFFF40FC4248:77D6_00000000000000000000FFFFB971193C:01BB_6695C6CF_1DE67F4:11592
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
t3eDTXJa9NCE8InGiILTd24ktXh5WP4abEmNs2Ordk68CCfa5ne0kg==
infinite-scroll.832c145d77663c58c4f7.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/infinite-scroll.832c145d77663c58c4f7.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c5f5f57f61b31f64abb3f93517fb7b42f56ff715e6c0ceed7428375eea787c8b
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 09 Jul 2024 08:19:58 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
2354334
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-01
x-ftr-request-id
00000000000000000000FFFF40FC43B4:D0D2_00000000000000000000FFFFB971193C:01BB_668CF2AE_12BCE67:11592
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
mN3OHwBUVHTAbFQxnhsxSBo6mhonm8zk1rsI5CC4P84A7pXamHS6vA==
dianomi-script.bb480d6b6e3a47bd8fb1.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/dianomi-script.bb480d6b6e3a47bd8fb1.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
bc80560049de257d25860fb2bedefb26156de677e0c3c6e6faeb6570192bed24
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 19 Jul 2024 11:02:32 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
1480580
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-01
x-ftr-request-id
00000000000000000000FFFF40FC4564:B1F8_00000000000000000000FFFFB971193C:01BB_669A47C7_249AE55:11592
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
p_TD166qqIKhqWDs05UBmV_ooriP59uqRymrtt-xT88BrKXljvmFbg==
nav-subscribe.4c2bbdae8a538138dfa9.chunk.js
vanilla.futurecdn.net/itpro/media/shared/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itpro/media/shared/js/nav-subscribe.4c2bbdae8a538138dfa9.chunk.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/1024514/media/shared/js/main.dcfe34adb1631f11541e.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4000:6:4010:e280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
f7944bfabacd3e4ae698bd8f2772daf46cb096ca3d880105fdac67bd036b547c
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 31 Jul 2024 14:25:56 GMT
content-encoding
gzip
x-cs-bucket
van-ass-prod
x-content-type-options
nosniff
via
1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
x-amz-cf-pop
IAD61-P1
age
431576
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
x-ftr-backend
van-prod
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-ftr-balancer
web-http-proxy-prod-02
x-ftr-request-id
00000000000000000000FFFF40FC43B3:D94A_00000000000000000000FFFFB971193B:01BB_66AA4973_38B588:6C9A7
referrer-policy
no-referrer-when-downgrade
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
http.van-prod
cache-control
max-age=2592000, public
permissions-policy
interest-cohort=()
x-smartersafe-version
x-amz-cf-id
Oo0FT5EtpHVEk8vJszGjmm0lU6aHtUTqeKJEqtuYzNIEt3wNeTzPiQ==
future.adtech.freyr.v1.PageViewEvent
eventsproxy.gargantuan.futureplc.com/ 		512 B
604 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://eventsproxy.gargantuan.futureplc.com/future.adtech.freyr.v1.PageViewEvent
Requested by
Host: freyr.futurecdn.net
URL: https://freyr.futurecdn.net/freyr.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.17.165.159 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-165-159.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
0d8b03841765702006ffe3ba5f085de99f7c3c9c14961993adf59caa39075e86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
br
x-svc-go-version
-
x-svc-env
prod
x-svc-name
gargantuan-proxy
vary
Origin
x-ratelimit-remaining
1758
content-type
application/json
access-control-allow-origin
*
x-ratelimit-reset
1722867534
x-ratelimit-limit
2000
x-svc-version
-
x-svc-build-time
-
hybrid_id
ads.servebom.com/ 		43 B
495 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servebom.com/hybrid_id
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:d000:12:b587:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
bbd217605911cc0bebff1b15f7ac0386666e262e76f0ab47f90586c21c2fec26

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
gzip
via
1.1 556ef92964692e27cf8626ac501230e4.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://www.itpro.com
access-control-allow-credentials
true
content-length
68
x-amz-cf-id
3LwBVEVQgYx2ie9eoGnoVuZKiqHCT1_Q1FilouYSAJcJALzq9jIuAw==
/
sommelier.futurehybrid.tech/config/ 		15 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sommelier.futurehybrid.tech/config/?r=516&tpl=article&l=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&sw=1600
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.225.45.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-45-248.compute-1.amazonaws.com
Software
/
Resource Hash
49d6042db392c2587273c4f7ba9b2bd47767f982ed9ac49b22222df081cbf055
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 05 Aug 2024 14:18:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
br
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json
translations.php
search-api.fie.futurecdn.net/ 		33 KB
10 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/translations.php?language=en-US
Requested by
Host: search-api.fie.futurecdn.net
URL: https://search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/responsive.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
37605b73e3f8c754340c086d05c5b2db0f5fbd1a66d19af0fc6f9cb27d8920c3
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
br
x-hawk-country
strict-transport-security
max-age=31557600
via
1.1 varnish, 1.1 varnish
age
1023
x-hawk-area
US
x-ftr-dc
uk-lon1
x-cache
HIT, HIT
x-ftr-realm
pip
x-ftr-backend
fie-api
x-ftr-cache-status
HIT
content-length
9826
x-ftr-expires
Mon, 05 Aug 2024 14:21:49 GMT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-ftr-balancer
hawk-proxy-185-113-25-40
x-served-by
cache-lon420133-LON, cache-mia-kmia1760035-MIA
x-ftr-request-id
00000000:FC33_00000000:01BB_66B0DB4C_342219:481C
x-timer
S1722867533.009733,VS0,VE0
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8;
access-control-allow-origin
*
x-ftr-backend-server
fievarnishprodred
cache-control
max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area
x-cache-hits
9, 24
/
p1.parsely.com/plogger/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p1.parsely.com/plogger/?rand=1722867533015&plid=09ffb907-5c3d-4ec3-b3ae-efd469ca849b&idsite=itpro.com&url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22parsely%3Ametadata-detection%22%3A%7B%22version%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%22%2C%22hash%22%3A-2031009286%7D%7D&sid=1&surl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&sref=&sts=1722867533008&slts=0&title=Researchers+discover+%E2%80%9Chighly+sophisticated%E2%80%99+operation+using+a+3%2C000-strong+network+of+ghost+accounts+to+spread+malware+on+GitHub+%7C+ITPro&date=Mon+Aug+05+2024+04%3A18%3A53+GMT-1000+(Hawaii-Aleutian+Standard+Time)&action=pageview&pvid=2c530acb-0ced-454b-92a6-d879a9b349f0&u=pid%3D763b9ef5-355a-4d71-b7b5-b574197a838c
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-205-167-202.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Mon, 05 Aug 2024 14:18:53 GMT
Cache-Control
no-cache
Last-Modified
Monday, 05-Aug-2024 14:18:53 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
meta-data
cdn.privacy-mgmt.com/wrapper/v2/ 		448 B
984 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.privacy-mgmt.com/wrapper/v2/meta-data?hasCsp=true&accountId=200&env=prod&metadata=%7B%22gdpr%22%3A%7B%7D%2C%22usnat%22%3A%7B%7D%7D&propertyId=30869&scriptVersion=4.25.1&scriptType=unified
Requested by
Host: cdn.privacy-mgmt.com
URL: https://cdn.privacy-mgmt.com/unified/wrapperMessagingWithoutDetection.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-102.jfk52.r.cloudfront.net
Software
/ Express
Resource Hash
6bb4a1fe808501538539c64ace6de2d6fddcb6a5d6aac5bd14f653ccd5a43c14
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:06:06 GMT
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 e4063174e49a72dbf23ed047ff7d7c56.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
age
767
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
448
vary
Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600, s-maxage=3600
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, SP_SCRIPT_VERSION
x-amz-cf-id
sFv98WhIqB-o-SABuxco2azblXy8FZLbohUuq70QDou1SIFE82wEDA==
js
www.googletagmanager.com/gtag/ 		275 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-E36MVD1BQT&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WWBWRXL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
11ef079071a94b04e7cc8553580e7dc6e317a69271049189d430773e38402f94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
96166
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 05 Aug 2024 14:18:53 GMT
gtm.js
www.googletagmanager.com/ 		237 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-57QFK3GJ&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WWBWRXL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b2afc2c1faf59499c12b6a353d1e641eed775513414bd987d30613882bdba200
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
83123
x-xss-protection
0
last-modified
Mon, 05 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Aug 2024 14:18:53 GMT
gtm.js
www.googletagmanager.com/ 		225 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WHLXGS3C&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WWBWRXL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c3236e846411a9b946b91f7ba04d4625b9d2946c11de3976940b849f2b0fd964
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79191
x-xss-protection
0
last-modified
Mon, 05 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Aug 2024 14:18:53 GMT
/
r.skimresources.com/api/ 		149 B
363 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.skimresources.com/api/?persistence=1&xguid=01BT2SNRZKMTD96W8181AS0KKC&data={%22pubcode%22:%2292X363%22,%22domains%22:[%22itpro.com%22,%22futureplc.com%22],%22page%22:%22https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc%22}&checksum=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Requested by
Host: search-api.fie.futurecdn.net
URL: https://search-api.fie.futurecdn.net/hl/es6/hawklinks.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
101.59.190.35.bc.googleusercontent.com
Software
openresty/1.19.9.1 /
Resource Hash
41e08f9d9fbbcde37eedbba3e8254585d117f4578551a09eb681ed6a91cd7989
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
server
openresty/1.19.9.1
via
1.1 google
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.itpro.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
collect
www.google-analytics.com/j/ 		3 B
207 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1413626687&t=pageview&_s=1&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&ul=en-us&de=UTF-8&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABBAQCACAAI~&jid=219046493&gjid=516001461&cid=1843726432.1722867533&tid=UA-1011119-1&_gid=430158571.1722867533&_slc=1&cd57=null&cd40=Malware&cd41=GitHub%7CGhost%7CDiscord%7CResearch%7CFraction&cd42=Check_Point&cd43=Checkmarx%7CSoftware&cd45=Malware&cd46=Cyber_Crime&cd47=Researchers_discover_highly_sophisticated_operation_using_a_3000-strong_network_of_ghost_accounts_to_spread_malware_on_GitHub&cd50=5&cd51=false&cd58=Cyber_Crime&cd74=&cd13=false&cd10=EN-US&cd5=isNAebwboJikNSvfuqhMB6&cd7=solomon_klappholz&cd99=0&cd128=25-07-2024&cd1=news&cd2=&cd3=cyber-crime%7Csecurity&cd6=%7Cserversidehawk&cd8=25-07-2024&cd27=1024514&cd33=text%2Ctext%2Ctext%2Cembed%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Cheading%2Ctext%2Ctext%2Ctext%2Ctext%2Cboxout%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext&cd53=2024-07-25T11%3A06%3A14Z&cd61=pageLoad&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS&cd134=serversidehawk&cd31=10&cd30=4g&z=1990876690
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0e::64 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
345 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1011119-1&cid=1843726432.1722867533&jid=219046493&gjid=516001461&_gid=430158571.1722867533&_u=YGBAgEABBAQCAGAAI~&z=2021244630
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0f::9b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 05 Aug 2024 14:18:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
messages
cdn.privacy-mgmt.com/wrapper/v2/ 		33 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.privacy-mgmt.com/wrapper/v2/messages?hasCsp=true&env=prod&body=%7B%22accountId%22%3A200%2C%22campaignEnv%22%3A%22prod%22%2C%22campaigns%22%3A%7B%22gdpr%22%3A%7B%22consentStatus%22%3A%7B%7D%2C%22targetingParams%22%3A%7B%7D%7D%2C%22usnat%22%3A%7B%22consentStatus%22%3A%7B%7D%2C%22hasLocalData%22%3Afalse%2C%22targetingParams%22%3A%7B%7D%7D%7D%2C%22clientMMSOrigin%22%3A%22https%3A%2F%2Fcdn.privacy-mgmt.com%22%2C%22hasCSP%22%3Atrue%2C%22includeData%22%3A%7B%22localState%22%3A%7B%22type%22%3A%22string%22%7D%2C%22actions%22%3A%7B%22type%22%3A%22RecordString%22%7D%2C%22cookies%22%3A%7B%22type%22%3A%22RecordString%22%7D%7D%2C%22propertyHref%22%3A%22https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%22%7D&localState=null&metadata=%7B%22gdpr%22%3A%7B%22applies%22%3Afalse%7D%2C%22usnat%22%3A%7B%22applies%22%3Atrue%7D%7D&nonKeyedLocalState=null&ch=457177643460096976ee16455717689a4e0&scriptVersion=4.25.1&scriptType=unified
Requested by
Host: cdn.privacy-mgmt.com
URL: https://cdn.privacy-mgmt.com/unified/wrapperMessagingWithoutDetection.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-102.jfk52.r.cloudfront.net
Software
/ Express
Resource Hash
7424aa4394f94cbe1c3fd292f451890ac599d35ac8c63945ea802e02173505e6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
gzip
via
1.1 e4063174e49a72dbf23ed047ff7d7c56.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-cache
Miss from cloudfront
cache-control
max-age=0, s-maxage=1200
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, SP_SCRIPT_VERSION
x-amz-cf-id
QI8xxetpAzzm1C8RrBh6Yb0u-H-QuysvB1v_VAXHUmSHYlYFf53Yng==
YYRngYhb
cdn.jwplayer.com/v2/playlists/ 		13 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.jwplayer.com/v2/playlists/YYRngYhb
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/media/shared/js/jwplayer-carousel.ed7c5bb6f0cfd78330cc.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26c1:4600:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
0a9c619069f1c087616cd7968061e07fb84a8581bf0db804a12f761acce82ab6

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:16:53 GMT
content-encoding
gzip
via
1.1 5084a25d91022b55b5acf281581c6444.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
IAD61-P1
age
120
x-cache
Hit from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-robots-tag
noindex, indexifembedded
content-length
2145
x-amz-cf-id
8UFfHTTtWq6JCvF-NiD716tu96hZi1l-NsoIsKTwFjweXb8pvIXJlw==
expires
Mon, 05 Aug 2024 14:19:13
services
sr.studiostack.com/v3/ 		25 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sr.studiostack.com/v3/services
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.49.104.19 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0f9f2b7abd847cbb4d71e7d6752dd3babe0e4d9ee7484d54895f16649e10b1fc

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

request-context
appId=cid-v1:c374023b-8354-459d-b51b-039919730c2c
Pragma
no-cache
Date
Mon, 05 Aug 2024 14:18:53 GMT
Access-Control-Allow-Methods
GET, POST, OPTIONS, HEAD, PUT
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
26058
Expires
0
widget.php
search-api.fie.futurecdn.net/ 		4 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/widget.php?model_name=TechRadar%20Magazines&article_type=news&article_category=retail&language=en-US&site=ITPRO&filter_product_types=deals%2Csubscriptions&rows=1&device=desktop&origin=widgets-clientside
Requested by
Host: search-api.fie.futurecdn.net
URL: https://search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/responsive.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b80d4438d584e151205637babaa8844efa1bb34e509041251f5fa1a3952ebaf0
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
br
x-hawk-country
strict-transport-security
max-age=31557600
via
1.1 varnish, 1.1 varnish
age
1287
x-hawk-area
US
x-ftr-dc
uk-lon1
x-cache
HIT, HIT
x-ftr-realm
pip
x-ftr-backend
fie-api
x-ftr-cache-status
HIT
content-length
1258
x-ftr-expires
Mon, 05 Aug 2024 14:17:26 GMT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-ftr-balancer
hawk-proxy-185-113-25-40
x-served-by
cache-lon4228-LON, cache-mia-kmia1760035-MIA
x-ftr-request-id
00000000:3B3E_00000000:01BB_66B0DA4A_34095D:481C
x-timer
S1722867533.244856,VS0,VE3
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8;
access-control-allow-origin
*
x-ftr-backend-server
fievarnishprodwhite
cache-control
max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
access-control-allow-credentials
true
x-resp-is-stale
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area
x-cache-hits
1, 0
aWeJUC35.js
content.jwplatform.com/libraries/ 		124 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.jwplatform.com/libraries/aWeJUC35.js
Requested by
Host: vanilla.futurecdn.net
URL: https://vanilla.futurecdn.net/itpro/media/shared/js/jwplayer-carousel.ed7c5bb6f0cfd78330cc.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2209:7000:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
89853af5b5821e5f1e73013d54934372728a19bba75d7bd5c42c0829d0c3cbaa

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:16:19 GMT
content-encoding
gzip
via
1.1 9d35ce6897d7f02042955443076a54de.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
EWR53-P1
age
154
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=180
x-robots-tag
noindex, indexifembedded
content-length
46695
x-amz-cf-id
P4kosaR-uE39Qx2At2OkmjSuuIi6rhg__Gc7vQzu-J06UVbWeYw04Q==
collect
www.google-analytics.com/ 		35 B
132 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1413626687&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&ul=en-us&de=UTF-8&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=jwplayer&ea=jwplayerVideoPresent&_u=aGBAgEABBAQCAGAAI~&jid=&gjid=&cid=1843726432.1722867533&tid=UA-1011119-1&_gid=430158571.1722867533&cd57=null&cd40=Malware&cd41=GitHub%7CGhost%7CDiscord%7CResearch%7CFraction&cd42=Check_Point&cd43=Checkmarx%7CSoftware&cd45=Malware&cd46=Cyber_Crime&cd47=Researchers_discover_highly_sophisticated_operation_using_a_3000-strong_network_of_ghost_accounts_to_spread_malware_on_GitHub&cd50=5&cd51=false&cd58=Cyber_Crime&cd74=&cd13=false&cd10=EN-US&cd5=isNAebwboJikNSvfuqhMB6&cd7=solomon_klappholz&cd99=0&cd128=25-07-2024&cd1=news&cd2=&cd3=cyber-crime%7Csecurity&cd6=%7Cserversidehawk&cd8=25-07-2024&cd27=1024514&cd33=text%2Ctext%2Ctext%2Cembed%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Cheading%2Ctext%2Ctext%2Ctext%2Ctext%2Cboxout%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext&cd53=2024-07-25T11%3A06%3A14Z&cd61=pageLoad&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS&cd134=serversidehawk&cd31=10&cd30=4g&z=1846829579
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0e::64 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 03:23:03 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
39350
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1413626687&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&ul=en-us&de=UTF-8&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=future_id&ea=set%20hybrid_id&el=&_u=aGBAgEABBAQCAGAAI~&jid=&gjid=&cid=1843726432.1722867533&tid=UA-1011119-1&_gid=430158571.1722867533&cd57=null&cd40=Malware&cd41=GitHub%7CGhost%7CDiscord%7CResearch%7CFraction&cd42=Check_Point&cd43=Checkmarx%7CSoftware&cd45=Malware&cd46=Cyber_Crime&cd47=Researchers_discover_highly_sophisticated_operation_using_a_3000-strong_network_of_ghost_accounts_to_spread_malware_on_GitHub&cd50=5&cd51=false&cd58=Cyber_Crime&cd74=&cd13=false&cd10=EN-US&cd5=isNAebwboJikNSvfuqhMB6&cd7=solomon_klappholz&cd99=0&cd128=25-07-2024&cd1=news&cd2=&cd3=cyber-crime%7Csecurity&cd6=%7Cserversidehawk&cd8=25-07-2024&cd27=1024514&cd33=text%2Ctext%2Ctext%2Cembed%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Cheading%2Ctext%2Ctext%2Ctext%2Ctext%2Cboxout%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext&cd53=2024-07-25T11%3A06%3A14Z&cd61=pageLoad&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS&cd134=serversidehawk&cd31=10&cd30=4g&cd77=B2167199D88D4351A8D4D8CA17E65824&z=2128966488
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.85.144.101 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
qv-in-f101.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 02:02:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
44202
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1413626687&t=event&ni=1&_s=4&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&ul=en-us&de=UTF-8&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=hybrid&ea=ab%20test%20initiated&el=ads%20placement&_u=aGBAgEABBAQCAGAAI~&jid=&gjid=&cid=1843726432.1722867533&tid=UA-1011119-1&_gid=430158571.1722867533&cd57=null&cd40=Malware&cd41=GitHub%7CGhost%7CDiscord%7CResearch%7CFraction&cd42=Check_Point&cd43=Checkmarx%7CSoftware&cd45=Malware&cd46=Cyber_Crime&cd47=Researchers_discover_highly_sophisticated_operation_using_a_3000-strong_network_of_ghost_accounts_to_spread_malware_on_GitHub&cd50=5&cd51=false&cd58=Cyber_Crime&cd74=&cd13=false&cd10=EN-US&cd5=isNAebwboJikNSvfuqhMB6&cd7=solomon_klappholz&cd99=0&cd128=25-07-2024&cd1=news&cd2=&cd3=cyber-crime%7Csecurity&cd6=%7Cserversidehawk&cd8=25-07-2024&cd27=1024514&cd33=text%2Ctext%2Ctext%2Cembed%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Cheading%2Ctext%2Ctext%2Ctext%2Ctext%2Cboxout%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext&cd53=2024-07-25T11%3A06%3A14Z&cd61=pageLoad&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS&cd134=serversidehawk&cd31=10&cd30=4g&cd26=%7B%22origin%22%3A%22hybrid%22%2C%22t_name%22%3A%22AdaptMX%20Bidder%202%22%2C%22t_id%22%3A%2237%22%2C%22v_id%22%3A%221%22%2C%22v_name%22%3A%22control%22%7D&z=1210312412
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.85.144.101 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
qv-in-f101.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 02:02:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
44202
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1413626687&t=event&ni=1&_s=5&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&ul=en-us&de=UTF-8&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=hybrid&ea=ab%20test%20initiated&el=ads%20placement&_u=aGBAgEABBAQCAGAAI~&jid=&gjid=&cid=1843726432.1722867533&tid=UA-1011119-1&_gid=430158571.1722867533&cd57=null&cd40=Malware&cd41=GitHub%7CGhost%7CDiscord%7CResearch%7CFraction&cd42=Check_Point&cd43=Checkmarx%7CSoftware&cd45=Malware&cd46=Cyber_Crime&cd47=Researchers_discover_highly_sophisticated_operation_using_a_3000-strong_network_of_ghost_accounts_to_spread_malware_on_GitHub&cd50=5&cd51=false&cd58=Cyber_Crime&cd74=&cd13=false&cd10=EN-US&cd5=isNAebwboJikNSvfuqhMB6&cd7=solomon_klappholz&cd99=0&cd128=25-07-2024&cd1=news&cd2=&cd3=cyber-crime%7Csecurity&cd6=%7Cserversidehawk&cd8=25-07-2024&cd27=1024514&cd33=text%2Ctext%2Ctext%2Cembed%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Cheading%2Ctext%2Ctext%2Ctext%2Ctext%2Cboxout%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext&cd53=2024-07-25T11%3A06%3A14Z&cd61=pageLoad&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS&cd134=serversidehawk&cd31=10&cd30=4g&cd26=%7B%22origin%22%3A%22hybrid%22%2C%22t_name%22%3A%22Hybrid%20Floor%20model%22%2C%22t_id%22%3A%2236%22%2C%22v_id%22%3A%22132%22%2C%22v_name%22%3A%22Model_3_0_main%22%7D&z=227613568
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.85.144.101 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
qv-in-f101.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 02:02:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
44202
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		319 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-H58Q5KTB4D&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57QFK3GJ&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.175.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qs-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
5461b1d41e5f2c9c21787567406a5f7ae036429cf897ce0ea1deadd88d85ac99
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
107285
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 05 Aug 2024 14:18:53 GMT
seasonal.js
search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/ 		133 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/seasonal.js
Requested by
Host: search-api.fie.futurecdn.net
URL: https://search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/responsive.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
eed45bc78331db47c765e5894d92cfe69fd02d5c8cc6d8eaca73dd6e155dc0c0
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
br
x-hawk-country
strict-transport-security
max-age=31557600
via
1.1 varnish, 1.1 varnish
age
759
x-hawk-area
US
x-ftr-dc
uk-lon1
x-cache
HIT, HIT
x-ftr-realm
pip
x-ftr-backend
fie-assets
x-ftr-cache-status
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-ftr-expires
Mon, 05 Aug 2024 12:46:10 GMT
x-ftr-balancer
hawk-proxy-185-113-25-40
x-served-by
cache-lon420084-LON, cache-mia-kmia1760095-MIA
x-ftr-request-id
00000000:5970_00000000:01BB_66B0C4E1_31BB53:481C
last-modified
Mon, 05 Aug 2024 10:38:13 GMT
x-timer
S1722867533.390326,VS0,VE0
etag
W/"66b0ab95-214e3"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-ftr-backend-server
fievarnishprodred
cache-control
max-age=1200, immutable, stale-if-error=172800, stale-while-revalidate=172800
content-length
29362
accept-ranges
bytes
x-cache-hits
20, 2
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-E36MVD1BQT&gtm=45je47v0v868801683z8896039803za200zb896039803&_p=1722867532336&_gaz=1&gcs=G111&gcd=13r3v3r3r5&npa=0&dma=0&tcfd=10000&tag_exp=95250753&cid=1843726432.1722867533&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1722867533&sct=1&seg=0&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&tfd=1855
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-E36MVD1BQT&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-E36MVD1BQT&cid=1843726432.1722867533&gtm=45je47v0v868801683z8896039803za200zb896039803&aip=1&dma=0&gcs=G111&gcd=13r3v3r3r5&npa=0&frm=0&tag_exp=95250753
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-E36MVD1BQT&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0f::9b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
fbevents.js
connect.facebook.net/en_US/ 		225 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WHLXGS3C&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 05 Aug 2024 14:18:53 GMT
document-policy
force-load-at-top
content-security-policy-report-only
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'report-sample' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
x-fb-server-load
33
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58865
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=56, rtx=0, c=12, mss=1297, tbw=2807, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
ddGqdhzXO0OxXu0ipgaz7pH2/7hZyeUptfkeyNZ6chL0ON+g6dSgcPQaouqIqkh5ucojOKBHWPD1Cba+iYZqpw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
tag
btloader.com/
Redirect Chain
  • https://futureplc-com.videoplayerhub.com/galleryplayer.js
  • https://btloader.com/tag?h=futureplc-com&upapi=true
61 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://btloader.com/tag?h=futureplc-com&upapi=true
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2606:4700:10::ac43:293c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccbe4077d860a9ec0e19f0497ac298d734869158093b87d6541e551653663180

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
gzip
via
1.1 google
cf-cache-status
HIT
last-modified
Mon, 05 Aug 2024 14:10:21 GMT
server
cloudflare
age
474
etag
"bd4816c995b92646d6f258ee1b9327a9"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
accept-ranges
bytes
cf-ray
8ae76b46e9ad7446-MIA
content-length
20407

Redirect headers

date
Mon, 05 Aug 2024 14:18:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OBEbfUHRAUGmMuroBZLNPznNjT1HZN4sfzg1gFJuFr3hWEFc7HMu5dKVI1roZ9Cv%2FOQTnIvCdnfWcCZSi8DhuOWuegHY2NQLRuh2oCB1ouXTAU%2BmOcocPIezH7tZN8%2FhYO78y%2FVfuFHh29rOdiD7eq1kf%2BMHXYPLf2S8qCzN"}],"group":"cf-nel","max_age":604800}
content-type
text/html
location
https://btloader.com/tag?h=futureplc-com&upapi=true
cache-control
max-age=3600
cf-ray
8ae76b45beb6220f-MIA
content-length
167
expires
Mon, 05 Aug 2024 15:18:53 GMT
tag.aspx
ml314.com/ 		38 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/tag.aspx?572024
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 13:41:56 GMT
via
1.1 google
content-encoding
br
age
2217
x-guploader-uploadid
AHxI1nNuAG5x38bgPAaJ8g8qV7ABjecm7PIAO5dJ0g82RRAtE8w0EiQdP7uV0hiS5jvhuPT2yVix_peDaQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12522
last-modified
Wed, 24 Jul 2024 19:30:50 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1721849450340665
x-goog-hash
crc32c=6sDw2Q==, md5=YyYW/xWCXwMKqzORpY7wQg==
content-type
application/javascript
cache-id
MIA-ebd516a
cache-control
public,max-age=3600
x-cache-hit
hit
x-goog-stored-content-length
39162
accept-ranges
bytes
itpro.js
cdn.brandmetrics.com/tag/62da25c406df470db725091722ab7306/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.brandmetrics.com/tag/62da25c406df470db725091722ab7306/itpro.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:45bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FL3Mq1oCz8oglcYueeP2hMxFBZVabc%2BnGYjvnO4l4GhpUjYohoA4GsIf2GWFa9fNHeIo%2FaiS1Qff9WYk%2FbhSd0SfUdIj0lMvLnPU5SEUEa8KPWvaWcmQOaFvF3byej0oDAA7ZZ70hMwax1WP5PPIs6aN"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=3600
cf-ray
8ae76b456caf8d96-MIA
content-length
0
request-context
appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937
px.js
p.cpx.to/p/12529/ 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p.cpx.to/p/12529/px.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.170.187 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-170-187.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ecb6d31ea3fde8d4409f0b5e0460b1f03fe509e2335c0b393afc4cab1bfa66ba

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
cache-control
public, max-age=7200
content-length
4879
content-type
application/javascript; charset=UTF-8
pushly-sdk.min.js
cdn.p-n.io/ 		273 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.p-n.io/pushly-sdk.min.js?domain_key=O1vS3tZ3j75TvQ97yYjEMx81qrHqpay9ZILu
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WHLXGS3C&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.103.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-103-73.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c54e64c138c879df18329f8aaf8d7e0b02fe28492ca1014ac3bc6bfeb4ce7f5a

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:17:40 GMT
content-encoding
gzip
via
1.1 d640ec12547ee097cb75dd5bdc8787b8.cloudfront.net (CloudFront)
last-modified
Tue, 30 Jul 2024 15:10:31 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P1
age
74
x-amz-server-side-encryption
AES256
etag
W/"1a6fc3392ec174868adc7c35b4896f26"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
3PPw8VyzRIcO8VynkMMLRYolrPB5Ld5JRo-HXgZViLTj4tWdchtJ4g==
adsm.macro.itpro.com.js
functions.adnami.io/api/macro/ 		23 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://functions.adnami.io/api/macro/adsm.macro.itpro.com.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57QFK3GJ&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:9::17cd:6986 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6243c43f81a5f45b6c9de57f1f4e4e17f2765348726d8d9835ea7226d0c36f09

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-type
text/javascript
date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
br
cache-control
max-age=11202
content-length
4712
request-context
appId=cid-v1:facaa1ec-d085-46dd-8784-a70b3579a97b
hit.gif
uk-script.dotmetrics.net/ 		43 B
707 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uk-script.dotmetrics.net/hit.gif?id=12368&url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&dom=www.itpro.com&r=1722867533600&pvs=1&ecid=c325fa7f-3402-4dd8-9975-6fa76d3b2353&c=true&tzOffset=600&doorUrl=http%3a%2f%2fuk-script.dotmetrics.net%2fdoor.js%3fd%3dwww.itpro.com%26t%3ditprous&dfph=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-91.jfk52.r.cloudfront.net
Software
Kestrel /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
dotmetrics-hit-status
01 OK
via
1.1 def26d054ec95b961e8352e3cd4fae7e.cloudfront.net (CloudFront)
server
Kestrel
x-amz-cf-pop
JFK52-P3
x-cache
Miss from cloudfront
p3p
policyref="https://uk-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
content-type
image/gif
cache-control
no-cache
x-amz-cf-id
hySV0H8Y2Khu4Yb-jR1dgY4MWuHBjTIpshbhUuKF1qfUEnBWXbBFvw==
hit.gif
rm-script.dotmetrics.net/ 		807 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rm-script.dotmetrics.net/hit.gif?id=12368&url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&dom=www.itpro.com&r=1722867533600&pvs=1&pvid=c325fa7f-3402-4dd8-9975-6fa76d3b2353&c=true&tzOffset=600
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211c:de00:d:5ce3:a4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0eafa55998d0d61f477653cb15168105c06763c74aaebe8ff7e55da98457f030

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 07:32:28 GMT
via
1.1 ce6ac8bc6515892a00316a83f3713e1e.cloudfront.net (CloudFront)
last-modified
Tue, 18 Apr 2023 12:25:02 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P4
age
24385
x-amz-server-side-encryption
AES256
etag
"e4f758e6322c8f8abfa1f6eba71ee873"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/gif
cache-control
max-age=86400
accept-ranges
bytes
content-length
807
x-amz-cf-id
n2HVZEBIA-_CcZrPhB45L8QaGRWyFbNYqYTx5PaGzfnZwKgsdoLt0w==
pv-data
cdn.privacy-mgmt.com/wrapper/v2/ 		194 B
731 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.privacy-mgmt.com/wrapper/v2/pv-data?hasCsp=true&env=prod&ch=457177643460096976ee16455717689a4e0&scriptVersion=4.25.1&scriptType=unified
Requested by
Host: cdn.privacy-mgmt.com
URL: https://cdn.privacy-mgmt.com/unified/wrapperMessagingWithoutDetection.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-102.jfk52.r.cloudfront.net
Software
/ Express
Resource Hash
6bd6db6f127ab3a3eef137bf658ec38601d198d40e1e8c2e5096695e76be2b73
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 e4063174e49a72dbf23ed047ff7d7c56.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.itpro.com
x-cache
Miss from cloudfront
cache-control
no-cache, no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, SP_SCRIPT_VERSION
content-length
194
x-amz-cf-id
GCh1Lhp31hQu_5qrcdD-CZuCmWp5rVUSlPk7q-ahtb3RD4YKzCxkCw==
pv-data
cdn.privacy-mgmt.com/wrapper/v2/ 		193 B
729 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.privacy-mgmt.com/wrapper/v2/pv-data?hasCsp=true&env=prod&ch=457177643460096976ee16455717689a4e0&scriptVersion=4.25.1&scriptType=unified
Requested by
Host: cdn.privacy-mgmt.com
URL: https://cdn.privacy-mgmt.com/unified/wrapperMessagingWithoutDetection.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-102.jfk52.r.cloudfront.net
Software
/ Express
Resource Hash
bc5c66d8ce81c568a102a794e09d7899dd322513e6c886ff16bda027e96a9d0b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 e4063174e49a72dbf23ed047ff7d7c56.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P4
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.itpro.com
x-cache
Miss from cloudfront
cache-control
no-cache, no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, SP_SCRIPT_VERSION
content-length
193
x-amz-cf-id
vZNxetbDqNkagYOmWoAjrQcFMnNbMo1jofuqhDPqnOoci3fF9X2fcw==
pv-data
cdn.privacy-mgmt.com/wrapper/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cdn.privacy-mgmt.com/wrapper/v2/pv-data?hasCsp=true&env=prod&ch=457177643460096976ee16455717689a4e0&scriptVersion=4.25.1&scriptType=unified
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-102.jfk52.r.cloudfront.net
Software
/ Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.itpro.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin,X-Requested-With,Content-Type,Accept,Authorization,SP_SCRIPT_VERSION
access-control-allow-methods
GET, PUT, POST, DELETE
access-control-allow-origin
https://www.itpro.com
allow
POST
cache-control
no-cache, no-store
content-length
4
content-type
text/html; charset=utf-8
date
Mon, 05 Aug 2024 14:18:53 GMT
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
via
1.1 e4063174e49a72dbf23ed047ff7d7c56.cloudfront.net (CloudFront)
x-amz-cf-id
5LNr5YcrvwHfs9bbSAPkK2FWMW6M7oVeMUe7Zsz7wdg9mS4MM70V3g==
x-amz-cf-pop
JFK52-P4
x-cache
Miss from cloudfront
x-powered-by
Express
pv-data
cdn.privacy-mgmt.com/wrapper/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cdn.privacy-mgmt.com/wrapper/v2/pv-data?hasCsp=true&env=prod&ch=457177643460096976ee16455717689a4e0&scriptVersion=4.25.1&scriptType=unified
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-102.jfk52.r.cloudfront.net
Software
/ Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.itpro.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin,X-Requested-With,Content-Type,Accept,Authorization,SP_SCRIPT_VERSION
access-control-allow-methods
GET, PUT, POST, DELETE
access-control-allow-origin
https://www.itpro.com
allow
POST
cache-control
no-cache, no-store
content-length
4
content-type
text/html; charset=utf-8
date
Mon, 05 Aug 2024 14:18:53 GMT
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
via
1.1 e4063174e49a72dbf23ed047ff7d7c56.cloudfront.net (CloudFront)
x-amz-cf-id
wODDsytvZ8PXNqAN7tFVf-a2zELcPoeReqe3dUdhfd-O9tXqogWdmA==
x-amz-cf-pop
JFK52-P4
x-cache
Miss from cloudfront
x-powered-by
Express
pxid
6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co/v2.0/ 		46 B
384 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co/v2.0/pxid?k=253158cc-875d-4ed4-a52d-e954eca49313
Requested by
Host: 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
URL: https://6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.9.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
51.9.241.35.bc.googleusercontent.com
Software
Permutive /
Resource Hash
59f7659a7cd0191598c55aa1dd2fa4e2aee514e90b0b23ba196320b53b90d0a1

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.itpro.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66
getuidj
ib.adnxs.com/ 		11 B
699 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Requested by
Host: 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
URL: https://6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.186 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:53 GMT
an-x-request-uuid
6a2f4d2b-fc06-4cdd-a1c7-b0adb14dc065
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.itpro.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
38.132.118.77; 38.132.118.77; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
11
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
script.js
cadmus.script.ac/d4el4parm0zb3/ 		149 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cadmus.script.ac/d4el4parm0zb3/script.js
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1791 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
194eb999d56264c8f26af2eb08cc4c98580340e0baca419e5e268d22ac9e347f

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
gzip
last-modified
Fri, 02 Aug 2024 21:42:53 GMT
server
cloudflare
age
0
etag
W/"9670016057deb0b8f4d4003b702d5cdd72c7787b"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=600,stale-while-revalidate=3600,stale-if-error=86400
cf-ray
8ae76b45e840a669-MIA
apstag.js
c.amazon-adsystem.com/aax2/ 		312 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.115.149 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-115-149.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a3d75a7384786eebcf308b73a246c5968160a1ee0e3be87f45a260a6ee470062

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 13:33:02 GMT
content-encoding
gzip
via
1.1 738984066968793a5714282f49fe0ab8.cloudfront.net (CloudFront), 1.1 153c5cd2b3e635613d0a2fa0f107993a.cloudfront.net (CloudFront)
last-modified
Wed, 24 Jul 2024 20:38:56 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-C3, JFK50-P3
age
2752
x-amz-server-side-encryption
AES256
etag
W/"79480ed28fde4e52bf9a0d67f07f1113"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
pFE28Qj11UxCl5UCFsRK0q4R2nyqaXnuZmFasrpNWqSM8C7bYHe1Ww==
euid-sdk-1.0.0.js
prod.euid.eu/static/js/ 		14 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://prod.euid.eu/static/js/euid-sdk-1.0.0.js
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.134.80.43 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-80-43.eu-west-2.compute.amazonaws.com
Software
/
Resource Hash
10b769db125b250bdbec1755cfb52c99fea004acab591b6e59b08b78a6d5d3e9

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
cache-control
public, immutable, max-age=86400
last-modified
Thu, 30 Nov 2023 00:22:41 GMT
accept-ranges
bytes
content-length
14327
vary
origin
content-type
text/javascript;charset=UTF-8
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		99 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
cafe /
Resource Hash
5f031a666ebc2f33c4bea0995a53a57a8689037e75d71953f4813cce65f15a6c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31814
x-xss-protection
0
server
cafe
etag
206 / 19940 / 31085846 / config-hash: 6954663106322715993
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 05 Aug 2024 14:18:53 GMT
iasPET.1.js
cdn.adsafeprotected.com/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adsafeprotected.com/iasPET.1.js
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-71.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Fri, 26 Jul 2024 21:11:47 GMT
Content-Encoding
gzip
Via
1.1 368bc8b1f5073a6f7cdb40029e9a5a88.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
JFK50-P8
Age
839227
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Wed, 26 Jun 2024 21:11:12 GMT
Server
AmazonS3
ETag
W/"51636de3ce868a2172f9e6996c2934e0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=2592000
X-Amz-Cf-Id
CTg402Q4iyY5hRWW6l2PhyzMILtJfsq5pM_wTPxyDL_S-8dsbNFl_A==
ats.js
ats-wrapper.privacymanager.io/ats-modules/f49514fe-dcca-4424-be6a-9f85d01f1ce1/ 		278 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ats-wrapper.privacymanager.io/ats-modules/f49514fe-dcca-4424-be6a-9f85d01f1ce1/ats.js
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-119.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
be5f1e4652adca75be58c899628da63a9c080eb32eec72a872b85d49577be768

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
dwyOguDFHh5Nb3Td6bOLjSoh8oyNYTJC
content-encoding
gzip
via
1.1 23e7aee2c1da825ba7d0bf0266366110.cloudfront.net (CloudFront)
date
Mon, 05 Aug 2024 14:09:21 GMT
last-modified
Fri, 02 Aug 2024 12:35:12 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P5
age
574
x-amz-server-side-encryption
AES256
etag
W/"b1effc18a62420d25ae6394b29c4793c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
must-revalidate,public,max-age=3600
x-amz-cf-id
WwekBSvriq8qjzC_SUd6FP7H0FeViYrKhF6T-1fGVVj4PmTD1mpBxw==
default.2cf6120ed74a3e25f4a3.js
bordeaux.futurecdn.net/ 		181 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/default.2cf6120ed74a3e25f4a3.js
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:5400:5:a6be:f9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6fece802a06166bb5e303ec7c5db1a3b202117dcc50f793ecf0533d84351de80

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
ac2rPlfuyyc3k6ybbNmVwWdrh0JZGPxt
content-encoding
gzip
x-amz-meta-bordeaux-version
5.54.0
date
Mon, 05 Aug 2024 14:15:50 GMT
last-modified
Thu, 01 Aug 2024 13:44:23 GMT
server
AmazonS3
via
1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
etag
W/"83c6b005e914dd8697091c211cb76557"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
184
x-amz-cf-id
VUTol-5ACY49LO-8rCG4BxirE0dJ8ym0BC4XXITyu0Zc5xM9bn5Vng==
[request].d40cf3660e58aff6206f.js
bordeaux.futurecdn.net/ 		205 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/[request].d40cf3660e58aff6206f.js
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:5400:5:a6be:f9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
08c49b44d7d93f860cbf32d3161044a15afe10f55e6d5ee7b7a6ade68a7d3a09

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
VIiXLkWeWuQlrTj2v3tqWlh8TJxr0jdo
content-encoding
gzip
x-amz-meta-bordeaux-version
5.54.0
date
Mon, 05 Aug 2024 13:50:03 GMT
last-modified
Thu, 01 Aug 2024 13:44:19 GMT
server
AmazonS3
via
1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
etag
W/"3913f5c1bb8475d2310f4f3c9f8fb79b"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
1731
x-amz-cf-id
y3fryae_mxPFUP-wnZyzMspEfbTEDBm_D1zrtkLQNfqmPDrmZ75Mvw==
776eda21-6ffa-450f-bac1-7ccbb2bff5c8.js
cdn.pbxai.com/ 		28 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pbxai.com/776eda21-6ffa-450f-bac1-7ccbb2bff5c8.js
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.19.207.34 Ashburn, United States, ASN60068 (CDN77 _, GB),
Reverse DNS
37-19-207-34.bunnyinfra.net
Software
BunnyCDN-ASB1-925 /
Resource Hash
8915d65325b84a23c52d8304389afb87cbfbf0c62aa9e5abb3680640a3befe2b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
br
via
1.1 0d9fa547d973207140747f5567b6a0fa.cloudfront.net (CloudFront)
x-amz-version-id
h.5AAplT3BtC019.SFNOlou7yDL3elIq
cdn-edgestorageid
925
age
217
x-amz-cf-pop
IAD61-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cdn-cachedat
08/05/2024 13:46:19
cdn-pullzone
2227704
last-modified
Mon, 05 Aug 2024 13:42:37 GMT
server
BunnyCDN-ASB1-925
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"919e2a5dcde430fe99259d09b5193347"
vary
Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
4a85839a-607a-4d8b-a11a-d8c0c2f0f828
cache-control
max-age=3600
cdn-requestid
8bf2b651719ff39f6a3d8c26a7bea426
cdn-requestcountrycode
US
x-amz-cf-id
lWB52_n9lC09ts9cyR43rYlFJPt4fQps-OZy9veTT-4tpRwipQDR5w==
cdn-status
200
cdn-requestpullsuccess
True
seasonal.min.css
search-api.fie.futurecdn.net/css/browser/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/ 		74 B
643 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/css/browser/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/seasonal.min.css
Requested by
Host: search-api.fie.futurecdn.net
URL: https://search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/itpro-site.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
61abfc5de5a0c0f86a2fcf857118cb9c9f5ab4feb35881b5d4e57fd3115c8122
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
br
x-hawk-country
strict-transport-security
max-age=31557600
via
1.1 varnish, 1.1 varnish
age
759
x-hawk-area
US
x-ftr-dc
uk-lon2
x-cache
HIT, HIT
x-ftr-realm
pip
x-ftr-backend
fie-assets
x-ftr-cache-status
MISS
content-length
58
x-ftr-expires
Mon, 05 Aug 2024 12:46:10 GMT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-ftr-balancer
hawkproxyprodred
x-served-by
cache-lon420089-LON, cache-mia-kmia1760071-MIA
x-ftr-request-id
00000000:3015_00000000:01BB_66B0C4DF_566EA8:2F5A
last-modified
Mon, 05 Aug 2024 10:38:13 GMT
x-timer
S1722867534.695450,VS0,VE1
etag
"66b0ab95-4a"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ftr-backend-server
fievarnishprodwhite
cache-control
max-age=1200, immutable, stale-if-error=172800, stale-while-revalidate=172800
accept-ranges
bytes
x-cache-hits
19, 1
seasonal.php
search-api.fie.futurecdn.net/ 		58 B
752 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/seasonal.php?article_type=news&article_category=retail&language=en-US&site=ITPRO&device=desktop&origin=widgets-clientside
Requested by
Host: search-api.fie.futurecdn.net
URL: https://search-api.fie.futurecdn.net/js/w/es6/16.82.0-f973f3a120753ce14db814f7555bffa435a94597/responsive.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
bb9455ed1c60692f1b1852805bf3225557b2a1db531843ce4434e710230e200b
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
br
x-hawk-country
strict-transport-security
max-age=31557600
via
1.1 varnish, 1.1 varnish
age
1281
x-hawk-area
US
x-ftr-dc
uk-lon1
x-cache
MISS, HIT
x-ftr-realm
pip
x-ftr-backend
fie-api
x-ftr-cache-status
HIT
content-length
54
x-ftr-expires
Mon, 05 Aug 2024 14:17:32 GMT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-ftr-balancer
hawk-proxy-185-113-25-40
x-served-by
cache-lon420097-LON, cache-mia-kmia1760035-MIA
x-ftr-request-id
00000000:6A2C_00000000:01BB_66B0DA52_1D0924:4819
x-timer
S1722867534.696906,VS0,VE2
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8;
access-control-allow-origin
*
x-ftr-backend-server
fievarnishprodwhite
cache-control
max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
access-control-allow-credentials
true
x-resp-is-stale
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area
x-cache-hits
0, 0
register-conversion
www.google-analytics.com/privacy-sandbox/
Redirect Chain
  • https://analytics.google.com/g/collect?v=2&tid=G-H58Q5KTB4D&gtm=45je47v0v9182436040z89184126532za200zb9184126532&_p=1722867532336&_gaz=1&gcs=G111&gcd=13r3v3r3r5&npa=0&dma=0&tcfd=10648&tag_exp=95250...
  • https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1843726432.1722867533&dbk=9989071995411533352&dma=0&en=page_view&gcs=G111&gtm=45je47v0v9182436040z89184126532za200zb918...
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1843726432.1722867533&dbk=9989071995411533352&dma=0&en=page_view&gcs=G111&gtm=45je47v0v9182436040z89184126532za200zb9184126532&npa=0&tid=G-H58Q5KTB4D&dl=https%3A%2F%2Fwww.itpro.com%3F
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Server
209.85.144.101 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
qv-in-f101.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
attribution-reporting-register-trigger
{"aggregatable_trigger_data":[{"key_piece":"0xacd8ed5480922f46","source_keys":["1"]},{"key_piece":"0x5fb218989916fe41","source_keys":["2","3","4"]}],"aggregatable_values":{"1":65,"2":65,"3":65,"4":6356},"debug_key":"9989071995411533352","debug_reporting":true,"event_trigger_data":[{"filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"}],"filters":{"2":["16609964706"],"5":["08-05","08-04","08-03"]}}
date
Mon, 05 Aug 2024 14:18:53 GMT
server
Golfe2
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:53 GMT
server
Golfe2
content-type
text/html; charset=UTF-8
location
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1843726432.1722867533&dbk=9989071995411533352&dma=0&en=page_view&gcs=G111&gtm=45je47v0v9182436040z89184126532za200zb9184126532&npa=0&tid=G-H58Q5KTB4D&dl=https%3A%2F%2Fwww.itpro.com%3F
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
494
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-H58Q5KTB4D&cid=1843726432.1722867533&gtm=45je47v0v9182436040z89184126532za200zb9184126532&aip=1&dma=0&gcs=G111&gcd=13r3v3r3r5&npa=0&frm=0&tag_exp=95250752
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-H58Q5KTB4D&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.62.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f157.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-E36MVD1BQT&gtm=45je47v0v868801683z8896039803za200zb896039803&_p=1722867532336&gcs=G111&gcd=13r3v3r3r5&npa=0&dma=0&tcfd=10000&tag_exp=95250753&cid=1843726432.1722867533&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&sid=1722867533&sct=1&seg=0&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&_s=2&tfd=2088
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-E36MVD1BQT&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1413626687&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&ul=en-us&de=UTF-8&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Affiliates&ea=Retail%20Promotion%20widget%20viewed&el=TechRadar%20Magazines&_u=6GDAAEABBAQCAGAAI~&jid=1280279744&gjid=1622123699&cid=1843726432.1722867533&tid=UA-1011119-1&_gid=430158571.1722867533&_r=1&cd40=Malware&cd41=GitHub%7CGhost%7CDiscord%7CResearch%7CFraction&cd42=Check_Point&cd43=Checkmarx%7CSoftware&cd45=Malware&cd46=Cyber_Crime&cd47=Researchers_discover_highly_sophisticated_operation_using_a_3000-strong_network_of_ghost_accounts_to_spread_malware_on_GitHub&cd50=5&cd58=Cyber_Crime&cd10=EN-US&cd5=isNAebwboJikNSvfuqhMB6&cd7=solomon_klappholz&cd99=0&cd128=25-07-2024&cd1=news&cd3=cyber-crime%7Csecurity&cd6=%7Cserversidehawk&cd8=25-07-2024&cd27=1024514&cd33=null&cd53=2024-07-25T11%3A06%3A14Z&cd61=pageLoad&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS&cd134=serversidehawk&cd31=10&cd30=4g&cd12=2351148&cd14=Magazines%20Direct&cd16=null&cd17=1&cd25=USD%2012.99&cd37=null&cd48=Technology%20Magazines&cd60=retail&cd65=rgb(255%2C%20255%2C%20255)&cd66=null&cd73=1389626125750686631&cd75=null&cd76=https%3A%2F%2Fwww.awin1.com%2Fawclick.php%3Fawinmid%3D2961%26awinaffid%3D103504%26clickref%3Ditpro-us-1389626125750686631%26p%3Dhttps%253A%252F%252Fwww.magazinesdirect.com%252Fcategories%252Ftech%252F&cd84=null&cd90=241998c4-f21b-4440-b357-a373979fdb0c&cd105=6539&cd111=null&cd115=appeared&cd116=null&cd117=null&cd118=null&cd122=null&cd124=null&cd125=null&cd161=null&cm1=2069&cm24=0&cm27=5704&z=1048699508
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.85.144.101 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
qv-in-f101.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
script.js
uk-script.dotmetrics.net/Scripts/ 		65 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uk-script.dotmetrics.net/Scripts/script.js?v=303
Requested by
Host: uk-script.dotmetrics.net
URL: https://uk-script.dotmetrics.net/door.js?d=www.itpro.com&t=itprous
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-91.jfk52.r.cloudfront.net
Software
Kestrel /
Resource Hash
dab16854c6bced29f94385160851d692d465e805f667b1feda6010a192cd71a0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:53 GMT
content-encoding
br
via
1.1 def26d054ec95b961e8352e3cd4fae7e.cloudfront.net (CloudFront)
last-modified
Wed, 24 Jul 2024 18:47:32 GMT
server
Kestrel
x-amz-cf-pop
JFK52-P3
etag
"1daddf9f0f5796a"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript
accept-ranges
bytes
x-amz-cf-id
MMrAPIum74zujh_ABAMUeiXOkVJdQJ9iISaHZh3CmdbeTZdHm4dXLA==
inference.js
ssl.p.jwpcdn.com/player/plugins/inference/v/0.7.1/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/plugins/inference/v/0.7.1/inference.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/libraries/aWeJUC35.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3b17f9af560b005fba3b568590792d952f2bd4a9e5cfe0357b0ecdd545ca16c

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
via
1.1 varnish
age
889065
x-cache
HIT
content-length
5464
x-served-by
cache-mia-kmia1760042-MIA
last-modified
Mon, 04 Oct 2021 07:39:43 GMT
server
AmazonS3
x-timer
S1722867534.045063,VS0,VE0
etag
"a777fcd9584e62f04dc53d548d8adb31"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000,immutable
accept-ranges
bytes
x-cache-hits
36243
googima.js
ssl.p.jwpcdn.com/player/v/8.34.5/ 		76 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.34.5/googima.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/libraries/aWeJUC35.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d022b9e5554fff3313f9f6b3e4aac94183daa7943183f529392334d59b01b9d0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
via
1.1 varnish
age
28173
x-cache
HIT
content-length
23029
x-served-by
cache-mia-kmia1760042-MIA
last-modified
Mon, 15 Jul 2024 22:45:12 GMT
server
AmazonS3
x-timer
S1722867534.045514,VS0,VE0
etag
"dcb5a6b48ca140428079ec125a229fb5"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400, immutable
accept-ranges
bytes
x-cache-hits
9115
jwpsrv.js
ssl.p.jwpcdn.com/player/v/8.34.5/ 		66 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.34.5/jwpsrv.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/libraries/aWeJUC35.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9f4c0014a4f36c11302077dc073ef529031ce3eebc04c0ca9bc1d7ea0ed95eca

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
via
1.1 varnish
age
644
x-cache
HIT
content-length
19879
x-served-by
cache-mia-kmia1760042-MIA
last-modified
Mon, 15 Jul 2024 22:45:13 GMT
server
AmazonS3
x-timer
S1722867534.045467,VS0,VE0
etag
"d7f3733c71441c1881fc4eabe9c96086"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=900, immutable
accept-ranges
bytes
x-cache-hits
496
jwplayer.core.controls.js
ssl.p.jwpcdn.com/player/v/8.34.5/ 		321 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.34.5/jwplayer.core.controls.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/libraries/aWeJUC35.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
60ba587021922d691624730f1d9faa7974c7e4f4f9cfc7a33a354d334bed2926

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
via
1.1 varnish
age
1062021
x-cache
HIT
content-length
86180
x-served-by
cache-mia-kmia1760042-MIA
last-modified
Mon, 15 Jul 2024 22:45:06 GMT
server
AmazonS3
x-timer
S1722867534.045490,VS0,VE0
etag
"6510d7affd80e4b580a98e325eaf95a0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
271119
provider.hlsjs.js
ssl.p.jwpcdn.com/player/v/8.34.5/ 		450 KB
137 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.34.5/provider.hlsjs.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/libraries/aWeJUC35.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d937c02b1de25e9efce6ce297994e1003a4d345c24bf1effe88efd6dcc130ccc

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
via
1.1 varnish
age
976926
x-cache
HIT
content-length
139649
x-served-by
cache-mia-kmia1760042-MIA
last-modified
Mon, 15 Jul 2024 22:45:09 GMT
server
AmazonS3
x-timer
S1722867534.045455,VS0,VE0
etag
"03e9a17ba5548f83f8bafe6f8e363a37"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
6397
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1413626687&t=event&ni=1&_s=6&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&ul=en-us&de=UTF-8&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=jwplayer&ea=jwplayerCodeFired&_u=6GDAgEABBAQCAGAAI~&jid=&gjid=&cid=1843726432.1722867533&tid=UA-1011119-1&_gid=430158571.1722867533&cd57=null&cd40=Malware&cd41=GitHub%7CGhost%7CDiscord%7CResearch%7CFraction&cd42=Check_Point&cd43=Checkmarx%7CSoftware&cd45=Malware&cd46=Cyber_Crime&cd47=Researchers_discover_highly_sophisticated_operation_using_a_3000-strong_network_of_ghost_accounts_to_spread_malware_on_GitHub&cd50=5&cd51=false&cd58=Cyber_Crime&cd74=&cd13=false&cd10=EN-US&cd5=isNAebwboJikNSvfuqhMB6&cd7=solomon_klappholz&cd99=0&cd128=25-07-2024&cd1=news&cd3=cyber-crime%7Csecurity&cd6=%7Cserversidehawk&cd8=25-07-2024&cd27=1024514&cd33=text%2Ctext%2Ctext%2Cembed%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Cheading%2Ctext%2Ctext%2Ctext%2Ctext%2Cboxout%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext&cd53=2024-07-25T11%3A06%3A14Z&cd61=pageLoad&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS&cd134=serversidehawk&cd31=10&cd30=4g&z=1703180104
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.85.144.101 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
qv-in-f101.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 02:02:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
44202
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.85.144.101 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
qv-in-f101.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
utsync.ashx
ml314.com/ 		684 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=51599&ct=js&pi=&fp=&clid=&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&pv=1722867533897_zz6l37lxb&bl=en-us&cb=5708839&return=&ht=&d=&dc=&si=1722867533897_zz6l37lxb&cid=&s=1600x1200&rp=&v=2.7.4.212
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?572024
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
78cf63050aab5064c8477ff0371ce5a9ca4723f60fcc7661227d9e51a56d22df

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:53 GMT
via
1.1 google
server
Google Frontend
content-type
application/javascript
p3p
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
ud.ashx
in.ml314.com/ 		20 B
482 B 		Script
General
Check archive.org
Download Go to
Full URL
https://in.ml314.com/ud.ashx?topiclimit=&cb=572024&v=2.7.4.212
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?572024
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.249.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-249-18.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Mon, 05 Aug 2024 14:18:54 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public
Connection
keep-alive
Content-Length
138
Expires
Tue, 06 Aug 2024 14:18:54 GMT
1a
i.clean.gg/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.itpro.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=utf-8
date
Mon, 05 Aug 2024 14:18:54 GMT
server
nginx/1.21.6
via
1.1 google
1a
i.clean.gg/ 		0
104 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
via
1.1 google
server
nginx/1.21.6
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
identify
api.permutive.com/v2.0/ 		50 B
88 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/identify?k=253158cc-875d-4ed4-a52d-e954eca49313
Requested by
Host: 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
URL: https://6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
1e17a6dc8969cceb1eda479ad962804096e5fffe36d11afd16e5bea8606d0360

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.itpro.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70
540347474949339
connect.facebook.net/signals/config/ 		64 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/540347474949339?v=2.9.164&r=stable&domain=www.itpro.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cd1f831f13f9c3a5cb508ec69a5d1164b2d14451a8cf174c4c40a2ff390e8140
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 05 Aug 2024 14:18:54 GMT
document-policy
force-load-at-top
x-fb-server-load
71
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
12903
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=55, rtx=0, c=66, mss=1297, tbw=64885, tp=-1, tpl=-1, uplat=2, ullat=-1
pragma
public
x-fb-debug
hOJ0hukWddvySgqOKrlqrjsnF4Q7pVR+2ZwQ2YhTtpmFofLnwA3ncnmJX7DTInufDuZh3dCz4OsmwTwiuO4zrg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
px.gif
ad-delivery.net/ 		43 B
915 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=2
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1755497
x-guploader-uploadid
ACJd0Nq4B4GHIgFXDlXYiHr5e525NuX9Tx34VecRzc7920YBDTMsbjDrdV0gAdsEFgFVokeRKSI
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XsfcJJbasw4ovA8jJnGD4IIh1eMUK1NJL4uoWp4jwiQlpH2Kpjj9hPFi8XvQ6OnIgtutw%2F4XYtXHCbA1cfo3SKn%2BRvEpzzGtZDSSrmQx44lg%2FyprAVB57%2B9KHosEzZMbqEQAwFaGdzezumbsVw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
8ae76b484dfe7445-MIA
expires
Tue, 16 Jul 2024 06:57:41 GMT
favicon.ico
ad.doubleclick.net/ 		1 KB
130 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.192.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f148.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 04 Aug 2024 20:41:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
63439
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
104
x-xss-protection
0
last-modified
Tue, 08 May 2012 13:08:06 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/x-icon
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 05 Aug 2024 20:41:35 GMT
px.gif
ad-delivery.net/ 		43 B
334 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.3105393192008925
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1755497
x-guploader-uploadid
ACJd0Nq4B4GHIgFXDlXYiHr5e525NuX9Tx34VecRzc7920YBDTMsbjDrdV0gAdsEFgFVokeRKSI
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IRrQsJHssnZTl4XyQvwSm7OQtsQCtuIdDka21hkBaI1PzoipY4uxcCuTtttXYhc8tazdO7HuOFM0S5LfQkdkNuZdGOBsPVT30oUw063wcLnkXizutGpEnW%2B4RqH30EE6gNrkyb1mWJLWuhc3rw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
8ae76b485e1d7445-MIA
expires
Tue, 16 Jul 2024 06:57:41 GMT
adsm.macro.rmb.js
macro.adnami.io/macro/gen/ 		88 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://macro.adnami.io/macro/gen/adsm.macro.rmb.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:5400:19::173e:e619 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e4abbc3005af062b731c906bfec2b31b765579ca4d8c6d23d0a72f2434a3495b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
br
last-modified
Fri, 02 Aug 2024 10:31:39 GMT
content-md5
VG5+3fEUYfgKonRiZkY/2A==
etag
0x8DCB2DE4AFBB1C0
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
752448f1-301e-003f-4bc7-e4d7f9000000
cache-control
max-age=13799
x-ms-version
2009-09-19
content-length
22043
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.115.149 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-115-149.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 04 Aug 2024 19:25:26 GMT
x-amz-version-id
r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
content-encoding
gzip
via
1.1 ed8dbde89917eaa6ca93ba7fad809c48.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P3
age
68009
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 29 Feb 2024 02:13:08 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
yrrUtv7gxnPHFsSYcesAa9b3lx6Z44qwqtylTXxtGIAEzZcZ0b3Efg==
3032
config.aps.amazon-adsystem.com/configs/ 		531 B
799 B 		Script
General
Check archive.org
Download Go to
Full URL
https://config.aps.amazon-adsystem.com/configs/3032
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.10.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-10-80.iad12.r.cloudfront.net
Software
CloudFront /
Resource Hash
42a2d7f8e26230c174e2161cafd897abd697f48e1b2782c865cb32b8cf78f4f9

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:14:25 GMT
via
1.1 4715507645a6516d2df35cd342cb5be0.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
IAD12-P3
age
269
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
content-length
531
x-amz-cf-id
ZhDgdqzCkQEshxcHcINu-mSNuH3o5G5oM_Q4cUSBQiqGUTLufkZVbw==
config
c.amazon-adsystem.com/cdn/prod/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3032&u=https%3A%2F%2Fwww.itpro.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.115.149 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-115-149.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
74e8b86216b20fe385a2f2ac89131510db9e9b604730c5d886b8f610ff13a53a

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 13:17:13 GMT
via
1.1 153c5cd2b3e635613d0a2fa0f107993a.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P3
age
3701
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.itpro.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
content-length
2148
x-amz-cf-id
rsUbY1a-H-txEmIopAzBEGwvKR0DKRX9jgGssTlWXmsemooGU0hLjA==
criteoBidAdapter.edd5e2f8576f2cbac611.js
bordeaux.futurecdn.net/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/criteoBidAdapter.edd5e2f8576f2cbac611.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:5400:5:a6be:f9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8db87868b4bd2378a58f4c9e9eaddefdb265d238a6c50cce918fa8a2dab49293

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
UXyWOtS2bIHOgyA0zVSn.O7PTbvIXkH3
content-encoding
gzip
x-amz-meta-bordeaux-version
5.54.0
date
Mon, 05 Aug 2024 14:12:20 GMT
last-modified
Thu, 01 Aug 2024 13:44:22 GMT
server
AmazonS3
via
1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
etag
W/"7379995fec6384df583238cb62ad558f"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
395
x-amz-cf-id
OreMON2ztkRRsjf5js_or8HuiFI-9HStQCn6E3uhHoESh9A-cV_yPA==
undertoneBidAdapter.8d2fb7608d569a84b7ac.js
bordeaux.futurecdn.net/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/undertoneBidAdapter.8d2fb7608d569a84b7ac.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:5400:5:a6be:f9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e47fc13411b2e45a4c572e1c210eaffbe4c4287d6f5728ffb69ab93fe3d972db

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
flt.vtBIKVGY2iwOS_nqgd_VrYgF6LfW
content-encoding
br
x-amz-meta-bordeaux-version
5.54.0
date
Mon, 05 Aug 2024 13:57:31 GMT
last-modified
Thu, 01 Aug 2024 13:44:29 GMT
server
AmazonS3
via
1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
etag
W/"76b7abee9ca1c933d0f76036db52d8b9"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
1284
x-amz-cf-id
g6wBevTAuuv1LgF7-KkB-zrT7RFxLje3tKHbZvkInDndXMcnxtf7og==
pubmaticBidAdapter.b9c45a02d84064e5dd93.js
bordeaux.futurecdn.net/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/pubmaticBidAdapter.b9c45a02d84064e5dd93.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:5400:5:a6be:f9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b93b0dc9163049501a9b8cbe46ad7718152dd7983c5431f2fbccadfed7b28058

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
oT0tFDQNhyYVuriC4eHIX.BnlDlW.e5u
content-encoding
br
x-amz-meta-bordeaux-version
5.54.0
date
Mon, 05 Aug 2024 14:03:11 GMT
last-modified
Thu, 01 Aug 2024 13:44:27 GMT
server
AmazonS3
via
1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
etag
W/"b7b2c6fa049d2967aa2f7817f508d374"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
944
x-amz-cf-id
ABUXXCM7bXdDdEbVBpvHSZpM9l2Du64XHpkL8xtbaid8MXdtpT_u_A==
tripleliftBidAdapter.a8acece7ef8854819cd3.js
bordeaux.futurecdn.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/tripleliftBidAdapter.a8acece7ef8854819cd3.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:5400:5:a6be:f9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2af10aeac0d5a954811b040322248d8ea9183d094cfd85af419f0ec9afefb8a3

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
IJ_cGIU1zAcLwJmJ.0qmd8FGx.lf4I_x
content-encoding
gzip
x-amz-meta-bordeaux-version
5.54.0
date
Mon, 05 Aug 2024 14:07:50 GMT
last-modified
Thu, 01 Aug 2024 13:44:29 GMT
server
AmazonS3
via
1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
etag
W/"4e34b4eba88b2ac5e2ab510dfe8d3bd7"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
665
x-amz-cf-id
_0sqmuSmFCM2U79p0wNHq9PDuKZeBhZFZ1-eyKcgQ62qJhUpNdJyqQ==
rubiconBidAdapter.a8468b634c2d7fc9c1ee.js
bordeaux.futurecdn.net/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/rubiconBidAdapter.a8468b634c2d7fc9c1ee.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:5400:5:a6be:f9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cce19dc96fc6b61981e1699997b813cc5744590140e3f4beda7d410af0571550

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
qydaEOOta8FstnahhynZ8TvoFG80mHdW
content-encoding
br
x-amz-meta-bordeaux-version
5.54.0
date
Mon, 05 Aug 2024 14:07:12 GMT
last-modified
Thu, 01 Aug 2024 13:44:28 GMT
server
AmazonS3
via
1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
etag
W/"aac2bd85d06dd4a46e4ac4acc72dadf5"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
703
x-amz-cf-id
swNxSazvkIZRPZoLt-pfxYLBkm71swSKjQ_CvvcEZZbMYGv4LYtu4w==
amxBidAdapter.443686e4725bc2d47fa9.js
bordeaux.futurecdn.net/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/amxBidAdapter.443686e4725bc2d47fa9.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:5400:5:a6be:f9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6e0fa0cda115ff61fdefdde945e16703b97710c99567a4a7e9da44d4207e148b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
I0nIGgL.OCuW_NOsWWZ.197bvQzWlUM1
content-encoding
br
x-amz-meta-bordeaux-version
5.54.0
date
Mon, 05 Aug 2024 14:09:40 GMT
last-modified
Thu, 01 Aug 2024 13:44:20 GMT
server
AmazonS3
via
1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
etag
W/"e23be15efe148012480ea8768b7c1167"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
555
x-amz-cf-id
AJJFEsdgrrxhG3Lx2g3ayUpdb7LSz11Cf7o5C15yld1Hkvgq7u9vlQ==
yieldmoBidAdapter.27fff5ef5c77158a13e5.js
bordeaux.futurecdn.net/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/yieldmoBidAdapter.27fff5ef5c77158a13e5.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:5400:5:a6be:f9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
eaba478b7e74d2b774aa89d04725935608b2273516d701df4176c8cefa566ef4

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
.Ras6RHfq7TTxQ8uv7XT8QYDcFwIAFcH
content-encoding
gzip
x-amz-meta-bordeaux-version
5.54.0
date
Mon, 05 Aug 2024 13:59:15 GMT
last-modified
Thu, 01 Aug 2024 13:44:30 GMT
server
AmazonS3
via
1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
etag
W/"68cae3abf8b9f5d4e68575f018815828"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
1180
x-amz-cf-id
JRiU04mf4bKQZYXMlXwF_mmiujp04BvDkBko410mqWrIpcy5gTZGwg==
ixBidAdapter.7c6d71f59d589bb125b7.js
bordeaux.futurecdn.net/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/ixBidAdapter.7c6d71f59d589bb125b7.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:5400:5:a6be:f9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f83e23bd32ec4c0f5d59ffcb447c6d171f8c3ac319a101fe098d6092f2f5f49

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
EQS93c9sK_eD.XJr_ZCDebzRZNe5ty1s
content-encoding
br
x-amz-meta-bordeaux-version
5.54.0
date
Mon, 05 Aug 2024 14:03:11 GMT
last-modified
Thu, 01 Aug 2024 13:44:24 GMT
server
AmazonS3
via
1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
etag
W/"b42ffdd9966004574ecc379e9145a497"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
944
x-amz-cf-id
GcDuV2y8nFi3ZglSDKtslsfb38ff8d9gSMGny9IcHlmT0aq7MyY2dw==
demconf.jpg
dpm.demdex.net/
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3646078572539412529&redir=
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3646078572539412529&redir=
42 B
715 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3646078572539412529&redir=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
54.86.2.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-86-2-203.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

dcs
dcs-prod-va6-2-v062-013151166.edge-va6.demdex.com 3 ms
pragma
no-cache
date
Mon, 05 Aug 2024 14:18:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
x-tid
lxTYQJ5wSNk=
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length
59
expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs
dcs-prod-va6-1-v062-0c5d64612.edge-va6.demdex.com 0 ms
pragma
no-cache
date
Mon, 05 Aug 2024 14:18:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-tid
Nq7MZKl7Q/E=
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3646078572539412529&redir=
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
csync.ashx
ml314.com/
Redirect Chain
  • https://idsync.rlcdn.com/395886.gif?partner_uid=3646078572539412529
  • https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzY0NjA3ODU3MjUzOTQxMjUyORAAGg0Izr7DtQYSBQjoBxAAQgBKAA
  • https://ml314.com/csync.ashx?fp=4b543cf578192e4efae8ca40866b1d3150032d2419229d523d145a4fef5f2091f4cb09cee1a4f8eb&person_id=3646078572539412529&eid=50082
43 B
56 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=4b543cf578192e4efae8ca40866b1d3150032d2419229d523d145a4fef5f2091f4cb09cee1a4f8eb&person_id=3646078572539412529&eid=50082
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-type
image/gif
date
Mon, 05 Aug 2024 14:18:54 GMT
via
1.1 google
server
Google Frontend
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 06 Aug 2024 14:18:54 GMT

Redirect headers

date
Mon, 05 Aug 2024 14:18:54 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ml314.com/csync.ashx?fp=4b543cf578192e4efae8ca40866b1d3150032d2419229d523d145a4fef5f2091f4cb09cee1a4f8eb&person_id=3646078572539412529&eid=50082
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
utsync.ashx
ml314.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1
  • https://ml314.com/utsync.ashx?eid=53819&et=0&fp=48c3f041-3e95-40ba-9b98-d1e5372b4104&gdpr=0&gdpr_consent=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=48c3f041-3e95-40ba-9b98-d1e5372b4104&gdpr=0&gdpr_consent=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:54 GMT
via
1.1 google
server
Google Frontend
content-type
image/gif
p3p
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0,Tue, 06 Aug 2024 14:18:54 GMT

Redirect headers

location
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=48c3f041-3e95-40ba-9b98-d1e5372b4104&gdpr=0&gdpr_consent=
date
Mon, 05 Aug 2024 14:18:54 GMT
server
Kestrel
content-length
241
csync.ashx
ml314.com/
Redirect Chain
  • https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3646078572539412529
  • https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3646078572539412529
  • https://ml314.com/csync.ashx?fp=5908e6c1f62489d97c7b0c6c4cb95f0d&eid=50146&person_id=3646078572539412529
43 B
56 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=5908e6c1f62489d97c7b0c6c4cb95f0d&eid=50146&person_id=3646078572539412529
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-type
image/gif
date
Mon, 05 Aug 2024 14:18:54 GMT
via
1.1 google
server
Google Frontend
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 06 Aug 2024 14:18:54 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:54 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://ml314.com/csync.ashx?fp=5908e6c1f62489d97c7b0c6c4cb95f0d&eid=50146&person_id=3646078572539412529
cache-control
no-cache
x-server
10.40.3.165
content-length
0
expires
0
match
ps.eyeota.net/
Redirect Chain
  • https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
  • https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
  • https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2EsCWkdP6eb8sPh-8upXANINLOQp6GmThCy237czK-3s&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_p...
  • https://ml314.com/csync.ashx?fp=2EsCWkdP6eb8sPh-8upXANINLOQp6GmThCy237czK-3s&person_id=3646078572539412529&eid=50052&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referre...
  • https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
70 B
440 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
HTTP/1.1
Server
3.230.62.22 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-230-62-22.compute-1.amazonaws.com
Software
/
Resource Hash
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date
Mon, 05 Aug 2024 14:18:54 GMT
Content-Length
70
Content-Type
image/gif

Redirect headers

date
Mon, 05 Aug 2024 14:18:54 GMT
via
1.1 google
server
Google Frontend
content-type
image/gif
location
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
x-cloud-trace-context
215333a074d5323dc0bb4cfc0d602845
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Tue, 06 Aug 2024 14:18:54 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202407310101/ 		473 KB
148 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202407310101/pubads_impl.js?cb=31085846
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
cafe /
Resource Hash
16c97b6c26473d70b044e56a04aaa08a40cbf07d644e8bea637f41d3e4acbc7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 04 Aug 2024 18:08:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
72629
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
151011
x-xss-protection
0
server
cafe
etag
11172422436733227893
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Mon, 04 Aug 2025 18:08:25 GMT
sync.min.js
tags.crwdcntrl.net/lt/c/16576/ 		41 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-28.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
57d831a0329a6484b36f24355c95bbc4fcd8894f8fbe79d2b455997cc01d329e

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 09:23:28 GMT
content-encoding
gzip
via
1.1 d60ae27dae636821c1e43441a8146e02.cloudfront.net (CloudFront)
last-modified
Tue, 30 Jul 2024 19:29:16 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
17727
x-amz-server-side-encryption
AES256
etag
W/"7bcc18dc921f9b135e294dc9ebbac75f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=86400
x-amz-cf-id
V_SJ2KhOQjH5YG7iWfte4I3SXeiIosK5FooJfxuFmaObnRSB1Wo0ww==
ima.js
cdn-ima.33across.com/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ima.33across.com/ima.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.35.167 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25e106a5f1c5d1a80bc895df64e131503ea560d57fa360b32277e01c7bacfe8c

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 24 Jul 2024 21:41:51 GMT
server
cloudflare
age
404317
etag
W/"66a1751f-4089"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
8ae76b4a4bd367bd-MIA
expires
Thu, 08 Aug 2024 14:18:54 GMT
id5-api.js
cdn.id5-sync.com/api/1.0/ 		94 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cccaedb13f2aa38970538b043bfd16b0fa24e6a6a386833059595fd0a408e105
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
WJBEYDQ8YXV2K4N5
age
34
x-amz-server-side-encryption
AES256
x-amz-id-2
Fv5QmCXT70M5wlJUvY9LLmMLSRroEPMHXJbaEE8X2oiawcZpUB0QzmVKMIORM+zrjocrQyi44Q9Jikc5HNonM38qYVnzdJ7gh80LY726ewk=
last-modified
Wed, 19 Jun 2024 08:15:00 GMT
server
cloudflare
etag
W/"7549ecdacdd2ca9502744f648799d58a"
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
8ae76b4a7ea52888-MIA
expires
Mon, 05 Aug 2024 15:18:54 GMT
getuidj
ib.adnxs.com/ 		11 B
698 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.186 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:54 GMT
an-x-request-uuid
4e103ffd-c33d-4bee-83e3-1dc064cff524
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.itpro.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
38.132.118.77; 38.132.118.77; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
11
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
rid
match.adsrvr.org/track/ 		109 B
567 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=0fkciot&fmt=json
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
0476e7ddf41b09b1729163a652456f88ee57d72ef49f41897b4d3b8c5cfd48ed

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.itpro.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Wed, 04 Sep 2024 14:18:54 GMT
2482549652030483
connect.facebook.net/signals/config/ 		23 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/2482549652030483?v=2.9.164&r=stable&domain=www.itpro.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C195%2C194%2C196%2C201%2C202%2C203%2C199%2C191%2C128%2C158%2C190%2C192%2C119%2C152%2C141%2C146%2C184%2C185%2C125%2C227%2C113%2C124%2C228%2C160%2C116%2C230%2C161%2C132%2C120%2C149%2C144
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-iad3.fbcdn.net
Software
/
Resource Hash
cf2bbdcc78bcb6afbb8fa7d45864a41c497d38c46ef57e3400546bf826f53a5d
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 05 Aug 2024 14:18:54 GMT
document-policy
force-load-at-top
x-fb-server-load
49
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2897
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=56, rtx=0, c=23, mss=1232, tbw=4333, tp=9, tpl=0, uplat=2, ullat=-1
pragma
public
x-fb-debug
O3dn7JhhLku0gL7ysAJmyb9eHKkmclrV1vsDl3TTdgGUHHOEiScVbbtrnZbrOhqXstNE+PUUQw+B547fcHhnig==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
269 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=540347474949339&ev=PageView&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867534172&sw=1600&sh=1200&v=2.9.164&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&tm=1&rqm=GET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=57, rtx=0, c=10, mss=1297, tbw=2790, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 05 Aug 2024 14:18:54 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=540347474949339&ev=PageView&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867534172&sw=1600&sh=1200&v=2.9.164&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&tm=1&rqm=FGET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Mon, 05 Aug 2024 14:18:54 GMT
document-policy
force-load-at-top
x-fb-server-load
59
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7399659715892990752", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=64, rtx=0, c=20, mss=1297, tbw=3461, tp=-1, tpl=-1, uplat=150, ullat=0
pragma
no-cache
x-fb-debug
8qRzKsUqBGsy3ADC9RaUm+N76754OQNv6BmKqBO5sLgNPcY/B45Xglj6J4d0j3zpLs/pCPYOXdAH+KhwXCg+Zg==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7399659715892990752"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
country
api.btloader.com/ 		37 B
215 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.btloader.com/country?o=5682682429177856
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
b8f0ca68362cf245f891fc09ddfa50806d195e78e196cf96ac5d9cf72be2577a

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
*
cache-control
private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
SiteEvent.dotmetrics
uk-script.dotmetrics.net/ 		399 B
1005 B 		Script
General
Check archive.org
Download Go to
Full URL
https://uk-script.dotmetrics.net/SiteEvent.dotmetrics?r=1722867534239&v=eyJpZCI6MTIzNjgsImZsIjp0cnVlLCJkb20iOiJ3d3cuaXRwcm8uY29tIiwibHNvIjpudWxsLCJ1cmwiOiJodHRwczovL3d3dy5pdHByby5jb20vc2VjdXJpdHkvY3liZXItY3JpbWUvcmVzZWFyY2hlcnMtZGlzY292ZXItaGlnaGx5LXNvcGhpc3RpY2F0ZWQtb3BlcmF0aW9uLXVzaW5nLWEtMzAwMC1zdHJvbmctbmV0d29yay1vZi1naG9zdC1hY2NvdW50cy10by1zcHJlYWQtbWFsd2FyZS1vbi1naXRodWI%2FdXRtX3NvdXJjZT1TZWxsaWdlbnQmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249SVRQX1NFQ1VSSVRZX0JVTExFVElOX0FVR18yMDI0JnV0bV9jb250ZW50PUlUUF9TRUNVUklUWV9CVUxMRVRJTl9BVUdfMjAyNCZ1dG1fdGVybT0yNTkxNTk3NCZtX2k9ZFN0S2tGM3lValB1MlA3UXRKRFRNdEx0V295WTFxNzU0bkwybkNyVEd4OSUyQktlYXJyJTJCZXRsVW9UZ203R3hySmoycGxZYlBsdlF5cHl0YSUyQjR0TXIxQWhUcXpLT1ZEajZkZGMiLCJydXJsIjoiIiwiZWNpZCI6ImMzMjVmYTdmLTM0MDItNGRkOC05OTc1LTZmYTc2ZDNiMjM1MyIsImRjIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIiwiZGZwaCI6IiIsInR6T2Zmc2V0Ijo2MDAsIm9zcyI6dHJ1ZSwib3NlcyI6dHJ1ZX0%3D
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-91.jfk52.r.cloudfront.net
Software
Kestrel /
Resource Hash
e7ccfe7f8055d753aad32de3cc52f5c356eea5be1b07ef9ae1141e5525c862d2

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
br
via
1.1 def26d054ec95b961e8352e3cd4fae7e.cloudfront.net (CloudFront)
server
Kestrel
x-amz-cf-pop
JFK52-P3
vary
Accept-Encoding
x-cache
Miss from cloudfront
p3p
policyref="https://uk-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
content-type
application/javascript
cache-control
no-cache
x-amz-cf-id
j5afZUne5h9riGCO-Yua_7pzXY8EaoMbdVBLjkiGmHZojYqJmbqAQA==
pv
api.btloader.com/ 		0
66 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.btloader.com/pv?tid=oL1KcNODO&w=5184536619515904&o=5682682429177856&cv=2.1.48&widget=false&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&sid=r7KQ1lBzDj&pm=true&upapi=true
Requested by
Host: futureplc-com.videoplayerhub.com
URL: https://futureplc-com.videoplayerhub.com/galleryplayer.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 05 Aug 2024 14:18:54 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Origin
/
geo.privacymanager.io/ 		30 B
626 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.151.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-151-21.iad66.r.cloudfront.net
Software
/
Resource Hash
b94047a885ec91143818ebb76251e206a303a492429f67defc1c2e46c10c41c9

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 08:45:54 GMT
via
1.1 10d8c7e85dc4bacbe46fc8920b2edbc4.cloudfront.net (CloudFront), 1.1 fa3f15cd366c19b686cb5e8157aee206.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD61-P3, IAD66-C2
age
19980
x-amzn-trace-id
Root=1-66b09142-5f46a2684b22b7be4cc01923;Parent=0d93b735437c9baf;Sampled=0;lineage=06620786:0
x-amzn-requestid
db44ce87-bd5b-4fe1-9ee8-25b2508fcf7e
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
*
x-cache
Hit from cloudfront
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id
cBuiYEGDjoEEKYQ=
content-length
30
x-amz-cf-id
TCMYe0a1OLkxZf7kCLEebZf6lsuDErBtbw4fnpqpYXFRvt9w42V4Rg==
/
geo.privacymanager.io/ 		30 B
625 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.151.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-151-21.iad66.r.cloudfront.net
Software
/
Resource Hash
b94047a885ec91143818ebb76251e206a303a492429f67defc1c2e46c10c41c9

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 08:45:54 GMT
via
1.1 10d8c7e85dc4bacbe46fc8920b2edbc4.cloudfront.net (CloudFront), 1.1 fa3f15cd366c19b686cb5e8157aee206.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD61-P3, IAD66-C2
age
19980
x-amzn-trace-id
Root=1-66b09142-5f46a2684b22b7be4cc01923;Parent=0d93b735437c9baf;Sampled=0;lineage=06620786:0
x-amzn-requestid
db44ce87-bd5b-4fe1-9ee8-25b2508fcf7e
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
*
x-cache
Hit from cloudfront
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id
cBuiYEGDjoEEKYQ=
content-length
30
x-amz-cf-id
m0Wxae9Muyvh-8kd6P9Ux0NUj9qJXeQoBGyUaHE_rP-lTl4-dZalTA==
wRvAOEYoEeyfkEbo2AynAw.json
entitlements.jwplayer.com/ 		69 B
244 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://entitlements.jwplayer.com/wRvAOEYoEeyfkEbo2AynAw.json
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/libraries/aWeJUC35.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.5.228 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mid/8734) /
Resource Hash
5427e10c23520fbca480e8750c7e03dc2858eee594081879ea72a559bbd9fa81

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
last-modified
Mon, 05 Aug 2024 14:14:07 GMT
server
ECAcc (mid/8734)
age
288
vary
Accept-Encoding
x-cache
HIT
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=5940
accept-ranges
bytes
content-length
75
ima3.js
imasdk.googleapis.com/js/sdkloader/ 		416 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0e::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e5cb95ff379f230c85c99082a695af99206bc588010f849d06263da77778087a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
145669
x-xss-protection
0
expires
Mon, 05 Aug 2024 14:18:54 GMT
beacon.js
sb.scorecardresearch.com/internal-cs/default/
Redirect Chain
  • https://sb.scorecardresearch.com/cs/10055482/beacon.js
  • https://sb.scorecardresearch.com/internal-cs/default/beacon.js
4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
18.154.227.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-154-227-84.iad55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
84e5aa85594b35c4b60787f4a97e2e1eb369dacbe23d8154f61f60bb0343d465

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 09:27:21 GMT
content-encoding
gzip
via
1.1 02953992e043cdd9273bab020f4030a0.cloudfront.net (CloudFront)
last-modified
Thu, 07 Dec 2023 12:02:23 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P5
age
17494
x-amz-server-side-encryption
AES256
etag
W/"77ff4ede4693897337a38594321529a3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
TNjva7qxpxXCgBZXNYySzzidqfOWU7Zzw2SuzBvgvb03_atqWkhKsw==

Redirect headers

date
Mon, 05 Aug 2024 14:18:54 GMT
via
1.1 02953992e043cdd9273bab020f4030a0.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
IAD55-P5
x-cache
Miss from cloudfront
location
/internal-cs/default/beacon.js
content-length
0
x-amz-cf-id
F9eSQVyP9JPVpAowrVrks107wTOFfEfLMtArFlSKlVGV3BQmOBAbgQ==
/
www.facebook.com/tr/ 		0
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=540347474949339&ev=PageView&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867534538&sw=1600&sh=1200&v=2.9.164&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&rqm=GET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=57, rtx=0, c=10, mss=1297, tbw=3199, tp=-1, tpl=-1, uplat=1, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 05 Aug 2024 14:18:54 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
846 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=540347474949339&ev=PageView&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867534538&sw=1600&sh=1200&v=2.9.164&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&rqm=FGET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Mon, 05 Aug 2024 14:18:54 GMT
document-policy
force-load-at-top
x-fb-server-load
59
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7399659715967972105", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=64, rtx=0, c=20, mss=1297, tbw=7141, tp=-1, tpl=-1, uplat=121, ullat=1
pragma
no-cache
x-fb-debug
o8InfSSetPgPZA0wNidI6BTRm/+VpW+qM1O2fQsbTdq6pSekeKP8Rw3kr22TBUU3PySs7OZRPgbUw9Pq+KC24Q==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7399659715967972105"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=2482549652030483&ev=PageView&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867534539&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&rqm=GET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=57, rtx=0, c=10, mss=1297, tbw=3311, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 05 Aug 2024 14:18:54 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
848 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=2482549652030483&ev=PageView&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867534539&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&rqm=FGET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Mon, 05 Aug 2024 14:18:54 GMT
document-policy
force-load-at-top
x-fb-server-load
55
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7399659715651938978", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=64, rtx=0, c=20, mss=1297, tbw=6271, tp=-1, tpl=-1, uplat=121, ullat=0
pragma
no-cache
x-fb-debug
4Q9lSa/qF/6WJ4pm0FPC/tfg3DZbbbZJl9moTficFH+4pnqH4bLsbUnpKPx/0FaVl/p1yfr1lXE/ku6c+hUaAw==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7399659715651938978"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
fire.js
s.cpx.to/ 		64 B
250 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.cpx.to/fire.js?pid=12529&url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&hn_ver=78&fid=077a9d12-97f8-4141-8d24-6bdc2703f26a&dsp=TTD&dsp_uid=0e365dc4-1852-45c2-ba63-fb539bbe7a2c
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.170.187 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-170-187.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
96b4878df8e1604830e9201e0de0bbdcf234c21b22e81c85f935ec1f7aeeee8c

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.itpro.com
date
Mon, 05 Aug 2024 14:18:54 GMT
access-control-allow-credentials
true
p3p
CP="NOI DEV ADM"
content-length
64
vary
Origin
expires
Mon, 05 Aug 2024 14:18:54 GMT
uc.js
sync.go.sonobi.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/uc.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
de31de3e62162cf316c90ce40ebcfd66e7c736d5c5673c1dd34e5ce188edcfac
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-57
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
text/javascript
cache-control
no-cache, no-store, private
tcn
Choice
content-length
658
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
usermatch
ssum-sec.casalemedia.com/ Frame 29B4
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?r=1171&s=181869&cb=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D3255%26svc%3Dus%26id%3D2%26uid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D3255%26svc%3Dus%26id%3D2%26uid%3D&r=1171&s=181869&C=1
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D3255%26svc%3Dus%26id%3D2%26uid%3D&r=1171&s=181869&C=1
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8ae76b4c5c8f3367-MIA
content-encoding
br
content-type
text/html
date
Mon, 05 Aug 2024 14:18:54 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j0yCvM7D57Yf2zsNuH7QWKUk%2B25jx37L4uvcJZ5gcnJJW2Z0yW8T9rRs7NnxzkVV%2Fuo1rZ2jPwN2lL3eKsC4lZHAHFNK6qW2E78zI3LUFR%2F83Q4mVbpMqbNU9ELVFq7CG0tQ3jYtmKUN1w%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8ae76b4bdbe93367-MIA
content-length
0
date
Mon, 05 Aug 2024 14:18:54 GMT
expires
0
location
/usermatch?cb=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D3255%26svc%3Dus%26id%3D2%26uid%3D&r=1171&s=181869&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TODLwliyEQhTA90gAdIPeXsDAkqrZfbJvcxAdKe5Wx3k%2F4tlSDwrmK%2B4koD8%2Bw3w2TGvU1Z4iAJz9PfYI2QS3G2vxuRVYpAmXsoJq%2F5P8etP6p8AEedcFc3cEFUSlJfOhq%2BDwBVG%2FNmI5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
sync_iframe
sync.bfmio.com/ Frame 2932 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.bfmio.com/sync_iframe?gdpr=0&gc=&ifpl=5&ifg=4&id=Purch&gce=1
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.0.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-5-0-17.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Length
390
Content-Type
text/html
Date
Mon, 05 Aug 2024 14:18:54 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 9986 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?r=2369&p=156007&predirect=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D5391%26svc%3Dus%26id%3D46%26uid%3D
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.9.13 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-9-13.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=155647
content-encoding
gzip
content-length
5516
content-type
text/html
date
Mon, 05 Aug 2024 14:18:54 GMT
expires
Wed, 07 Aug 2024 09:33:01 GMT
last-modified
Mon, 05 Aug 2024 09:22:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame F5A7
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=11868&endpoint=us-east&r=4258
  • https://eus.rubiconproject.com/usync.html?p=11868&endpoint=us-east&r=4258
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=11868&endpoint=us-east&r=4258
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.55.205.215 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-55-205-215.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
224
content-type
text/html; charset=UTF-8
date
Mon, 05 Aug 2024 14:18:55 GMT
etag
"2052a-10d-6142d69a886c0"
last-modified
Thu, 21 Mar 2024 15:32:19 GMT
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Mon, 05 Aug 2024 14:18:54 GMT
location
https://eus.rubiconproject.com/usync.html?p=11868&endpoint=us-east&r=4258
server
AkamaiGHost
partner
pixel.servebom.com/ Frame 3842
Redirect Chain
  • https://pixel.advertising.com/ups/58164/sync?gdpr=0&gdpr_consent=&_origin=1&redir=true
  • https://ups.analytics.yahoo.com/ups/58164/sync?gdpr=0&gdpr_consent=&_origin=1&redir=true
  • https://pixel.servebom.com/partner?&svc=us&id=57&uid=y-BmNVrOxE2uGb9LYLUKpwxiisaEBIR4Xj~A
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.servebom.com/partner?&svc=us&id=57&uid=y-BmNVrOxE2uGb9LYLUKpwxiisaEBIR4Xj~A
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:a600:b:b084:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache, s-maxage=300
content-length
70
content-type
image/png
date
Mon, 05 Aug 2024 14:18:56 GMT
etag
"f829b914fc47cfc9c0747c119c27cf1b"
last-modified
Mon, 11 Sep 2023 14:15:16 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 c36b03c9737c294317e3651e77ee0c4a.cloudfront.net (CloudFront)
x-amz-cf-id
DZXZ1QED7r32COb0xN-YuMHZaiio2PG-gc4hNQsleoWcfqmRBLCkIA==
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
x-amz-version-id
Jvs8QjUqsXANWs6qYTwpu6mK82_wjq6v
x-cache
Hit from cloudfront

Redirect headers

age
0
content-length
0
date
Mon, 05 Aug 2024 14:18:54 GMT
location
https://pixel.servebom.com/partner?&svc=us&id=57&uid=y-BmNVrOxE2uGb9LYLUKpwxiisaEBIR4Xj~A
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.134
strict-transport-security
max-age=31536000
partner
pixel.servebom.com/ Frame DEDF
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58290/sync?redir=true
  • https://ups.analytics.yahoo.com/ups/58290/sync?redir=true&verify=true
  • https://pixel.servebom.com/partner?svc=us&id=61&uid=y-_rx4DJNE2uK14Jh8SqzY8GErABv6KnA-~A
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.servebom.com/partner?svc=us&id=61&uid=y-_rx4DJNE2uK14Jh8SqzY8GErABv6KnA-~A
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:a600:b:b084:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache, s-maxage=300
content-length
70
content-type
image/png
date
Mon, 05 Aug 2024 14:18:56 GMT
etag
"f829b914fc47cfc9c0747c119c27cf1b"
last-modified
Mon, 11 Sep 2023 14:15:16 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 c36b03c9737c294317e3651e77ee0c4a.cloudfront.net (CloudFront)
x-amz-cf-id
cxcBaou-ganTTMhbXi0jeHKTzv57OZm3vynB5RlcLeVC-50NNifCwg==
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
x-amz-version-id
Jvs8QjUqsXANWs6qYTwpu6mK82_wjq6v
x-cache
Hit from cloudfront

Redirect headers

age
0
content-length
0
date
Mon, 05 Aug 2024 14:18:54 GMT
location
https://pixel.servebom.com/partner?svc=us&id=61&uid=y-_rx4DJNE2uK14Jh8SqzY8GErABv6KnA-~A
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.134
strict-transport-security
max-age=31536000
partner
pixel.servebom.com/ Frame 463E
Redirect Chain
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D7721%26svc%3Dus%26id%3D62%26uid%3D%24%7BBSW_UUID%7D%26cookie_age%3D%24%7BCOOKIE_AGE%7D
  • https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D7721%26svc%3Dus%26id%3D62%26uid%3D%24%7BBSW_UUID%7D%26cookie_age%3D%24%7BCOOKIE_AGE%7D
  • https://pixel.servebom.com/partner?cb=7721&svc=us&id=62&uid=3c82e640-f4c3-40ed-bb04-5704e47b66be&cookie_age=0
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.servebom.com/partner?cb=7721&svc=us&id=62&uid=3c82e640-f4c3-40ed-bb04-5704e47b66be&cookie_age=0
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:a600:b:b084:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache, s-maxage=300
content-length
70
content-type
image/png
date
Mon, 05 Aug 2024 14:18:56 GMT
etag
"f829b914fc47cfc9c0747c119c27cf1b"
last-modified
Mon, 11 Sep 2023 14:15:16 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 c36b03c9737c294317e3651e77ee0c4a.cloudfront.net (CloudFront)
x-amz-cf-id
l_EbYB7S3aTI6dss-dB9hn-Vm4KA-fzyA-zSZXC4uT66abHQQKVPDQ==
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
x-amz-version-id
Jvs8QjUqsXANWs6qYTwpu6mK82_wjq6v
x-cache
Hit from cloudfront

Redirect headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Date
Mon, 05 Aug 2024 14:18:54 GMT
Location
https://pixel.servebom.com/partner?cb=7721&svc=us&id=62&uid=3c82e640-f4c3-40ed-bb04-5704e47b66be&cookie_age=0
Server
nginx
partner
pixel.servebom.com/ Frame 9A85
Redirect Chain
  • https://match.sharethrough.com/universal/v1?supply_id=dSvJjhJF
  • https://pixel.servebom.com/partner?svc=us&id=64&uid=24039c5b-f546-451a-b072-135b2d89a060
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.servebom.com/partner?svc=us&id=64&uid=24039c5b-f546-451a-b072-135b2d89a060
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:a600:b:b084:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache, s-maxage=300
content-length
70
content-type
image/png
date
Mon, 05 Aug 2024 14:18:56 GMT
etag
"f829b914fc47cfc9c0747c119c27cf1b"
last-modified
Mon, 11 Sep 2023 14:15:16 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 c36b03c9737c294317e3651e77ee0c4a.cloudfront.net (CloudFront)
x-amz-cf-id
sEwgFhR0z41cw6ujQpJOgf_ViM1urwSK_VjcUr3DUKBvG2h8-ex32A==
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
x-amz-version-id
Jvs8QjUqsXANWs6qYTwpu6mK82_wjq6v
x-cache
Hit from cloudfront

Redirect headers

content-length
0
location
https://pixel.servebom.com/partner?svc=us&id=64&uid=24039c5b-f546-451a-b072-135b2d89a060
strict-transport-security
max-age=16000000; includeSubDomains; preload;
isync
visitor.omnitagjs.com/visitor/ Frame 7A3C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://visitor.omnitagjs.com/visitor/isync?uid=ebd167208cfac599416ddea5dbceb5dd&name=FUTURE_PLC&url=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D7272%26svc%3Dus%26id%3D65%26uid%3DPARTNER_USER_ID
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.244.31.11 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),
Reverse DNS
Software
ayl-lb-usa02 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
1820
content-type
text/html; charset=UTF-8
date
Mon, 05 Aug 2024 14:18:54 GMT
expires
0
p3p
CP="CAO PSA OUR"
pragma
no-cache
server
ayl-lb-usa02
vary
Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
2
sync-iframe
cs-server-s2s.yellowblue.io/ Frame 745C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D5710%26svc%3Dus%26id%3D66%26uid%3D%7BpartnerId%7D
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.210.96.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-210-96-54.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
https://www.itpro.com/
content-type
text/html
date
Mon, 05 Aug 2024 14:18:54 GMT
server
istio-envoy
x-envoy-upstream-service-time
2
partner
pixel.servebom.com/
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D6214%26svc%3Dus%26id%3D23%26uid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fpixel.servebom.com%252Fpartner%253Fcb%253D6214%2526svc%253Dus%2526id%253D23%2526uid%253D%2524UID
  • https://pixel.servebom.com/partner?cb=6214&svc=us&id=23&uid=8544957376819976494
70 B
596 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.servebom.com/partner?cb=6214&svc=us&id=23&uid=8544957376819976494
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2600:9000:2501:ce00:b:b084:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b7fa434f92a8b80aab02d9bf1a12e49ffcae424e4013a1c4f68b67e3d2bbcd0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Jvs8QjUqsXANWs6qYTwpu6mK82_wjq6v
date
Mon, 05 Aug 2024 14:18:56 GMT
via
1.1 19818f9265689e7f5cbb430f8edbe402.cloudfront.net (CloudFront)
last-modified
Mon, 11 Sep 2023 14:15:16 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P5
x-amz-server-side-encryption
AES256
etag
"f829b914fc47cfc9c0747c119c27cf1b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
cache-control
no-cache, s-maxage=300
accept-ranges
bytes
content-length
70
x-amz-cf-id
dMXsmF8qx7KQXs8iGbdVVs1fhKs6ne8w3a7UIVp_QqeW38ZINbswaA==

Redirect headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:54 GMT
an-x-request-uuid
965564ce-9d50-464e-8a15-0eec97539cbf
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://pixel.servebom.com/partner?cb=6214&svc=us&id=23&uid=8544957376819976494
x-proxy-origin
38.132.118.77; 38.132.118.77; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
partner
pixel.servebom.com/
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=de2d90e5-4d26-4c8c-a342-3edcde51fdb1&ph=25af9286-f23b-4b02-abcd-f2ee3b564dab&r=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D2713%26svc%3...
  • https://us-u.openx.net/w/1.0/cm?cc=1&gdpr=0&gdpr_consent=&id=de2d90e5-4d26-4c8c-a342-3edcde51fdb1&ph=25af9286-f23b-4b02-abcd-f2ee3b564dab&r=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D2713%26...
  • https://pixel.servebom.com/partner?cb=2713&svc=us&id=22&uid=7ded7626-175f-00a1-10a2-8c80b0d42a90
70 B
608 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.servebom.com/partner?cb=2713&svc=us&id=22&uid=7ded7626-175f-00a1-10a2-8c80b0d42a90
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2600:9000:2501:ce00:b:b084:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b7fa434f92a8b80aab02d9bf1a12e49ffcae424e4013a1c4f68b67e3d2bbcd0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Jvs8QjUqsXANWs6qYTwpu6mK82_wjq6v
date
Mon, 05 Aug 2024 14:18:56 GMT
via
1.1 19818f9265689e7f5cbb430f8edbe402.cloudfront.net (CloudFront)
last-modified
Mon, 11 Sep 2023 14:15:16 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P5
x-amz-server-side-encryption
AES256
etag
"f829b914fc47cfc9c0747c119c27cf1b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
cache-control
no-cache, s-maxage=300
accept-ranges
bytes
content-length
70
x-amz-cf-id
BW3t2NmV-woLwnHYlxECMKlQnpwSNU9jPfyP1R5l965XYgftMeApWw==

Redirect headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://pixel.servebom.com/partner?cb=2713&svc=us&id=22&uid=7ded7626-175f-00a1-10a2-8c80b0d42a90
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
partner
pixel.servebom.com/
Redirect Chain
  • https://purch-sync.go.sonobi.com/us?https://pixel.servebom.com/partner?cb=5370&svc=us&id=9&uid=[UID]
  • https://pixel.servebom.com/partner?cb=5370&svc=us&id=9&uid=63f1a1cd-c9e8-4f0a-b97c-ff4127efb843
70 B
608 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.servebom.com/partner?cb=5370&svc=us&id=9&uid=63f1a1cd-c9e8-4f0a-b97c-ff4127efb843
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2600:9000:2501:ce00:b:b084:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b7fa434f92a8b80aab02d9bf1a12e49ffcae424e4013a1c4f68b67e3d2bbcd0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Jvs8QjUqsXANWs6qYTwpu6mK82_wjq6v
date
Mon, 05 Aug 2024 14:18:56 GMT
via
1.1 19818f9265689e7f5cbb430f8edbe402.cloudfront.net (CloudFront)
last-modified
Mon, 11 Sep 2023 14:15:16 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P5
x-amz-server-side-encryption
AES256
etag
"f829b914fc47cfc9c0747c119c27cf1b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
cache-control
no-cache, s-maxage=300
accept-ranges
bytes
content-length
70
x-amz-cf-id
QtyJ4BLDzDjWM40pGjjj-6Ud1W8ZprmGIfpiC0_AAR_Vor7l3yphXQ==

Redirect headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:54 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-101
content-type
text/plain; charset=utf8
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://pixel.servebom.com/partner?cb=5370&svc=us&id=9&uid=63f1a1cd-c9e8-4f0a-b97c-ff4127efb843
cache-control
no-cache, no-store, private
tcn
Choice
content-length
0
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
partner
pixel.servebom.com/
Redirect Chain
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D5705%26svc%3Dus%26id%3D24%26uid%3D%24UID
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D5705%26svc%3Dus%26id%3D24%26uid%3D%24UID&sovrn_retry=true
  • https://pixel.servebom.com/partner?cb=5705&svc=us&id=24&uid=JHGaALZH0G2OhhTTRTKJc_Dl
70 B
604 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.servebom.com/partner?cb=5705&svc=us&id=24&uid=JHGaALZH0G2OhhTTRTKJc_Dl
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2600:9000:2501:ce00:b:b084:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b7fa434f92a8b80aab02d9bf1a12e49ffcae424e4013a1c4f68b67e3d2bbcd0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Jvs8QjUqsXANWs6qYTwpu6mK82_wjq6v
date
Mon, 05 Aug 2024 14:18:56 GMT
via
1.1 19818f9265689e7f5cbb430f8edbe402.cloudfront.net (CloudFront)
last-modified
Mon, 11 Sep 2023 14:15:16 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P5
x-amz-server-side-encryption
AES256
etag
"f829b914fc47cfc9c0747c119c27cf1b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
cache-control
no-cache, s-maxage=300
accept-ranges
bytes
content-length
70
x-amz-cf-id
0IVlHiR1AV0V8jew2t39Sx2D7WOlKQ_KtFRHHU2HEpPDQB_zAp1nYw==

Redirect headers

date
Mon, 05 Aug 2024 14:18:54 GMT
vary
Accept-Encoding
access-control-allow-methods
GET, POST, DELETE, PUT
location
https://pixel.servebom.com/partner?cb=5705&svc=us&id=24&uid=JHGaALZH0G2OhhTTRTKJc_Dl
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With, Content-Type
content-length
0
partner
pixel.servebom.com/
Redirect Chain
  • https://eb2.3lift.com/getuid?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D4976%26svc%3Dus%26id%3D14%26uid%3D%24UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D4976%26svc%3Dus%26id%3D14%26uid%3D%24UID
  • https://pixel.servebom.com/partner?cb=4976&svc=us&id=14&uid=4287211908149823403099
70 B
598 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.servebom.com/partner?cb=4976&svc=us&id=14&uid=4287211908149823403099
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2600:9000:2501:ce00:b:b084:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b7fa434f92a8b80aab02d9bf1a12e49ffcae424e4013a1c4f68b67e3d2bbcd0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Jvs8QjUqsXANWs6qYTwpu6mK82_wjq6v
date
Mon, 05 Aug 2024 14:18:56 GMT
via
1.1 19818f9265689e7f5cbb430f8edbe402.cloudfront.net (CloudFront)
last-modified
Mon, 11 Sep 2023 14:15:16 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P5
x-amz-server-side-encryption
AES256
etag
"f829b914fc47cfc9c0747c119c27cf1b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
cache-control
no-cache, s-maxage=300
accept-ranges
bytes
content-length
70
x-amz-cf-id
9eN-D_-hfGQr8FULtx1hDi9i2QO1lwmltpldGfCmHtAYRsmrj_Cvfg==

Redirect headers

location
https://pixel.servebom.com/partner?cb=4976&svc=us&id=14&uid=4287211908149823403099
date
Mon, 05 Aug 2024 14:18:54 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
partner
pixel.servebom.com/
Redirect Chain
  • https://ssc-cms.33across.com/ps/?ri=0013300001kQj3GAAS&ru=https%3A%2F%2Fpixel.servebom.com%2Fpartner%3Fcb%3D5655%26svc%3Dus%26id%3D59%26uid%3D33XUSERID33X
  • https://pixel.servebom.com/partner?cb=5655&svc=us&id=59&uid=212729161477666
70 B
593 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.servebom.com/partner?cb=5655&svc=us&id=59&uid=212729161477666
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2600:9000:2501:ce00:b:b084:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b7fa434f92a8b80aab02d9bf1a12e49ffcae424e4013a1c4f68b67e3d2bbcd0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Jvs8QjUqsXANWs6qYTwpu6mK82_wjq6v
date
Mon, 05 Aug 2024 14:18:56 GMT
via
1.1 19818f9265689e7f5cbb430f8edbe402.cloudfront.net (CloudFront)
last-modified
Mon, 11 Sep 2023 14:15:16 GMT
server
AmazonS3
x-amz-cf-pop
IAD55-P5
x-amz-server-side-encryption
AES256
etag
"f829b914fc47cfc9c0747c119c27cf1b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
cache-control
no-cache, s-maxage=300
accept-ranges
bytes
content-length
70
x-amz-cf-id
TyRDc3I0W5a6k-ffcd0YuZx9DViTs38Drr6rBlQub67gGXwt9qq1Ag==

Redirect headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:54 GMT
referrer-policy
unsafe-url
server
33XP010
x-33x-status
100000000008200000C
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://pixel.servebom.com/partner?cb=5655&svc=us&id=59&uid=212729161477666
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
UCookieSetPug
image6.pubmatic.com/AdServer/ 		0
41 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=undefined&rd=https%3A%2F%2Faud.pubmatic.com%2FAdServer%2FArtemis%3Fuidtype%3D0%26dpid%3D733%26segid%3D89871%2C91634%2C94788
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Mon, 05 Aug 2024 14:18:53 GMT
content-length
0
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
pbjs
htlb.casalemedia.com/openrtb/ 		36 B
684 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=966277
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8dff0c506e841f478486ff17d667dea9326c51feef5ec1ce19fa43fa7b17c20d

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
observe-browsing-topics
?1
alt-svc
h3=":443"; ma=86400
content-length
36
pragma
no-cache
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bkj9fJwT12IkPKJR93vbDxwS52diqTYHIwq29XwGftnRLZQtgQifR8bMmKI82ufUsP0r0h9RklqvArsH8kQmAx3AkOOot1mSAAoIBV9ifb6rY2imS4xcLTne%2B27%2BZ3n9uj6K8sIa"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
8ae76b4c7ebf67b7-MIA
expires
0
prebid
ib.adnxs.com/ut/v3/ 		143 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.186 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
f7a04676040d7682bac7de21871e0543c36192dedcbf74fa758b52a1df58d8fc
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:54 GMT
an-x-request-uuid
4044dc64-8165-4060-b861-8be0e69b874e
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.itpro.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
38.132.118.77; 38.132.118.77; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
143
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
112 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
207.65.37.179 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://www.itpro.com
date
Mon, 05 Aug 2024 14:18:55 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
auction
prebid-server.rubiconproject.com/openrtb2/ 		184 B
357 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
69.173.154.9 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
1a8f3bcfb18640af36a25d18683762a2eed240e4173c629000c577987d4c16ea

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
content-encoding
gzip
x-prebid
pbs-java/3.8.0
observe-browsing-topics
?1
vary
origin
content-type
application/json
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
173
expires
0
auction
tlx.3lift.com/header/ 		19 B
821 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.47.0&referrer=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&tmax=4900&gdpr=false&us_privacy=1YNN
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.206.91.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-206-91-202.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
content-encoding
gzip
accept-ch
sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch
x-auction-status
29
observe-browsing-topics
?1
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
hb
hb.undertone.com/ 		0
537 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.undertone.com/hb?pid=2731&domain=itpro.com&gdpr=0&gdprstr=&ccpa=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.125.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-125-30.iad61.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:54 GMT
via
1.1 185e69fae2e25450e587a1fae1f63962.cloudfront.net (CloudFront)
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
observe-browsing-topics
?1
x-amz-cf-pop
IAD61-P3
x-cache
Miss from cloudfront
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
access-control-allow-origin
https://www.itpro.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
x-amz-cf-id
yxlI44s67M-16H0rRu8vMTdVXuX9GkW1aGm9WFbrIaiCg13McjoT3A==
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebidvideo
ads.yieldmo.com/exchange/ 		0
194 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebidvideo
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.206.48 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-206-48.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://www.itpro.com
pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
UCookieSetPug
image6.pubmatic.com/AdServer/ 		0
166 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=undefined&rd=https%3A%2F%2Faud.pubmatic.com%2FAdServer%2FArtemis%3Fuidtype%3D0%26dpid%3D733%26segid%3D87924%2C89871%2C91634%2C94788
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Mon, 05 Aug 2024 14:18:54 GMT
content-length
0
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
map
bcp.crwdcntrl.net/6/ 		235 B
612 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.95.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-199-95-167.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
5a290261156b126873e0343873f0efc7758bf06d128d1060a953ea1451011a61

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:54 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache
x-server
10.40.54.184
access-control-allow-credentials
true
content-length
235
expires
0
envelope
lexicon.33across.com/v1/
Redirect Chain
  • https://lexicon.33across.com/v1/envelope?pid=0013300001kQj3GAAS&src=aps&ver=1.12.3&us_privacy=1YNN&gpp=DBABLA%7EBVQqAAAAAgA.QA&gpp_sid=7
  • https://lexicon.33across.com/v1/envelope?pid=0013300001kQj3GAAS&src=aps&ver=1.12.3&us_privacy=1YNN&gpp=DBABLA%7EBVQqAAAAAgA.QA&gpp_sid=7&b=1&tp=tZ5D2VjN%2FWfRLBvPD91cnEsUQpgBiMewYCqQIz5mp7g%3D
42 B
138 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lexicon.33across.com/v1/envelope?pid=0013300001kQj3GAAS&src=aps&ver=1.12.3&us_privacy=1YNN&gpp=DBABLA%7EBVQqAAAAAgA.QA&gpp_sid=7&b=1&tp=tZ5D2VjN%2FWfRLBvPD91cnEsUQpgBiMewYCqQIz5mp7g%3D
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
35.244.193.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
51.193.244.35.bc.googleusercontent.com
Software
/
Resource Hash
435b1ece4a55f4f8d06866b32c1aee3cc4661eb905265894795f15a57bf1b33d

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
via
1.1 google
vary
origin
content-type
application/json
access-control-allow-origin
https://www.itpro.com
cache-control
private, must-revalidate, max-age=28800
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

date
Mon, 05 Aug 2024 14:18:54 GMT
via
1.1 google
referrer-policy
unsafe-url
vary
origin
access-control-allow-origin
https://www.itpro.com
location
https://lexicon.33across.com/v1/envelope?pid=0013300001kQj3GAAS&src=aps&ver=1.12.3&us_privacy=1YNN&gpp=DBABLA%7EBVQqAAAAAgA.QA&gpp_sid=7&b=1&tp=tZ5D2VjN%2FWfRLBvPD91cnEsUQpgBiMewYCqQIz5mp7g%3D
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
bid
aax.amazon-adsystem.com/e/dtb/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=3032&u=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&pid=9GSc8KV6VB7AP&cb=0&ws=1600x1200&v=24.722.1801&t=2000&slots=%5B%7B%22sd%22%3A%22bordeaux-ad-2%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Ftop-leaderboard%22%7D%2C%7B%22sd%22%3A%22bordeaux-ad-3%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu1%22%7D%2C%7B%22sd%22%3A%22bordeaux-ad-4%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu2%22%7D%2C%7B%22sd%22%3A%22bordeaux-ad-5%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu3%22%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22source%22%3A2%2C%22platform%22%3A%7B%22brand%22%3A%22%22%2C%22version%22%3A%5B%22%22%5D%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&sg=%7B%22ortb2%22%3A%7B%22site%22%3A%7B%22cattax%22%3A7%2C%22cat%22%3A%5B%22596%22%2C%22599%22%2C%22600%22%2C%22619%22%5D%2C%22keywords%22%3A%5B%22Technology+%26+Computing%22%2C%22Technology+%26+Computing%7CComputing%22%2C%22Technology+%26+Computing%7CComputing%7CComputer+Networking%22%2C%22Technology+%26+Computing%7CComputing%7CInternet%22%5D%7D%7D%7D&schain=1.0%2C1&gpp=DBABLA%7EBVQqAAAAAgA.QA&gpp_sid=%5B7%5D&sm=2ff52d1a-972a-4fc5-a0e7-fc85b8564ee5&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&sf=1&_c=1
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.99.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-99-9.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
40184d782003909aa908a44ccc7e73c013d9224849373a277e12b087a3944cba

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:55 GMT
via
1.1 1abf103face183cd8172f37e6ac30038.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P5
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.itpro.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
1085
x-amz-cf-id
OP_wWQ0pJG06yond4-ErzFruIfR3R3OovcoyhJdw4GjZRRyimL45IQ==
pub
pixel.adsafeprotected.com/services/ 		1 KB
578 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/services/pub?anId=923193&slot=%7Bid:bordeaux-ad-2,ss:%5B970.250,970.90,728.90,980.240,970.251,970.180,970.150%5D,p:/10518929/itpro.co.uk/news/article/top-leaderboard,t:display%7D&slot=%7Bid:bordeaux-ad-3,ss:%5B300.600,300.250,300.251,300.601%5D,p:/10518929/itpro.co.uk/news/article/mpu1,t:display%7D&slot=%7Bid:bordeaux-ad-4,ss:%5B300.600,300.250,300.252,300.602%5D,p:/10518929/itpro.co.uk/news/article/mpu2,t:display%7D&slot=%7Bid:bordeaux-ad-5,ss:%5B300.600,300.250,300.253,300.603%5D,p:/10518929/itpro.co.uk/news/article/mpu3,t:display%7D&slot=%7Bid:bordeaux-ad-0,ss:%5B1.1%5D,p:/10518929/itpro.co.uk/news/article/skin,t:display%7D&slot=%7Bid:bordeaux-ad-1,ss:%5B1.1%5D,p:/10518929/itpro.co.uk/news/article/overlay,t:display%7D&slot=%7Bid:bordeaux-ad-6,ss:%5B6.6%5D,p:/10518929/itpro.co.uk/news/article/sponsored-by,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=9370d2c6-5f89-a51a-24f8-52180a53cc74&url=https%253A%252F%252Fwww.itpro.com%252Fsecurity%252Fcyber-crime%252Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%253Futm_source%253DSelligent%2526utm_medium%253Demail%2526utm_campaign%253DITP_SECURITY_BULLETIN_AUG_2024%2526utm_content%253DITP_SECURITY_BULLETIN_AUG_2024%2526utm_term%253D25915974%2526m_i%253DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%25252BKearr%25252BetlUoTgm7GxrJj2plYbPlvQypyta%25252B4tMr1AhTqzKOVDj6ddc
Requested by
Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.129.126.64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-174-129-126-64.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
d7bb013f7be157b07cb16bb4425396ea3bf167a8cc103c8492051f9cd48a269f

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:55 GMT
content-encoding
gzip
server
Apache-Coyote/1.1
vary
Accept-Encoding
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.itpro.com
access-control-expose-headers
X-Server-Name
access-control-allow-credentials
true
timing-allow-origin
*
ramp
ads.servebom.com/ 		29 KB
17 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servebom.com/ramp?r=452&o={%22f%22:%22%22,%22p%22:null,%22l%22:%22https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx92BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc%22,%22rf%22:%22%22,%22fs%22:0,%22t%22:%222024-08-05%2004:18:54%22,%22tz%22:600,%22r%22:%221600x1200%22,%22pam%22:%22allowed%22,%22gdprConsent%22:null,%22ccpa%22:%221YNN%22,%22gppConsent%22:%22DBABLA~BVQqAAAAAgA.QA%22,%22gppSID%22:[7],%22g%22:[],%22a%22:[{%22s%22:%22/10518929/itpro.co.uk/news/article/top-leaderboard%22,%22z%22:[[970,250],[970,90],[728,90]],%22d%22:%22bordeaux-ad-2%22},{%22s%22:%22/10518929/itpro.co.uk/news/article/mpu1%22,%22z%22:[[300,600],[300,250]],%22d%22:%22bordeaux-ad-3%22},{%22s%22:%22/10518929/itpro.co.uk/news/article/mpu2%22,%22z%22:[[300,600],[300,250]],%22d%22:%22bordeaux-ad-4%22},{%22s%22:%22/10518929/itpro.co.uk/news/article/mpu3%22,%22z%22:[[300,600],[300,250]],%22d%22:%22bordeaux-ad-5%22},{%22s%22:%22/10518929/itpro.co.uk/news/article/skin%22,%22z%22:[[1,1]],%22d%22:%22bordeaux-ad-0%22},{%22s%22:%22/10518929/itpro.co.uk/news/article/overlay%22,%22z%22:[[1,1]],%22d%22:%22bordeaux-ad-1%22}],%22ex%22:[],%22tpl%22:%22article%22,%22seg%22:%22103448,110120,113650,114246,114895,135986,145735,196462,73403,83205,87576,87924,88089,88148,89871,90575,90673,91634,94788,adv,bufb,bugr,buuz,buve,buvj,buvo,buvt,buvy%22,%22fp%22:{%22300x600%22:1.13,%22728x90%22:0.97,%22300x250%22:1.13,%22160x600%22:0.65,%22970x250%22:0.89,%22970x90%22:0.96},%22ab%22:[]}&uuid=13f70bb8d98b4acf86bab97e31178fa3
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:d000:12:b587:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
97675c501a2d7b36ab30e742a371c4b7e043de77d2b72fb7b2dc983e433a4cbc

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:55 GMT
content-encoding
gzip
via
1.1 556ef92964692e27cf8626ac501230e4.cloudfront.net (CloudFront)
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.itpro.com
content-type
text/plain
access-control-allow-credentials
true
timing-allow-origin
*
content-length
16259
x-amz-cf-id
Fpg28OYToscQDpb0dcvF98TUKtw1soUNAth5uAFzBFPhEPFhjTPbLw==
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 556B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
836
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
28869
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Aug 2024 14:04:59 GMT
expires
Mon, 05 Aug 2024 14:54:59 GMT
last-modified
Mon, 29 Jul 2024 19:44:55 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
translator
hbopenbid.pubmatic.com/ 		0
56 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
207.65.37.179 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://www.itpro.com
date
Mon, 05 Aug 2024 14:18:55 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
hb
hb.undertone.com/ 		0
537 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.undertone.com/hb?pid=2731&domain=itpro.com&gdpr=0&gdprstr=&ccpa=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.125.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-125-30.iad61.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
via
1.1 185e69fae2e25450e587a1fae1f63962.cloudfront.net (CloudFront)
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
observe-browsing-topics
?1
x-amz-cf-pop
IAD61-P3
x-cache
Miss from cloudfront
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
access-control-allow-origin
https://www.itpro.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
x-amz-cf-id
F8i_ubRijxe7axUEvL-ThY4hWzJwn3rRL3bVeaSjCHwn3-IOrquBbw==
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.47.0&referrer=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&tmax=2900&gdpr=false&us_privacy=1YNN
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.206.91.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-206-91-202.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
content-encoding
gzip
accept-ch
sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink
observe-browsing-topics
?1
vary
Accept-Encoding
content-type
application/json; charset=utf-8
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		948 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=9788&site_id=463342&zone_id=2723034&size_id=2&alt_size_ids=55%2C57&gdpr=0&us_privacy=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7&rf=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&kw=p_standard%3Dadv%2Cp_standard%3Dbufb%2Cp_standard%3Dbugr%2Cp_standard%3Dbuuz%2Cp_standard%3Dbuve%2Cp_standard%3Dbuvj%2Cp_standard%3Dbuvo%2Cp_standard%3Dbuvt%2Cp_standard%3Dbuvy%2Cpermutive%3D73403&tg_v.url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%253dSelligent%26utm_medium%253demail%26utm_campaign%253dITP_SECURITY_BULLETIN_AUG_2024%26utm_content%253dITP_SECURITY_BULLETIN_AUG_2024%26utm_term%253d25915974%26m_i%253ddStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&tg_v.cft_label_name=NOT%20DETECTED&tg_v.cft_enabled_apis=Topics&tg_v.category=Security&tg_v.child_category=Cyber%20Crime&tg_v.kw=serversidehawk&tg_v.fepPrimaryProduct=Malware&tg_v.fepSecondaryProducts=GitHub%2CGhost%2CDiscord%2CResearch%2CFraction&tg_v.fepCategory=Cyber%20Crime&tg_v.fepGroups=Cyber%20Crime&tg_v.fepPrimaryCompany=Check%20Point&tg_v.iabCategories=Technology%20%26%20Computing%2CTechnology%20%26%20Computing%7CComputing%2CTechnology%20%26%20Computing%7CComputing%7CComputer%20Networking%2CTechnology%20%26%20Computing%7CComputing%7CInternet&tg_v.iabCategoryIds=596%2C596.599%2C596.599.600%2C596.599.619&tg_v.p_standard=adv%2Cbufb%2Cbugr%2Cbuuz%2Cbuve%2Cbuvj%2Cbuvo%2Cbuvt%2Cbuvy&tg_v.permutive=73403&tg_i.tax7=596%2C599%2C600%2C619&tg_i.domain=itpro.com&tg_i.page=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&tg_i.pos=1%2Cpre_inline_1&tg_i.incremental=no&tg_i.refresh=no&tg_i.additional=no&tg_i._slot=top-leaderboard&tg_i._slot_type=top-leaderboard&tg_i.pbadslot=%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Ftop-leaderboard&tk_flint=pbjs_lite_v8.47.0&l_pb_bid_id=3963de66d226d5f&p_screen_res=1600x1200&o_ae=1&rp_secure=1&rp_maxbids=1&p_gpid=%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Ftop-leaderboard&m_ch_mobile=%3F0&slots=1&rand=0.2855302807566762
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
a3e7f2a5272104940ef3a43cfa6912b72d4c390a39b639788ab9986e35423a9b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		928 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=9788&site_id=463342&zone_id=2723034&size_id=15&alt_size_ids=10&gdpr=0&us_privacy=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7&rf=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&kw=p_standard%3Dadv%2Cp_standard%3Dbufb%2Cp_standard%3Dbugr%2Cp_standard%3Dbuuz%2Cp_standard%3Dbuve%2Cp_standard%3Dbuvj%2Cp_standard%3Dbuvo%2Cp_standard%3Dbuvt%2Cp_standard%3Dbuvy%2Cpermutive%3D73403&tg_v.url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%253dSelligent%26utm_medium%253demail%26utm_campaign%253dITP_SECURITY_BULLETIN_AUG_2024%26utm_content%253dITP_SECURITY_BULLETIN_AUG_2024%26utm_term%253d25915974%26m_i%253ddStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&tg_v.cft_label_name=NOT%20DETECTED&tg_v.cft_enabled_apis=Topics&tg_v.category=Security&tg_v.child_category=Cyber%20Crime&tg_v.kw=serversidehawk&tg_v.fepPrimaryProduct=Malware&tg_v.fepSecondaryProducts=GitHub%2CGhost%2CDiscord%2CResearch%2CFraction&tg_v.fepCategory=Cyber%20Crime&tg_v.fepGroups=Cyber%20Crime&tg_v.fepPrimaryCompany=Check%20Point&tg_v.iabCategories=Technology%20%26%20Computing%2CTechnology%20%26%20Computing%7CComputing%2CTechnology%20%26%20Computing%7CComputing%7CComputer%20Networking%2CTechnology%20%26%20Computing%7CComputing%7CInternet&tg_v.iabCategoryIds=596%2C596.599%2C596.599.600%2C596.599.619&tg_v.p_standard=adv%2Cbufb%2Cbugr%2Cbuuz%2Cbuve%2Cbuvj%2Cbuvo%2Cbuvt%2Cbuvy&tg_v.permutive=73403&tg_i.tax7=596%2C599%2C600%2C619&tg_i.domain=itpro.com&tg_i.page=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&tg_i.pos=1%2Cpre_right_1&tg_i.incremental=no&tg_i.refresh=no&tg_i.additional=no&tg_i._slot=topOfSidebar&tg_i._slot_type=topOfSidebar&tg_i.pbadslot=%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu1&tk_flint=pbjs_lite_v8.47.0&l_pb_bid_id=40de415f3800bfa&p_screen_res=1600x1200&o_ae=1&rp_secure=1&rp_maxbids=1&p_gpid=%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu1&m_ch_mobile=%3F0&slots=1&rand=0.23324336424583447
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
8cb6edfe3d8d51b14a83779aeb87cd86e380fa86f8aeb0b4a11190e74283d07f

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		936 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=9788&site_id=463342&zone_id=2723034&size_id=15&alt_size_ids=10&gdpr=0&us_privacy=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7&rf=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&kw=p_standard%3Dadv%2Cp_standard%3Dbufb%2Cp_standard%3Dbugr%2Cp_standard%3Dbuuz%2Cp_standard%3Dbuve%2Cp_standard%3Dbuvj%2Cp_standard%3Dbuvo%2Cp_standard%3Dbuvt%2Cp_standard%3Dbuvy%2Cpermutive%3D73403&tg_v.url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%253dSelligent%26utm_medium%253demail%26utm_campaign%253dITP_SECURITY_BULLETIN_AUG_2024%26utm_content%253dITP_SECURITY_BULLETIN_AUG_2024%26utm_term%253d25915974%26m_i%253ddStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&tg_v.cft_label_name=NOT%20DETECTED&tg_v.cft_enabled_apis=Topics&tg_v.category=Security&tg_v.child_category=Cyber%20Crime&tg_v.kw=serversidehawk&tg_v.fepPrimaryProduct=Malware&tg_v.fepSecondaryProducts=GitHub%2CGhost%2CDiscord%2CResearch%2CFraction&tg_v.fepCategory=Cyber%20Crime&tg_v.fepGroups=Cyber%20Crime&tg_v.fepPrimaryCompany=Check%20Point&tg_v.iabCategories=Technology%20%26%20Computing%2CTechnology%20%26%20Computing%7CComputing%2CTechnology%20%26%20Computing%7CComputing%7CComputer%20Networking%2CTechnology%20%26%20Computing%7CComputing%7CInternet&tg_v.iabCategoryIds=596%2C596.599%2C596.599.600%2C596.599.619&tg_v.p_standard=adv%2Cbufb%2Cbugr%2Cbuuz%2Cbuve%2Cbuvj%2Cbuvo%2Cbuvt%2Cbuvy&tg_v.permutive=73403&tg_i.tax7=596%2C599%2C600%2C619&tg_i.domain=itpro.com&tg_i.page=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&tg_i.pos=2%2Cpre_right_2&tg_i.incremental=no&tg_i.refresh=no&tg_i.additional=no&tg_i._slot=beforePopularBox&tg_i._slot_type=beforePopularBox&tg_i.pbadslot=%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu2&tk_flint=pbjs_lite_v8.47.0&l_pb_bid_id=4112437d5fb8349&p_screen_res=1600x1200&o_ae=1&rp_secure=1&rp_maxbids=1&p_gpid=%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu2&m_ch_mobile=%3F0&slots=1&rand=0.42287637243279685
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
e25daaa77ec57b7c7cbf10265b1f0e2876919ef9f5cb66dc225ae1324c624e71

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		934 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=9788&site_id=463342&zone_id=2723034&size_id=15&alt_size_ids=10&gdpr=0&us_privacy=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7&rf=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&kw=p_standard%3Dadv%2Cp_standard%3Dbufb%2Cp_standard%3Dbugr%2Cp_standard%3Dbuuz%2Cp_standard%3Dbuve%2Cp_standard%3Dbuvj%2Cp_standard%3Dbuvo%2Cp_standard%3Dbuvt%2Cp_standard%3Dbuvy%2Cpermutive%3D73403&tg_v.url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%253dSelligent%26utm_medium%253demail%26utm_campaign%253dITP_SECURITY_BULLETIN_AUG_2024%26utm_content%253dITP_SECURITY_BULLETIN_AUG_2024%26utm_term%253d25915974%26m_i%253ddStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&tg_v.cft_label_name=NOT%20DETECTED&tg_v.cft_enabled_apis=Topics&tg_v.category=Security&tg_v.child_category=Cyber%20Crime&tg_v.kw=serversidehawk&tg_v.fepPrimaryProduct=Malware&tg_v.fepSecondaryProducts=GitHub%2CGhost%2CDiscord%2CResearch%2CFraction&tg_v.fepCategory=Cyber%20Crime&tg_v.fepGroups=Cyber%20Crime&tg_v.fepPrimaryCompany=Check%20Point&tg_v.iabCategories=Technology%20%26%20Computing%2CTechnology%20%26%20Computing%7CComputing%2CTechnology%20%26%20Computing%7CComputing%7CComputer%20Networking%2CTechnology%20%26%20Computing%7CComputing%7CInternet&tg_v.iabCategoryIds=596%2C596.599%2C596.599.600%2C596.599.619&tg_v.p_standard=adv%2Cbufb%2Cbugr%2Cbuuz%2Cbuve%2Cbuvj%2Cbuvo%2Cbuvt%2Cbuvy&tg_v.permutive=73403&tg_i.tax7=596%2C599%2C600%2C619&tg_i.domain=itpro.com&tg_i.page=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&tg_i.pos=3%2Cpre_right_3&tg_i.incremental=no&tg_i.refresh=no&tg_i.additional=no&tg_i._slot=afterPopularBox&tg_i._slot_type=afterPopularBox&tg_i.pbadslot=%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu3&tk_flint=pbjs_lite_v8.47.0&l_pb_bid_id=42a770b6d6e5e56&p_screen_res=1600x1200&o_ae=1&rp_secure=1&rp_maxbids=1&p_gpid=%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu3&m_ch_mobile=%3F0&slots=1&rand=0.45779706666949815
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
fe5ebadb2eeaf7d27fc217f0dadfa65ca152ae7f244c6f4d835e579d7481bc01

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
cdb
bidder.criteo.com/ 		0
220 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.47.0&cb=5931163875&lsavail=1
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.117.6 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
observe-browsing-topics
?1
vary
Origin
access-control-allow-origin
https://www.itpro.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
prebid
ads.yieldmo.com/exchange/ 		0
223 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=8.47.0&p=%5B%7B%22placement_id%22%3A%22%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Ftop-leaderboard%22%2C%22callback_id%22%3A%2249c0a197d18ab57%22%2C%22sizes%22%3A%5B%5B970%2C250%5D%2C%5B970%2C90%5D%2C%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223281374877725958356%22%2C%22gpid%22%3A%22%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Ftop-leaderboard%22%7D%2C%7B%22placement_id%22%3A%22%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu1%22%2C%22callback_id%22%3A%2250d1ce1a2062188%22%2C%22sizes%22%3A%5B%5B300%2C600%5D%2C%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%223281374877725958356%22%2C%22gpid%22%3A%22%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu1%22%7D%2C%7B%22placement_id%22%3A%22%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu2%22%2C%22callback_id%22%3A%22513c35cc5ab4925%22%2C%22sizes%22%3A%5B%5B300%2C600%5D%2C%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%223281374877725958356%22%2C%22gpid%22%3A%22%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu2%22%7D%2C%7B%22placement_id%22%3A%22%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu3%22%2C%22callback_id%22%3A%2252daf0be6e163dc%22%2C%22sizes%22%3A%5B%5B300%2C600%5D%2C%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%223281374877725958356%22%2C%22gpid%22%3A%22%2F10518929%2Fitpro.co.uk%2Fnews%2Farticle%2Fmpu3%22%7D%5D&page_url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&bust=1722867535007&dnt=false&description=A%20flood%20of%20ghost%20accounts%20are%20manipulating%20GitHub%20to%20promote%20malicious%20repositories%20and%20accounts%20%E2%80%93%20and%20this%20could%20be%20just%20the%20tip%20of%20the%20iceberg&tmax=2900&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%2C%22gpp%22%3A%22DBABLA~BVQqAAAAAgA.QA%22%2C%22gpp_sid%22%3A%5B7%5D%7D&us_privacy=1YNN&pr=&scrd=1&title=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&w=1600&h=1200
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.206.48 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-206-48.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://www.itpro.com
pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
c
prebid.a-mo.net/a/ 		36 KB
20 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.195.77 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e134482fbae6a9c1bf3c384bdad5838a29d0c82c803ff79f8fa9208a40565e69

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:55 GMT
content-encoding
gzip
server
envoy
vary
origin, accept-encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.itpro.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
231
content-length
20062
pbjs
htlb.casalemedia.com/openrtb/ 		20 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=934081
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca6ad8d8dd612f359654595c5f0c241daec0459525fb51932a5896cbd028dda2

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:55 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
observe-browsing-topics
?1
alt-svc
h3=":443"; ma=86400
content-length
7504
pragma
no-cache
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9kqNpTsDWWGTVvbzOx24JcdhyWi6LMGKnuKsKq1qLpQcDSn3wl9oWsXJ36KXnWoXHL0jX9oU%2FCJWH2llqa2F94d9DDFLugxbjXrt%2BvQ2frlbhSA0Cz7AdtE1FWe0sPI2h4m4TJO0"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
8ae76b4e38db67b7-MIA
expires
0
prebid
ib.adnxs.com/ut/v3/ 		93 KB
26 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.186 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
938866a09049f4313c172ad4a1e9d7d7af5a86e375b2ed02838de495109774f0
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
content-encoding
gzip
an-x-request-uuid
8a8979b6-239e-441f-b1d2-1ad6f8bb4f63
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary
Accept-Encoding
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.itpro.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
38.132.118.77; 38.132.118.77; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
j
rp4.liadm.com/
Redirect Chain
  • https://rp.liadm.com/j?dtstmp=1722867535068&did=did-0043&se=e30&duid=ee7a5467f5a4--01j4hegjh3vbydcmr0sx2napcp&tv=8.47.0&pu=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discove...
  • https://rp4.liadm.com/j?dtstmp=1722867535068&did=did-0043&se=e30&duid=ee7a5467f5a4--01j4hegjh3vbydcmr0sx2napcp&tv=8.47.0&pu=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discov...
13 B
348 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rp4.liadm.com/j?dtstmp=1722867535068&did=did-0043&se=e30&duid=ee7a5467f5a4--01j4hegjh3vbydcmr0sx2napcp&tv=8.47.0&pu=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&us_privacy=1YNN&wpn=prebid&gdpr=0&cd=.itpro.com&i6=MjAwMTo1NTA6MWQwNToxOjoxMg%3D%3D&n3pc=true
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
3.225.72.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-72-197.compute-1.amazonaws.com
Software
/
Resource Hash
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:55 GMT
x-pixel-event-id
55791122-8dfc-4b53-ae2a-2be80cc56b0d
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
null
access-control-expose-headers
*
access-control-allow-credentials
true
content-length
13

Redirect headers

location
https://rp4.liadm.com/j?dtstmp=1722867535068&did=did-0043&se=e30&duid=ee7a5467f5a4--01j4hegjh3vbydcmr0sx2napcp&tv=8.47.0&pu=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&us_privacy=1YNN&wpn=prebid&gdpr=0&cd=.itpro.com&i6=MjAwMTo1NTA6MWQwNToxOjoxMg%3D%3D&n3pc=true
access-control-allow-origin
https://www.itpro.com
date
Mon, 05 Aug 2024 14:18:55 GMT
access-control-expose-headers
*
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET
ima_ppub_config
securepubads.g.doubleclick.net/pagead/ 		159 B
89 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ima_ppub_config?ippd=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
cafe /
Resource Hash
7440fd1f5f27f173cbd583c5815a81906118886e771450c405fe7497d49bc472
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:55 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64
x-xss-protection
0
expires
Mon, 05 Aug 2024 14:18:55 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=3c82e640-f4c3-40ed-bb04-5704e47b66be&google_hm=M2M4MmU2NDAtZjRjMy00MGVkLWJiMDQtNTcwNGU0N2I2NmJl&...
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEMV3jgG7a11r3rk2MUb4-0Q&google_cver=1&ssp=sonobi&bsw_param=3c82e640-f4c3-40ed-bb04-5704e47b66be&gdpr_consent=&gdpr=0
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=3c82e640-f4c3-40ed-bb04-5704e47b66be&gdpr=0&gdpr_consent=&us_privacy=
49 B
769 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=3c82e640-f4c3-40ed-bb04-5704e47b66be&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-101
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=3c82e640-f4c3-40ed-bb04-5704e47b66be&gdpr=0&gdpr_consent=&us_privacy=
Date
Mon, 05 Aug 2024 14:18:55 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=48c3f041-3e95-40ba-9b98-d1e5372b4104&pubid=
49 B
769 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=td&nuid=48c3f041-3e95-40ba-9b98-d1e5372b4104&pubid=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-101
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://sync.go.sonobi.com/us.gif?nw=td&nuid=48c3f041-3e95-40ba-9b98-d1e5372b4104&pubid=
date
Mon, 05 Aug 2024 14:18:55 GMT
server
Kestrel
content-length
207
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://p.rfihub.com/cm?pub=35683&in=1
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1920574156666283085
49 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1920574156666283085
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-101
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1920574156666283085
Date
Mon, 05 Aug 2024 14:18:55 GMT
Server
Jetty(9.4.51.v20230217)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=140&gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=140&gdpr=0&gdpr_consent=
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553&partner_url=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dbs%26nuid%3D...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553&partner_url=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dbs%26n...
  • https://sync.go.sonobi.com/us.gif?nw=bs&nuid=7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553&gdpr=0&gdpr_consent=
49 B
783 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=bs&nuid=7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553&gdpr=0&gdpr_consent=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-101
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Mon, 05 Aug 2024 14:18:55 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://sync.go.sonobi.com/us.gif?nw=bs&nuid=7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553&gdpr=0&gdpr_consent=
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=286
  • https://sync.go.sonobi.com/us.gif?nw=st&nuid=CH4xsdExW1RVsOzUyOzYsiaEdk0
49 B
760 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=st&nuid=CH4xsdExW1RVsOzUyOzYsiaEdk0
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-101
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=st&nuid=CH4xsdExW1RVsOzUyOzYsiaEdk0
Date
Mon, 05 Aug 2024 14:18:55 GMT
Connection
keep-alive
Content-Length
99
Content-Type
text/html; charset=utf-8
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dif%26nuid%3D[MM_UUID]
  • https://sync.go.sonobi.com/us.gif?nw=if&nuid=ad7b66b0-df4f-4500-9723-6bb53b165bb1
49 B
769 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=if&nuid=ad7b66b0-df4f-4500-9723-6bb53b165bb1
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-101
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Mon, 05 Aug 2024 14:18:55 GMT
Strict-Transport-Security
31536000
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
all
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
Referrer-Policy
strict-origin
Server
MT3 1637 26565ec master ord ord-pixel-x53 config_version:"668"
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://sync.go.sonobi.com/us.gif?nw=if&nuid=ad7b66b0-df4f-4500-9723-6bb53b165bb1
Cache-Control
no-cache,no-store,must-revalidate
Keep-Alive
timeout=360
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=sonobi
  • https://sync.go.sonobi.com/us.gif?nw=rh&nuid=dyuPae2CiZZKG9h04ucCYmKrx8231kEeP6IkZ_nU-DI&pi=sonobi
49 B
776 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=rh&nuid=dyuPae2CiZZKG9h04ucCYmKrx8231kEeP6IkZ_nU-DI&pi=sonobi
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-101
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://sync.go.sonobi.com/us.gif?nw=rh&nuid=dyuPae2CiZZKG9h04ucCYmKrx8231kEeP6IkZ_nU-DI&pi=sonobi
pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT, Mon, 05 Aug 2024 14:18:55 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
vary
Accept-Encoding
expires
Thu, 01 Jan 1970 00:00:00 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://ads.stickyadstv.com/user-matching?id=3703&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us.gif?nw=fw&nuid=f7b12ced3a3f77cae6df837e36a11c9d&gdpr=0&gdpr_consent=
49 B
765 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=fw&nuid=f7b12ced3a3f77cae6df837e36a11c9d&gdpr=0&gdpr_consent=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-101
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 05 Aug 2024 14:18:55 GMT
Server
nginx
Access-Control-Allow-Origin
*
Location
https://sync.go.sonobi.com/us.gif?nw=fw&nuid=f7b12ced3a3f77cae6df837e36a11c9d&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
x-sticky-vk
1722867535721092-1162
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=4cfaf80b-30bf-4a24-8ad4-5dc9dbc991fd&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=c2dSaE5ESU5pQzVaRzBfUVJrUFZkdw&gdpr=&gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEDzGFv1d6uzz9h_HnZ3OOIM&google_cver=1
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=OtbdQJhemzbV
49 B
744 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=OtbdQJhemzbV
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-101
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
en-US
location
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=OtbdQJhemzbV
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-7d978d4789-5dm6q
expires
-1
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://ib.adnxs.com/getuid?https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=$UID
  • https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=8227823255572650278
49 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=8227823255572650278
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-101
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
an-x-request-uuid
c93f1309-e9f9-4905-91fc-88fd625f0bc5
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=8227823255572650278
x-proxy-origin
38.132.118.77; 38.132.118.77; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
ibs:dpid=87880&dpuuid=4cfaf80b-30bf-4a24-8ad4-5dc9dbc991fd
dpm.demdex.net/ 		42 B
715 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=87880&dpuuid=4cfaf80b-30bf-4a24-8ad4-5dc9dbc991fd
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.86.2.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-86-2-203.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

dcs
dcs-prod-va6-2-v062-003c5833c.edge-va6.demdex.com 20 ms
pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
x-tid
qkkpyTutTMc=
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length
59
expires
Thu, 01 Jan 1970 00:00:00 UTC
usg.gif
sync.go.sonobi.com/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=NGNmYWY4MGItMzBiZi00YTI0LThhZDQtNWRjOWRiYzk5MWZk
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESEDG5ZXYUGrmd3BD1p6GAEB4&google_cver=1
49 B
763 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEDG5ZXYUGrmd3BD1p6GAEB4&google_cver=1
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2607:f350:3:2569:0:10:0:d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-101
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEDG5ZXYUGrmd3BD1p6GAEB4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
288
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=10055482&cs_fpcu=d7da1d0dcfbb4feba64a0feb9da1d1bb&cs_it=b8&cv=4.0.0%2B2301240627&ns__t=1722867535122&ns_c=UTF-8&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&cs_fpcu=d7da1d0dcfbb4feba64a0feb9da1d1bb&cs_it=b8&cv=4.0.0%2B2301240627&ns__t=1722867535122&ns_c=UTF-8&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdp...
0
224 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&cs_fpcu=d7da1d0dcfbb4feba64a0feb9da1d1bb&cs_it=b8&cv=4.0.0%2B2301240627&ns__t=1722867535122&ns_c=UTF-8&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=0&cs_cmp_id=6&cs_cmp_sv=1&cs_cmp_rt=0&c7=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&c8=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&c9=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
18.154.227.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-154-227-84.iad55.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:55 GMT
via
1.1 02953992e043cdd9273bab020f4030a0.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
IAD55-P5
x-amz-cf-id
JSj6IzWZaKFmgLjf9b73nYgeHgMlRp841EspU-z1a_3ZFVxQ66rOJw==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 05 Aug 2024 14:18:55 GMT
via
1.1 02953992e043cdd9273bab020f4030a0.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
IAD55-P5
x-cache
Miss from cloudfront
location
/b2?c1=2&c2=10055482&cs_fpcu=d7da1d0dcfbb4feba64a0feb9da1d1bb&cs_it=b8&cv=4.0.0%2B2301240627&ns__t=1722867535122&ns_c=UTF-8&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=0&cs_cmp_id=6&cs_cmp_sv=1&cs_cmp_rt=0&c7=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&c8=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&c9=
content-length
0
x-amz-cf-id
DHXI67u3TVlclhNaSdu9K0O_hwqxnEIIVJEdqM0xH193BllWQY6Pdg==
sync
s.cpx.to/
Redirect Chain
  • https://pixel.rubiconproject.com/token?pid=34010&customParamenters
  • https://s.cpx.to/sync?dsp=rubicon&dsp_uid=LZH2UI73-I-1PCS&customParamenters=
0
199 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp=rubicon&dsp_uid=LZH2UI73-I-1PCS&customParamenters=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
34.248.170.187 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-170-187.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

p3p
CP="NOI DEV ADM"
date
Mon, 05 Aug 2024 14:18:55 GMT
expires
Mon, 05 Aug 2024 14:18:55 GMT

Redirect headers

P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma
no-cache
Cache-Control
no-cache,no-store,must-revalidate
Location
https://s.cpx.to/sync?dsp=rubicon&dsp_uid=LZH2UI73-I-1PCS&customParamenters=
content-length
0
X-RPHost
2287badc5c237956b0d76bf6ef4ddf0e
Expires
0
sync
s.cpx.to/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm
  • https://s.cpx.to/sync?dsp_uid=CAESENsJpGcCPkAEN-ACtZd-SKk&dsp=dbm&google_cver=1
0
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp_uid=CAESENsJpGcCPkAEN-ACtZd-SKk&dsp=dbm&google_cver=1
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
34.248.170.187 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-170-187.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

p3p
CP="NOI DEV ADM"
date
Mon, 05 Aug 2024 14:18:55 GMT
expires
Mon, 05 Aug 2024 14:18:55 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://s.cpx.to/sync?dsp_uid=CAESENsJpGcCPkAEN-ACtZd-SKk&dsp=dbm&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
284
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
s.cpx.to/
Redirect Chain
  • https://u.openx.net/w/1.0/cm?id=f0f39a70-2c21-4d5d-af4b-7350637edcd5&r=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3DOPENX%26dsp_uid%3D%7BOPENX_ID%7D
  • https://s.cpx.to/sync?dsp=OPENX&dsp_uid=53337cb3-7658-0170-1cab-c10c0dfb0bf4
0
212 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp=OPENX&dsp_uid=53337cb3-7658-0170-1cab-c10c0dfb0bf4
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
34.248.170.187 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-170-187.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

p3p
CP="NOI DEV ADM"
date
Mon, 05 Aug 2024 14:18:55 GMT
expires
Mon, 05 Aug 2024 14:18:55 GMT

Redirect headers

date
Mon, 05 Aug 2024 14:18:55 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://s.cpx.to/sync?dsp=OPENX&dsp_uid=53337cb3-7658-0170-1cab-c10c0dfb0bf4
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
fire.js
s.cpx.to/
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Ffire.js%3Fdsp%3Dapp_nexus%26dsp_uid%3D%24UID%26pid%3D12529%26url%3Dhttps%253A%252F%252Fwww.itpro.com%252Fsecurity%252Fcyber-crime%252Fresear...
  • https://s.cpx.to/fire.js?dsp=app_nexus&dsp_uid=8227823255572650278&pid=12529&url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3...
54 B
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/fire.js?dsp=app_nexus&dsp_uid=8227823255572650278&pid=12529&url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&hn_ver=78&fid=077a9d12-97f8-4141-8d24-6bdc2703f26a&dsp=TTD&dsp_uid=0e365dc4-1852-45c2-ba63-fb539bbe7a2c
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
34.248.170.187 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-170-187.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

expires
Mon, 05 Aug 2024 14:18:55 GMT
date
Mon, 05 Aug 2024 14:18:55 GMT
content-length
54
p3p
CP="NOI DEV ADM"

Redirect headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:55 GMT
an-x-request-uuid
39257eaa-587c-44de-9d0e-4c49bfc92efe
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://s.cpx.to/fire.js?dsp=app_nexus&dsp_uid=8227823255572650278&pid=12529&url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&hn_ver=78&fid=077a9d12-97f8-4141-8d24-6bdc2703f26a&dsp=TTD&dsp_uid=0e365dc4-1852-45c2-ba63-fb539bbe7a2c
x-proxy-origin
38.132.118.77; 38.132.118.77; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
s.cpx.to/
Redirect Chain
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID
  • https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=EF052076-B46A-4770-A15A-AF0F1FC8093D
0
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=EF052076-B46A-4770-A15A-AF0F1FC8093D
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
34.248.170.187 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-170-187.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

p3p
CP="NOI DEV ADM"
date
Mon, 05 Aug 2024 14:18:55 GMT
expires
Mon, 05 Aug 2024 14:18:55 GMT

Redirect headers

location
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=EF052076-B46A-4770-A15A-AF0F1FC8093D
date
Mon, 05 Aug 2024 14:18:55 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
ramp
ads.servebom.com/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servebom.com/ramp?r=816&o={%22f%22:1,%22p%22:null,%22l%22:%22https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx92BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc%22,%22tt%22:%22Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro%22,%22fs%22:0,%22t%22:%222024-08-05%2004:18:55%22,%22tz%22:600,%22r%22:%221600x1200%22,%22pam%22:%22allowed%22,%22gdprConsent%22:null,%22ccpa%22:%221YNN%22,%22g%22:[],%22a%22:[{%22s%22:%22/10518929/itpro.co.uk/itpro_preroll_carousel%22,%22z%22:[540,304],%22d%22:%22video_content_186%22,%22g%22:{},%22refresh%22:1}],%22ex%22:[],%22ab%22:[]}&uuid=6b0b77562c1a4d97a3dad1bc03757446&at=v
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:d000:12:b587:d880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
38e75c227eb3aa7bdf950f712e6b8fd16f24ea6fac31c48ecf4a0d338d3a2ba4

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:55 GMT
content-encoding
gzip
via
1.1 556ef92964692e27cf8626ac501230e4.cloudfront.net (CloudFront)
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.itpro.com
content-type
text/plain
access-control-allow-credentials
true
timing-allow-origin
*
content-length
911
x-amz-cf-id
cQpRJ5udCUTUnYyJWxFgKOK7ZybOodbJj-GbUfAQvP1nLzzGa6_BCg==
bid
aax.amazon-adsystem.com/e/dtb/ 		140 B
471 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=3032&u=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&pid=9GSc8KV6VB7AP&cb=1&ws=1600x1200&v=24.722.1801&t=5000&slots=%5B%7B%22id%22%3A%22videoSlot%22%2C%22mt%22%3A%22v%22%2C%22s%22%3A%5B%22640x480%22%5D%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22source%22%3A2%2C%22platform%22%3A%7B%22brand%22%3A%22%22%2C%22version%22%3A%5B%22%22%5D%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&sg=%7B%22ortb2%22%3A%7B%22site%22%3A%7B%22cattax%22%3A7%2C%22cat%22%3A%5B%22596%22%2C%22599%22%2C%22600%22%2C%22619%22%5D%2C%22keywords%22%3A%5B%22Technology+%26+Computing%22%2C%22Technology+%26+Computing%7CComputing%22%2C%22Technology+%26+Computing%7CComputing%7CComputer+Networking%22%2C%22Technology+%26+Computing%7CComputing%7CInternet%22%5D%7D%7D%7D&schain=1.0%2C1&gpp=DBABLA%7EBVQqAAAAAgA.QA&gpp_sid=%5B7%5D&sm=2ff52d1a-972a-4fc5-a0e7-fc85b8564ee5&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&sf=1&vm=%7B%22ids%22%3A%7B%22lotame%22%3A%22a991c1c350f5f7058d3144c6e1cea9fb927a006578a9fe431f83a9f95043fb63%22%7D%7D&_c=1
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.99.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-99-9.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
5ecf9a625ab4e06d3fc2636a6a4be4792494000519122162f69d81ecc48b3961

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:56 GMT
via
1.1 1abf103face183cd8172f37e6ac30038.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P5
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.itpro.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
140
x-amz-cf-id
AHL5k3ItFIWOr3a1iXcY9adqVCy5u9AjRWmd2nIiiun2Hj98sPm9mQ==
auction
api.pbxai.com/analytics/ 		0
259 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.pbxai.com/analytics/auction?auctionTimestamp=1722867534959&pubxaiAnalyticsVersion=v1.2.0&prebidVersion=v8.47.0
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.157.99.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-157-99-80.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/json

Response headers

access-control-allow-origin
https://www.itpro.com
date
Mon, 05 Aug 2024 14:18:55 GMT
access-control-expose-headers
x-my-header-out
server
uvicorn
access-control-allow-headers
Accept,Accept-Language,Content-Language,Content-Type,Authorization,x-correlation-id,Access-Control-Allow-Origin
content-length
0
access-control-allow-methods
OPTIONS,POST
/
www.facebook.com/tr/ 		0
121 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=540347474949339&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867535373&cd[segment_id]=73403&sw=1600&sh=1200&v=2.9.164&r=stable&a=tmSimo-GTM-WebTemplate&ec=2&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&rqm=GET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=59, rtx=0, c=10, mss=1297, tbw=8157, tp=-1, tpl=-1, uplat=3, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 05 Aug 2024 14:18:55 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
849 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=540347474949339&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867535373&cd[segment_id]=73403&sw=1600&sh=1200&v=2.9.164&r=stable&a=tmSimo-GTM-WebTemplate&ec=2&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&rqm=FGET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Mon, 05 Aug 2024 14:18:55 GMT
document-policy
force-load-at-top
x-fb-server-load
77
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7399659719932478682", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=61, rtx=0, c=10, mss=1297, tbw=11251, tp=-1, tpl=-1, uplat=115, ullat=0
pragma
no-cache
x-fb-debug
QuCRaj0KwpRseCedDS0yt+X73KOHUuCgPycpFtgGayrXksPQ0jtiHe3flyuUIRDeYpZqSndxqmmRAcz8zpGsng==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7399659719932478682"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=2482549652030483&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867535379&cd[segment_id]=73403&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&rqm=GET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=59, rtx=0, c=10, mss=1297, tbw=8291, tp=-1, tpl=-1, uplat=3, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 05 Aug 2024 14:18:55 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
848 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=2482549652030483&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867535379&cd[segment_id]=73403&sw=1600&sh=1200&v=2.9.164&r=stable&ec=1&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&rqm=FGET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Mon, 05 Aug 2024 14:18:55 GMT
document-policy
force-load-at-top
x-fb-server-load
62
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7399659719254390910", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=61, rtx=0, c=10, mss=1297, tbw=8638, tp=-1, tpl=-1, uplat=94, ullat=0
pragma
no-cache
x-fb-debug
bJIZ1Mg+Bp6HRKg+wHmLOusscUw+0mlgRErwz9iB1HNn3krDruPCOV9iJDYWVYlqaZ8IxMBJjfGaeqLriH48Ww==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7399659719254390910"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=540347474949339&ev=PermutiveSegmentEntry_73403&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867535380&sw=1600&sh=1200&v=2.9.164&r=stable&a=tmSimo-GTM-WebTemplate&ec=3&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&rqm=GET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=59, rtx=0, c=10, mss=1297, tbw=8291, tp=-1, tpl=-1, uplat=3, ullat=1
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 05 Aug 2024 14:18:55 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
849 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=540347474949339&ev=PermutiveSegmentEntry_73403&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867535380&sw=1600&sh=1200&v=2.9.164&r=stable&a=tmSimo-GTM-WebTemplate&ec=3&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&rqm=FGET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Mon, 05 Aug 2024 14:18:55 GMT
document-policy
force-load-at-top
x-fb-server-load
45
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7399659719172213389", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=61, rtx=0, c=10, mss=1297, tbw=10380, tp=-1, tpl=-1, uplat=101, ullat=1
pragma
no-cache
x-fb-debug
ht6MZAPdZISowtjVtFh7gRWMsT295D0NvEVnJTXG7GSFmsJY64sLpZNExYfQvaB+IQ43zFVOhYBjTIImS+tSSw==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7399659719172213389"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=2482549652030483&ev=PermutiveSegmentEntry_73403&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867535382&sw=1600&sh=1200&v=2.9.164&r=stable&ec=2&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&rqm=GET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=59, rtx=0, c=10, mss=1297, tbw=8291, tp=-1, tpl=-1, uplat=2, ullat=1
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 05 Aug 2024 14:18:55 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
850 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=2482549652030483&ev=PermutiveSegmentEntry_73403&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&rl=&if=false&ts=1722867535382&sw=1600&sh=1200&v=2.9.164&r=stable&ec=2&o=4126&fbp=fb.1.1722867534168.555095722409106393&ler=empty&cdl=API_unavailable&it=1722867533980&coo=false&rqm=FGET
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Mon, 05 Aug 2024 14:18:55 GMT
document-policy
force-load-at-top
x-fb-server-load
69
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7399659719880763187", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=61, rtx=0, c=10, mss=1297, tbw=9508, tp=-1, tpl=-1, uplat=94, ullat=0
pragma
no-cache
x-fb-debug
vT8ZXqAOpCT+94Uqyw38WLlXvxynvbNawreRNYgomlGwlmNPSIoViICc0uBJ7+KqJ7cV+4pu0bfkd0yGCqwkkA==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7399659719880763187"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
auction
api.pbxai.com/analytics/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.pbxai.com/analytics/auction?auctionTimestamp=1722867534959&pubxaiAnalyticsVersion=v1.2.0&prebidVersion=v8.47.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.157.99.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-157-99-80.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.itpro.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Accept,Accept-Language,Content-Language,Content-Type,Authorization,x-correlation-id,Access-Control-Allow-Origin
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.itpro.com
access-control-expose-headers
x-my-header-out
date
Mon, 05 Aug 2024 14:18:55 GMT
server
uvicorn
iu3
s.amazon-adsystem.com/ Frame 8B43 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=gg_n-mediagrid_n-index_n-Ogury_rx_n-MediaNet_smrt_n-undertone_n-sharethrough_n-onetag_pm-db5_ym_rbd_kg_an-db5_sovrn_n-Rise_3lift
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
385
Content-Type
text/html;charset=ISO-8859-1
Date
Mon, 05 Aug 2024 14:18:55 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
9YHXNBMXN7BCZKN2PN2T
ads
securepubads.g.doubleclick.net/gampad/ 		279 KB
43 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2420118490916769&correlator=868458539384589&eid=31079957%2C31085718%2C31085846%2C31084181%2C31085720%2C95331444%2C31084215%2C21065725%2C31078663%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202407310101&ptt=17&impl=fifs&gdpr=0&us_privacy=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7&iu_parts=10518929%2Citpro.co.uk%2Cnews%2Carticle%2Ctop-leaderboard%2Cmpu1%2Cmpu2%2Cmpu3%2Cskin%2Coverlay%2Csponsored-by&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F5%2C%2F0%2F1%2F2%2F3%2F6%2C%2F0%2F1%2F2%2F3%2F7%2C%2F0%2F1%2F2%2F3%2F8%2C%2F0%2F1%2F2%2F3%2F9%2C%2F0%2F1%2F2%2F3%2F10&prev_iu_szs=970x250%7C970x90%7C728x90%7C980x240%7C970x251%7C970x180%7C970x150%2C300x600%7C300x250%7C300x251%7C300x601%2C300x600%7C300x250%7C300x252%7C300x602%2C300x600%7C300x250%7C300x253%7C300x603%2C1x1%2C1x1%2C6x6&ifi=1&sfv=1-0-40&ists=6&eri=33&sc=1&cookie_enabled=1&abxe=1&dt=1722867535814&lmt=1722862562&adxs=315%2C965%2C965%2C965%2C-12245933%2C-12245933%2C637&adys=186%2C457%2C1467%2C2795%2C-12245933%2C-12245933%2C814&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C1%7C2%7C-1%7C-1%7C0&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&vis=1&psz=980x-1%7C300x-1%7C300x-1%7C300x-1%7C0x0%7C0x0%7C602x-1&msz=970x-1%7C300x-1%7C300x-1%7C300x-1%7C0x0%7C0x0%7C6x-1&fws=644%2C644%2C644%2C644%2C132%2C132%2C644&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600&topics=1&tps=1&htps=10&nt=1&psd=WzE0LG51bGwsbnVsbCwzXQ..&dlt=1722867532289&idt=2185&ppid=B2167199D88D4351A8D4D8CA17E65824&prev_scp=_a%3D0%26pos%3D1%2Cpre_inline_1%26safeframe%3Dfalse%26format%3Droadblock%26placement%3Ddfp_rs_desktop_leaderboard_1%26adUnitName%3Dtop-leaderboard%26incremental%3Dno%26refresh%3Dno%26api-refresh%3Dno%26additional%3Dno%26_slot%3Dtop-leaderboard%26_slot_type%3Dtop-leaderboard%26auctionId%3D1%26amznbid%3D14qvbwg%26amznp%3Dfael1c%26id%3Da5c3a8e9-5335-11ef-bf97-0e86acdf905b%26vw%3D40%2C50%2C60%2C70%26grm%3D40%2C50%2C60%26pub%3D40%2C50%2C60%26adunit%3Dbordeaux-ad-2%26_bd%3Dbid%26_cp%3D0.11%26_pl%3D0.11%26_br%3D15108529%26_wb%3D67%26_sz%3D76%26_bn%3DIndexExchange-Casale%26_bi%3D2%26amzniid%3DJLUvyQ-ytQrnw27M3nr7vdwAAAGRIuhPOQEAAAvYAUFhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICBCPXr3%26amzndeal%3Daps5187639c%26amznsz%3D970x250%26amznactt%3DSHARED_PMP%26amznhost%3Dhttps%253A%252F%252Faax-us-east.amazon-adsystem.com%26pubx-a%3Doff%26hb_format_amx%3Dbanner%26hb_size_amx%3D970x250%26hb_pb_amx%3D0.08%26hb_adid_amx%3D84ca52b40ae481c%26hb_bidder_amx%3Damx%26hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D970x250%26hb_pb_appnexus%3D0.13%26hb_adid_appnexus%3D765910d48bd4438%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D970x250%26hb_pb%3D0.13%26hb_adid%3D765910d48bd4438%26hb_bidder%3Dappnexus%7C_a%3D0%26pos%3D1%2Cpre_right_1%26format%3Droadblock%26placement%3Ddfp_rs_desktop_mpu_1%26adUnitName%3Dmpu1%26incremental%3Dno%26refresh%3Dno%26api-refresh%3Dno%26additional%3Dno%26_slot%3DtopOfSidebar%26_slot_type%3DtopOfSidebar%26auctionId%3D1%26amznbid%3D2%26amznp%3D2%26id%3Da5c3a8ea-5335-11ef-bf97-0e86acdf905b%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%26pub%3D40%2C50%2C60%26pubx-a%3Doff%26hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D300x600%26hb_pb_appnexus%3D0.15%26hb_adid_appnexus%3D779a06c76b5c8e1%26hb_bidder_appnexus%3Dappnexus%26hb_format_ix%3Dbanner%26hb_size_ix%3D300x600%26hb_pb_ix%3D0.29%26hb_adid_ix%3D736aacb027535a%26hb_bidder_ix%3Dix%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.29%26hb_adid%3D736aacb027535a%26hb_bidder%3Dix%7C_a%3D0%26pos%3D2%2Cpre_right_2%26format%3Droadblock%26placement%3Ddfp_rs_desktop_mpu_2%26adUnitName%3Dmpu2%26incremental%3Dno%26refresh%3Dno%26api-refresh%3Dno%26additional%3Dno%26_slot%3DbeforePopularBox%26_slot_type%3DbeforePopularBox%26auctionId%3D1%26amznbid%3D2%26amznp%3D2%26id%3Da5c3a8eb-5335-11ef-bf97-0e86acdf905b%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%26adunit%3Dbordeaux-ad-4%26_bd%3Dbid%26_cp%3D0.155549%26_pl%3D0.15%26_br%3D103230049%26_wb%3D54%26_sz%3D5%26_bn%3DXandr%26_bi%3D23%26pubx-a%3Doff%26hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D300x600%26hb_pb_appnexus%3D0.15%26hb_adid_appnexus%3D787b156845fa4f1%26hb_bidder_appnexus%3Dappnexus%26hb_format_ix%3Dbanner%26hb_size_ix%3D300x600%26hb_pb_ix%3D0.29%26hb_adid_ix%3D740352e5d8dd9c9%26hb_bidder_ix%3Dix%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.29%26hb_adid%3D740352e5d8dd9c9%26hb_bidder%3Dix%7C_a%3D0%26pos%3D3%2Cpre_right_3%26format%3Dadx%26placement%3Ddfp_rs_desktop_mpu_3%26adUnitName%3Dmpu3%26incremental%3Dno%26refresh%3Dno%26api-refresh%3Dno%26additional%3Dno%26_slot%3DafterPopularBox%26_slot_type%3DafterPopularBox%26auctionId%3D1%26amznbid%3Dfael1c%26amznp%3Dfael1c%26id%3Da5c3a8ec-5335-11ef-bf97-0e86acdf905b%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%26adunit%3Dbordeaux-ad-5%26_bd%3Dbid%26_cp%3D0.158104%26_pl%3D0.15%26_br%3D103230049%26_wb%3D56%26_sz%3D5%26_bn%3DXandr%26_bi%3D23%26amzniid%3DJCEn01Uk6e5GXOAa76s2HZUAAAGRIuhPOgEAAAvYAUFhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICDchQeC%26amzndeal%3Daps5187639c%26amznsz%3D300x250%26amznactt%3DSHARED_PMP%26amznhost%3Dhttps%253A%252F%252Faax-us-east.amazon-adsystem.com%26pubx-a%3Doff%26hb_format_amx%3Dbanner%26hb_size_amx%3D300x600%26hb_pb_amx%3D0.08%26hb_adid_amx%3D854bb64f6d0c1ca%26hb_bidder_amx%3Damx%26hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D300x600%26hb_pb_appnexus%3D0.25%26hb_adid_appnexus%3D79cb5b3c5491c7d%26hb_bidder_appnexus%3Dappnexus%26hb_format_ix%3Dbanner%26hb_size_ix%3D300x600%26hb_pb_ix%3D0.22%26hb_adid_ix%3D751fa81eecacffd%26hb_bidder_ix%3Dix%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.25%26hb_adid%3D79cb5b3c5491c7d%26hb_bidder%3Dappnexus%7Coop%3Dskin%26_a%3D0%26format%3Droadblock%26placement%3Ddfp_rs_desktop_skin_oop_1%26adUnitName%3Dskin%26incremental%3Dno%26refresh%3Dno%26api-refresh%3Dno%26additional%3Dno%26auctionId%3D1%26id%3Da5c3a8ed-5335-11ef-bf97-0e86acdf905b%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%7Coop%3Doverlay%26_a%3D0%26placement%3Ddfp_rs_desktop_overlay_oop_1%26adUnitName%3Doverlay%26incremental%3Dno%26refresh%3Dno%26api-refresh%3Dno%26additional%3Dno%26auctionId%3D1%26id%3Da5c3a8ee-5335-11ef-bf97-0e86acdf905b%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%7C_a%3D0%26adUnitName%3Dsponsored-by%26incremental%3Dno%26refresh%3Dno%26api-refresh%3Dno%26additional%3Dno%26_slot%3Dsponsored-by%26_slot_type%3Dsponsored-by%26auctionId%3D1%26id%3Da5c3a8ef-5335-11ef-bf97-0e86acdf905b%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70&cust_params=permutive%3D103448%252C110120%252C113650%252C114246%252C114895%252C135986%252C145735%252C196462%252C73403%252C83205%252C87576%252C87924%252C88089%252C88148%252C89871%252C90575%252C90673%252C91634%252C94788%252Cadv%252Cbufb%252Cbugr%252Cbuuz%252Cbuve%252Cbuvj%252Cbuvo%252Cbuvt%252Cbuvy%252Crts%26prmtvsdk%3Dweb%26puid%3D7e2a4e8b-d35f-4af2-86c1-12941ecffdc0%26prmtvvid%3Df575fa54-c7a4-4903-be0a-df70a233dc52%26prmtvsid%3D7e99b1a6-b4d6-404e-981e-97988b1e41ab%26prmtvwid%3D6093eccf-6734-4877-ac8b-83d6d0e27b46%26site%3Ditprocom%26url%3Dhttps%253A%252F%252Fwww.itpro.com%252Fsecurity%252Fcyber-crime%252Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%253Futm_source%25253dSelligent%2526utm_medium%25253demail%2526utm_campaign%25253dITP_SECURITY_BULLETIN_AUG_2024%2526utm_content%25253dITP_SECURITY_BULLETIN_AUG_2024%2526utm_term%25253d25915974%2526m_i%25253ddStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%25252BKearr%25252BetlUoTgm7GxrJj2plYbPlvQypyta%25252B4tMr1AhTqzKOVDj6ddc%26referrer%3D%26test%3DA%26screen%3Dlarge%26h_id%3DB2167199D88D4351A8D4D8CA17E65824%26experimentId%3Dvanilla-permutive-test-USA-control%26cft_label_name%3DNOT%2520DETECTED%26cft_enabled_apis%3DTopics%26uid2_id_present%3Dfalse%26euid_id_present%3Dfalse%26liveint_id_present%3Dfalse%26liveramp_id_present%3Dfalse%26any_id_present%3Dfalse%26_plc%3D358%26hybridTestID%3D37%257C1%252C36%257C132%26articleid%3DisNAebwboJikNSvfuqhMB6%26pagetype%3Dnews%26sitePlatform%3Dvanilla%26brand%3D%26source%3D%26vertical%3D%26category%3DSecurity%26child_category%3DCyber%2520Crime%26grandchild_category%3D%26author%3DSolomon%2520Klappholz%26template%3Dstandard%26jwplayer%3Dtrue%26sponsored%3D%26kw%3Dserversidehawk%26fepPrimaryProduct%3DMalware%26fepSecondaryProducts%3DGitHub%252CGhost%252CDiscord%252CResearch%252CFraction%26fepCompanies%3DCheckmarx%252CSoftware%26fepCategory%3DCyber%2520Crime%26fepGroups%3DCyber%2520Crime%26fepPrimaryCompany%3DCheck%2520Point%26iabCategories%3DTechnology%2520%2526%2520Computing%252CTechnology%2520%2526%2520Computing%257CComputing%252CTechnology%2520%2526%2520Computing%257CComputing%257CComputer%2520Networking%252CTechnology%2520%2526%2520Computing%257CComputing%257CInternet%26iabCategoryIds%3D596%252C596.599%252C596.599.600%252C596.599.619%26signedIn%3Dfalse%26paywall%3Dfalse%26futureCmsId%3DisNAebwboJikNSvfuqhMB6%26_usp_status%3DTRUE%26_gpp_status%3DTRUE%26_gdpr_status%3DNOT%2520APPLICABLE%26li-module-enabled%3Don%26_ex%3D-1%252C298%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3DIAS_1785_KW%252CIAS_753_KW%252CIAS_UNSCORED_PG%252CIAS_7834_KW%26vw%3D40%252C50%252C60%252C70%252C80%26_rid%3D4742166097125107348%26grm%3D40%252C50%252C60%252C70%26TUUID%3DB2167199D88D4351A8D4D8CA17E65824%26_chnl%3DWEB%26_experiment%3D298%26_sh1080%3D1%26_sw1600%3D1%26id%3Da5a1c89b-5335-11ef-a715-0affcbb046d3%26pub%3D40%252C50%252C60%252C70%26_pgid%3D3322c803&adks=2555251210%2C736048873%2C777346684%2C2262369555%2C2709534330%2C3182545147%2C561167913&frm=20&eoidce=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202407310101/pubads_impl.js?cb=31085846
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
cafe /
Resource Hash
526d5e2177e2983c46260b324888319eca0321c2c7c6fa2f741049e0b82d074b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:56 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
google-mediationgroup-id
-2,-2,-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44270
x-xss-protection
0
google-lineitem-id
6749414608,6435228879,6692028363,6607625719,-2,-2,6609069045
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138481120911,138458895445,138467631285,138466095362,-2,-2,138466826740
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1221 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0d::84 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Aug 2024 14:18:56 GMT
expires
Mon, 05 Aug 2024 14:18:56 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
events
api.permutive.com/v2.0/batch/ 		201 B
160 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=253158cc-875d-4ed4-a52d-e954eca49313
Requested by
Host: 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
URL: https://6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
771850557d5df12ee1886358a2319cd12d2acfb03a11198df427817da7eee2d2

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:55 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.itpro.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
142
view
securepubads.g.doubleclick.net/pcs/ Frame 7AF1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstwRbNddW0pJJHYeQaFh_EQFazb7yD58cTNBAokiXuGLKjvHGm_p-A0SYREP9qDYa7iqxnj_CkPFmLJ_ajhkasnjUAeyUyf6M0mhfwTwejNUIaMN8-bNtAu_-HoUbYER8-3hQoPQTnbtfZMyXzkoP_Hlwx-8nBwfN-dysmGhjJX7sutVuliw3hPyApHQ7oWCs887OoXQ7zYnl2Y1uVQNCYONe0Ekce6wvrYRjimi1HHYSw4sxu7niW4ftvhV5fSvAzXbAP3GtmI0WFfsNQahTlFCk5MEVmsaU8AQcaKpKLBmFY6L8_k8i3imWEHRG40RJ9c_afkv4jkuiQfxB_AEod1CfYXlEzsZqrpOhLIejSJu1zQEfk6uRhe-JbSAFi9BLYbbHq9PSJMJ3VgyzsECuQL4kQZ6FU&sai=AMfl-YTTYmpITyLn4O9vSzOiezhmjdiJXCqm4FF-kunZ7SFCV7N1tvcZwzLgT8E9ZiEjZubrbMYJ-15jHREwqrdpImR73BbKZQzYdxGUrgbbOtHgCCIZ-hZoloy3R-uIiHozXr0DZCvBUrpY4ufU310mzWc&sig=Cg0ArKJSzOj91gPNmsCnEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:56 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240731/r20110914/ Frame 7AF1 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240731/r20110914/abg_lite_fy2021.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0f::84 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3afc6e6ea738015fcbae182b646af4f9422061fb8ba9a12c81cf2c21cbeecfb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 02:32:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
42389
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9154
x-xss-protection
0
server
cafe
etag
8073649742855810715
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Aug 2024 02:32:28 GMT
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 7AF1 		203 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f157.1e100.net
Software
cafe /
Resource Hash
84b2a8c2c5bde5b690dc44c9d525edc8113d18cd7bf516ad8fa93c782c02a443
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:11:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
425
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64460
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 05 Aug 2024 15:11:51 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 1BD4 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsunekYwOK7Vbc64S9ajWeG23S4Y47DkcBHH94E3604z2roR-nYCG5eYMMqQOvWws8SF5KrUKbroT7blcz9ThXe3c6LEA5J8dGu83npJIA5KwG7OAVZh_Yag2aulEHwwQpFOmN3Va7vUalvV6qQ6vmLNSLTkulGRVcuojHQ9MTWr3hYbzFmggF4VzAZNnolinIuHijTUWZyYvdhZoRmbKRqSYzDLGJUQYrnvCB4Y5hWlzZFSzQsJL6jOGdjSAX99P2pnrleSy18dni5tLywF2xtv4niYM3QwDBkwzBTRX53paV8Eu-UQww3-7Pw3oxyq28P9__dHmxjF16Xjt8Fw3MXNLNswAX9Q2-FpRoClppilYs01yBIuAhHh7oSycZd1LxYQsVz4myeHf9OOifD3zqfPmvQtUaijhTY&sai=AMfl-YQgL8uZUufEvSHRxq3rKV97jEw8f5iCHhaVvLK6qut8vz49-fwhZz0GRwHY0HbaAVWKZrnJXTO9SYDebw3j6qD7j99ftDyaDwrS8zy4iOKb0FRzJ3_-Zceen4far9U-XBmzvIcFoYXAUiMNf_uc3IE&sig=Cg0ArKJSzHi0_3RK8wBaEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:56 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240731/r20110914/ Frame 1BD4 		23 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240731/r20110914/abg_lite_fy2021.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0f::84 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3afc6e6ea738015fcbae182b646af4f9422061fb8ba9a12c81cf2c21cbeecfb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 02:32:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
42389
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9154
x-xss-protection
0
server
cafe
etag
8073649742855810715
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Aug 2024 02:32:28 GMT
infolinks_main.js
resources.infolinks.com/js/ Frame 1BD4 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/infolinks_main.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0dd05c41cc99b7c1d6bfd0782560a710875295bfc112c42b11d3e17c4b0b208

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 31 Jul 2024 10:55:38 GMT
server
cloudflare
age
10668
etag
W/"10b2-61e88ef42e227"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
cf-ray
8ae76b5a8e4c7487-MIA
expires
Mon, 05 Aug 2024 12:21:09 GMT
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 1BD4 		203 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f157.1e100.net
Software
cafe /
Resource Hash
84b2a8c2c5bde5b690dc44c9d525edc8113d18cd7bf516ad8fa93c782c02a443
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:11:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
425
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64460
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 05 Aug 2024 15:11:51 GMT
container.html
8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CD05 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0d::84 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Aug 2024 14:18:56 GMT
expires
Mon, 05 Aug 2024 14:18:56 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame C538 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssV0e7TV7WblZPchZftQxB9ilvGUqul4is74AL5qkFkfbZoWZIX9Ceqv6-Vnu6STROwQlS0segXFFvJ9YPT7HpVuZln3-e5QNRweNAKlZEtsS22WsHQGcQ6dBbWXzWbtl4y_nlog-l_m7NMuNnzuw9oHERas6YdyL3d2Fkvpjs6-JPO2LIPwLXkggeFM8J7o3kCge2F5aZGwzY_o4W0sdLyYXnLo3nrob34FGr2LHQgBFLYlT-Vwp1w-aL8P-vmQmq2tt0-V7v-Ax2z_pi5xkY4o0rAej2XM8Cs2Zy0QzE7Gjm5h1mIxcnRwvtKBc-snd4QNdG8gecXtEdRBXeSQdozLAkr2XLR2AxXct2wr1lysx_r5wxQXIqfnw&sai=AMfl-YR2FZhCu7DgyZwjJRyMqMORMRQGkoCoFaHenm6yEVglPCaZqaTuQ68_YYaHSE-QDTscBhBS1CYg25tPKnc06Nl8YMR3x1ofhU40gI-JqzBzTCDnNo_qUZLD410kYsm_rIBmotNnl-aO7YklpOlFpOc&sig=Cg0ArKJSzK7a7THej99YEAE&uach_m=%5BUACH%5D&adurl=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240731/r20110914/ Frame C538 		23 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240731/r20110914/abg_lite_fy2021.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0f::84 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3afc6e6ea738015fcbae182b646af4f9422061fb8ba9a12c81cf2c21cbeecfb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 02:32:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
42389
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9154
x-xss-protection
0
server
cafe
etag
8073649742855810715
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Aug 2024 02:32:28 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240731/r20110914/client/ Frame C538 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240731/r20110914/client/window_focus_fy2021.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0f::84 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 01:18:39 GMT
content-encoding
br
x-content-type-options
nosniff
age
46818
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1229
x-xss-protection
0
server
cafe
etag
16544991220582087243
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Aug 2024 01:18:39 GMT
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame C538 		203 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f157.1e100.net
Software
cafe /
Resource Hash
84b2a8c2c5bde5b690dc44c9d525edc8113d18cd7bf516ad8fa93c782c02a443
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:11:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
425
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64460
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 05 Aug 2024 15:11:51 GMT
1974938440654581289
tpc.googlesyndication.com/simgad/ Frame C538 		49 B
428 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/1974938440654581289
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0f::84 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons
true
date
Sat, 03 Aug 2024 01:37:03 GMT
x-content-type-options
nosniff
age
218514
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 14:18:35 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 03 Aug 2025 01:37:03 GMT
l
www.google.com/ads/measurement/ Frame C538 		0
0
future.adtech.bordeaux.v1.AdRequestCompletedEvent
eventsproxy.gargantuan.futureplc.com/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://eventsproxy.gargantuan.futureplc.com/future.adtech.bordeaux.v1.AdRequestCompletedEvent
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.17.165.159 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-165-159.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers
truncated
/ Frame C538 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
02d7fe30f4ee8927fd443321989f80f5e6867a5d7ee47b90394f5b539015632c

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
container.html
8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 146E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0d::84 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Aug 2024 14:18:56 GMT
expires
Mon, 05 Aug 2024 14:18:56 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ffZUX3mV-120.vtt
assets-jpcust.jwpsrv.com/strips/
Redirect Chain
  • https://cdn.jwplayer.com/strips/ffZUX3mV-120.vtt
  • https://assets-jpcust.jwpsrv.com/strips/ffZUX3mV-120.vtt
3 KB
808 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://assets-jpcust.jwpsrv.com/strips/ffZUX3mV-120.vtt
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a13b3fafcf606b88e429d2f6437f6c3781a31ff880a5066ba3748f8a9e233ff5

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
172
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
426
x-served-by
cache-iad-kcgs7200154-IAD, cache-mia-kmia1760095-MIA
last-modified
Wed, 13 Mar 2024 16:26:36 GMT
server
nginx
x-timer
S1722867538.688320,VS0,VE25
etag
"ef4ad4fc33d835ff68e7c5147d344e1d"
vary
Accept-Encoding
content-type
text/vtt
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
8266, 0

Redirect headers

date
Mon, 05 Aug 2024 14:17:52 GMT
via
1.1 5084a25d91022b55b5acf281581c6444.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
IAD61-P1
age
65
x-cache
Hit from cloudfront
content-type
text/html
location
https://assets-jpcust.jwpsrv.com/strips/ffZUX3mV-120.vtt
access-control-allow-origin
*
x-robots-tag
noindex, indexifembedded
content-length
166
x-amz-cf-id
NO2V2Y004Y8_v-6vDpwUC2XufZ8mbaGZGw4HRbbRt2zIZZHX_W8h6A==
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-E36MVD1BQT&gtm=45je47v0v868801683z8896039803za200zb896039803&_p=1722867532336&gcs=G111&gcd=13r3v3r3r5&npa=0&dma=0&tcfd=10648&tag_exp=95250753&cid=1843726432.1722867533&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&sid=1722867533&sct=1&seg=0&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&_s=3&tfd=5559
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:57 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-E36MVD1BQT&gtm=45je47v0v868801683z89182436040za200zb896039803&_p=1722867532336&gcs=G111&gcd=13r3v3r3r5&npa=0&dma=0&tcfd=10648&tag_exp=95250753&cid=1843726432.1722867533&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEI&sid=1722867533&sct=1&seg=0&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&_s=4&tfd=5622
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:57 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
provider.cast.js
ssl.p.jwpcdn.com/player/v/8.34.5/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.34.5/provider.cast.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e9b3aa672d536755b6c6879384ed8303c6c6548a4c6d082c581b0f6bfef4da2b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
content-encoding
gzip
via
1.1 varnish
age
1720487
x-cache
HIT
content-length
10031
x-served-by
cache-mia-kmia1760042-MIA
last-modified
Mon, 15 Jul 2024 22:45:08 GMT
server
AmazonS3
x-timer
S1722867537.404070,VS0,VE0
etag
"757d219ae056bd99a657f7f50a081fd5"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
82623
related.js
ssl.p.jwpcdn.com/player/v/8.34.5/ 		103 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.34.5/related.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d9a077e8f0876baecde403d10d2a8797d588fc31d7bc1397b7400b5b19d16b08

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
content-encoding
gzip
via
1.1 varnish
age
885934
x-cache
HIT
content-length
25127
x-served-by
cache-mia-kmia1760042-MIA
last-modified
Mon, 15 Jul 2024 22:45:10 GMT
server
AmazonS3
x-timer
S1722867537.404919,VS0,VE0
etag
"e349cc2a0f86169eeb0559ca40cda5d2"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
264027
9xpNLR0j-720.jpg
assets-jpcust.jwpsrv.com/thumbnails/
Redirect Chain
  • https://cdn.jwplayer.com/v2/media/ffZUX3mV/poster.jpg?width=720
  • https://assets-jpcust.jwpsrv.com/thumbnails/9xpNLR0j-720.jpg
88 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/thumbnails/9xpNLR0j-720.jpg
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
499b708e755e7feaca4e6f8cf03138c6785d90fd8bc3340e2ab023c8fb690164

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
764
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
87438
x-served-by
cache-iad-kjyo7100149-IAD, cache-mia-kmia1760042-MIA
last-modified
Wed, 13 Mar 2024 16:27:40 GMT
server
nginx
x-timer
S1722867538.740786,VS0,VE1
etag
"fa1c68036fe9cf9db43d6eb4216cc3e2"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
6168, 0

Redirect headers

date
Mon, 05 Aug 2024 14:17:52 GMT
via
1.1 e2e847b082ff9d1bdd61dc9c27ca0786.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
IAD61-P1
age
65
access-control-allow-methods
GET
content-type
image/jpeg
location
https://assets-jpcust.jwpsrv.com/thumbnails/9xpNLR0j-720.jpg
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-cache
Hit from cloudfront
x-robots-tag
noindex, indexifembedded
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
content-length
0
x-amz-cf-id
eUlGTJQdxr-Ebef_ThAGFA-oxjti7qomGBgIsPjv_qjH96KCJEgiwA==
bridge3.653.0_en.html
imasdk.googleapis.com/js/core/ Frame 4496 		0
0
client.js
s0.2mdn.net/instream/video/ 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c04::95 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 05 Aug 2024 14:18:57 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 1E43 		0
0
bridge3.653.0_en.html
imasdk.googleapis.com/js/core/ Frame 9EF2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.653.0_en.html
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0e::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
269403
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
257032
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Fri, 02 Aug 2024 11:28:54 GMT
expires
Sat, 02 Aug 2025 11:28:54 GMT
last-modified
Thu, 01 Aug 2024 15:12:22 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
events
api.permutive.com/v2.0/batch/ 		101 B
130 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=253158cc-875d-4ed4-a52d-e954eca49313
Requested by
Host: 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
URL: https://6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
74e3fc0669f14262e5e32ee0cc0b9ff8b6cc655a1ec827cb1e6efcf28d9cafd4

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.itpro.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1413626687&t=event&ni=1&_s=7&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&ul=en-us&de=UTF-8&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=jwplayer&ea=jwplayerReady&_u=6GDAgEABBAQCAGAAI~&jid=&gjid=&cid=1843726432.1722867533&tid=UA-1011119-1&_gid=430158571.1722867533&cd57=null&cd40=Malware&cd41=GitHub%7CGhost%7CDiscord%7CResearch%7CFraction&cd42=Check_Point&cd43=Checkmarx%7CSoftware&cd45=Malware&cd46=Cyber_Crime&cd47=Researchers_discover_highly_sophisticated_operation_using_a_3000-strong_network_of_ghost_accounts_to_spread_malware_on_GitHub&cd50=5&cd51=false&cd58=Cyber_Crime&cd74=&cd13=false&cd10=EN-US&cd5=isNAebwboJikNSvfuqhMB6&cd7=solomon_klappholz&cd99=0&cd128=25-07-2024&cd1=news&cd3=cyber-crime%7Csecurity&cd6=%7Cserversidehawk&cd8=25-07-2024&cd27=1024514&cd33=text%2Ctext%2Ctext%2Cembed%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Cheading%2Ctext%2Ctext%2Ctext%2Ctext%2Cboxout%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext&cd53=2024-07-25T11%3A06%3A14Z&cd61=pageLoad&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS&cd134=serversidehawk&cd31=10&cd30=4g&z=1827135745
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.85.144.101 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
qv-in-f101.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 02:02:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
44206
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1413626687&t=event&ni=1&_s=8&dl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&ul=en-us&de=UTF-8&dt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=jwplayer&ea=playlistItemChange&el=ffZUX3mV&_u=6GDAgEABBAQCAGAAI~&jid=&gjid=&cid=1843726432.1722867533&tid=UA-1011119-1&_gid=430158571.1722867533&cd57=null&cd40=Malware&cd41=GitHub%7CGhost%7CDiscord%7CResearch%7CFraction&cd42=Check_Point&cd43=Checkmarx%7CSoftware&cd45=Malware&cd46=Cyber_Crime&cd47=Researchers_discover_highly_sophisticated_operation_using_a_3000-strong_network_of_ghost_accounts_to_spread_malware_on_GitHub&cd50=5&cd51=false&cd58=Cyber_Crime&cd74=&cd13=false&cd10=EN-US&cd5=isNAebwboJikNSvfuqhMB6&cd7=solomon_klappholz&cd99=0&cd128=25-07-2024&cd1=news&cd3=cyber-crime%7Csecurity&cd6=%7Cserversidehawk&cd8=25-07-2024&cd27=1024514&cd33=text%2Ctext%2Ctext%2Cembed%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext%2Cheading%2Ctext%2Ctext%2Ctext%2Ctext%2Cboxout%2Ctext%2Ctext%2Ctext%2Ctext%2Ctext&cd53=2024-07-25T11%3A06%3A14Z&cd61=pageLoad&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS&cd134=serversidehawk&cd31=10&cd30=4g&cd55=aWeJUC35&cd69=YYRngYhb&cd107=90&cd113=1&cm26=0.00&z=921665354
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
209.85.144.101 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
qv-in-f101.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 02:02:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
44206
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
12243
check.analytics.rlcdn.com/check/ 		25 B
384 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://check.analytics.rlcdn.com/check/12243
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-15.jfk52.r.cloudfront.net
Software
/
Resource Hash
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
via
1.1 79edbcc14c21322a469003752cc30af0.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
x-amzn-trace-id
Root=1-66b0df51-6ffd2e9e33a451f011fad40e
x-amzn-requestid
4d3e679f-56d9-4637-acc2-53e5777f3987
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
cCfU2HWojoEEPBw=
content-length
25
x-amz-cf-id
lsgD3f37oeEa_ZbzX1p6zk_qwi4cluLSVwjSPpdFEL-twjdOqC6JAg==
frame_content.js
resources.infolinks.com/js/1943.011-3.034/ Frame 1BD4 		2 KB
639 B 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1943.011-3.034/frame_content.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc3a41863d92b22799ff23c52e2173e80b13ebc75b9144151ea105cd52b59de5

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 24 Jul 2024 13:24:13 GMT
server
cloudflare
age
10667
etag
W/"96d-61dfe31b559b4"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
8ae76b5e2a447487-MIA
expires
Wed, 04 Sep 2024 11:21:10 GMT
jload
pixel.adsafeprotected.com/ Frame 6E51 		61 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/jload?anId=923193&campId=300x250&pubId=4971039325&chanId=22905714311&placementId=6435228879&pubCreative=138458895445&pubOrder=2801906293&cb=1000001850&adsafe_par&impId=a5c3a8ea-5335-11ef-bf97-0e86acdf905b&custom=1,pre_right_1&custom2=mpu1&custom3=itprocom&custom4=358&custom5=no
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.129.126.64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-174-129-126-64.compute-1.amazonaws.com
Software
/
Resource Hash
5c04716ed614f5d4254be76fed11b14ade4cf94a936b11a25bb756c14b50c75d

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:57 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
pixel.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
jload
pixel.adsafeprotected.com/ Frame 3F5B 		61 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/jload?anId=923193&campId=970x250&pubId=4676654121&chanId=22905713822&placementId=6749414608&pubCreative=138481120911&pubOrder=3562784821&cb=1008586515&adsafe_par&impId=a5c3a8e9-5335-11ef-bf97-0e86acdf905b&custom=1,pre_inline_1&custom2=top-leaderboard&custom3=itprocom&custom4=358&custom5=no
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.129.126.64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-174-129-126-64.compute-1.amazonaws.com
Software
/
Resource Hash
bf502caa9f11dae06e8b99a87e26a61cebeef612a8cbc679f14f1177b7ddc463

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:57 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
pixel.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
admi
aax-us-east.amazon-adsystem.com/e/dtb/ Frame DD26 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://aax-us-east.amazon-adsystem.com/e/dtb/admi?b=JLUvyQ-ytQrnw27M3nr7vdwAAAGRIuhPOQEAAAvYAUFhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICBCPXr3&rnd=2516059301221722867536840&pp=14qvbwg&p=fael1c
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.94.231.7 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Cache-Control
no-store, max-age=0
Connection
keep-alive
Content-Length
8602
Content-Type
text/html;charset=UTF-8
Date
Mon, 05 Aug 2024 14:18:57 GMT
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
WSNX5KMDN8H1H68FRPQ8
csm_othersv6.js
c.amazon-adsystem.com/bao-csm/direct/ Frame 7AF1 		52 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/direct/csm_othersv6.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.115.149 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-115-149.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
36ca880a2b872e7097559793709a30ddcf2861851b4b1f6e0eca2aaed5e69ec3

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
O2lotgWTwXr1FF31966NgPji824Duvek
content-encoding
gzip
via
1.1 153c5cd2b3e635613d0a2fa0f107993a.cloudfront.net (CloudFront)
date
Mon, 05 Aug 2024 00:32:57 GMT
x-amz-cf-pop
JFK50-P3
age
49559
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
server
Server
x-amz-rid
0FN25TX461MJDTMV3NKX
etag
cc7787142f945ed14daba76c8fc168e5
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
x-amz-cf-id
LaKVLYH_K5vfLt91wGXm284mHdNeUmPxJcl3d8aPD0nhXbEbysGOxQ==
truncated
/ Frame 7AF1 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80302c9b10d5bb4a0db8d810c9fefdbbf4aaed8763eec224535ac25fafd770b3

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 1BD4 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7cfbfb45f9a9caff789687b5ab5d6a1913e60b546b8d5b875f7a56c3824a7338

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame C538 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsui0JpsLGECOSrMjxNh1PoOXg2ZvpDeWZo4qFvBF6Si1gTildJPTYmhIE-2E5s7lqc7IuewS4bhBVPZ5sME4macPwycg-xmttZxWwtqCjP9GTbSpkQ2gIFUUni3ev1I2yTwVdwds68YtZfuSpYZu3MOH5ExO5eCuW4dJZDtc45FzpntwLl03zVY0dWhojxw9L_F2_2fJmiQrUVAZrmTrs0mgBKhbx_Yh6fqzddN_mEmZhWq7ZyotkxXQ665gbbjdF5sgwHIemgtIuvcjZ-Qz59xivpV80pQRD32dn4maXjghlpf69DP6MGnNBK6KzuPrc2Bey1wTqKIOHHv4xUIYD2JxIHSOjvkfzF3Xxam0d7kKQn2Vo5MzD8mYhHV&sai=AMfl-YSBuGwc0kDhf3naQm0x2KN_HvkAmhn-XZgDUPrdq16UV_qHvZmb4hIr6zO1jjLk3XOcsNkuCYoHPp_R4-S77HCvIjogOmsTaqc1donOEQU2LWUO1d-qfGVTG2V6ZZMJVmiVK19oBdK_-JcLj1tRdXo&sig=Cg0ArKJSzCTeBXD7RI0oEAE&uach_m=%5BUACH%5D&adurl=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Mon, 05 Aug 2024 14:18:57 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c02::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 05 Aug 2024 14:18:57 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1BD4 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ffZUX3mV-120.jpg
assets-jpcust.jwpsrv.com/strips/
Redirect Chain
  • https://cdn.jwplayer.com/strips/ffZUX3mV-120.jpg
  • https://assets-jpcust.jwpsrv.com/strips/ffZUX3mV-120.jpg
125 KB
124 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/strips/ffZUX3mV-120.jpg
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
235391e07181afc87e39e1913e93c8e096938d8fb20412864e875c962a8b8b75

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
640
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
126531
x-served-by
cache-iad-kiad7000176-IAD, cache-mia-kmia1760042-MIA
last-modified
Wed, 13 Mar 2024 16:26:36 GMT
server
nginx
x-timer
S1722867538.935353,VS0,VE1
etag
"8b886c1309b11096beab40c4889be368"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
4494, 0

Redirect headers

date
Mon, 05 Aug 2024 14:17:53 GMT
via
1.1 e2e847b082ff9d1bdd61dc9c27ca0786.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
IAD61-P1
age
64
x-cache
Hit from cloudfront
content-type
text/html
location
https://assets-jpcust.jwpsrv.com/strips/ffZUX3mV-120.jpg
access-control-allow-origin
*
x-robots-tag
noindex, indexifembedded
content-length
166
x-amz-cf-id
NynoBfAHFkpxuPJQRr7DFGVfqyw6KkdIZ6DZ3w1UpTCa4zTR5eHfyQ==
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7AF1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ping
pagead2.googlesyndication.com/pagead/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f157.1e100.net
Software
/
Resource Hash

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame C538 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ice.js
resources.infolinks.com/js/1943.011-3.034/ 		190 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1943.011-3.034/ice.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34e2d9f8df5271137f3cd95ace8ff8e0afd3fbadb43a2f98858f840fcf8249ee

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 24 Jul 2024 13:24:13 GMT
server
cloudflare
age
11638
etag
W/"2f957-61dfe31b54a13"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
8ae76b5fcc377487-MIA
expires
Wed, 04 Sep 2024 11:04:59 GMT
frame_inplace.js
resources.infolinks.com/js/1943.011-3.034/ Frame 1BD4 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1943.011-3.034/frame_inplace.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3270662f6b1fead8a28fe62d1cd881fec495d6acb29bf4695490a145203a52b2

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:57 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 24 Jul 2024 13:24:13 GMT
server
cloudflare
age
10733
etag
W/"ba7-61dfe31b559b4"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
8ae76b5fcc397487-MIA
expires
Wed, 04 Sep 2024 11:20:04 GMT
12243
check.analytics.rlcdn.com/check/ 		25 B
384 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://check.analytics.rlcdn.com/check/12243
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-15.jfk52.r.cloudfront.net
Software
/
Resource Hash
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 79edbcc14c21322a469003752cc30af0.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
x-amzn-trace-id
Root=1-66b0df52-3c86966f183ef5b025fd161c
x-amzn-requestid
3156f16e-ea46-4bdf-987b-b3f4ad05b98a
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
cCfU3E8oDoEEZfQ=
content-length
25
x-amz-cf-id
emPG45ukUFBS84b61WGXlZd1uTVrImETFLHSGvOcrzAKVDW71NCp4Q==
publishertag.prebid.144.js
static.criteo.net/js/ld/ 		96 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 27 Oct 2023 06:43:26 GMT
server
nginx
etag
W/"653b5c0e-1811e"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 06 Aug 2024 14:18:58 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 1BD4 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvy7834f23NT5P3GDhEyVJhxSbOon9Ni9ghvHcZdKh72L4BQLPL1YKoL63JRcc1IvzJMuN18hl8Q7DGnoxXbsTeUISG_g6p70QuURSCb4nJ1uxbGezrHAuC12wFUdDjHWFjapA2ucwW4rDK0mgKaLWat1bRd_nsP2kwaBgclxijnVfSJeoVVBeXmjVv_VaMe7fADDg6BWNnPGiSmUo3RBDUgo5jjWIfQADvsBF_rTrsBKy2eNhqHUZHYlmOZKzhYjVyulrlFdTPTZSLJ2oFJ1LTU50sstKZkp9KRkmXxDHYN_BwNUkfsCAZh6UnSulCfI0PXVesDW3j-fv7ngaNyASaTMCHPqHgZzhpD26NyE1IyCIenHHOfNyb0DFSOw1aD1rUUng4yM0w2z1UWwA&sai=AMfl-YSaLqkQ8qwTa-c6rJdbQJs_0DNdbTCvVEDNyGubiSYNbfBrpnH0oIe9AUtKTix2Leh-wWDRrL2CUMmDWGfRSM_nr4dcYCKwF1pIi-xXaQcFM31YTX6JORPnVHYjzTOb_YVbfxuEeIQaVsymdo233LE&sig=Cg0ArKJSzKEBGVzNz0bpEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Mon, 05 Aug 2024 14:18:58 GMT
bidwon
api.pbxai.com/analytics/ 		0
259 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.pbxai.com/analytics/bidwon?auctionTimestamp=1722867534959&pubxaiAnalyticsVersion=v1.2.0&prebidVersion=v8.47.0
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.157.99.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-157-99-80.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/json

Response headers

access-control-allow-origin
https://www.itpro.com
date
Mon, 05 Aug 2024 14:18:58 GMT
access-control-expose-headers
x-my-header-out
server
uvicorn
access-control-allow-headers
Accept,Accept-Language,Content-Language,Content-Type,Authorization,x-correlation-id,Access-Control-Allow-Origin
content-length
0
access-control-allow-methods
OPTIONS,POST
bidwon
api.pbxai.com/analytics/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.pbxai.com/analytics/bidwon?auctionTimestamp=1722867534959&pubxaiAnalyticsVersion=v1.2.0&prebidVersion=v8.47.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.157.99.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-157-99-80.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.itpro.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Accept,Accept-Language,Content-Language,Content-Type,Authorization,x-correlation-id,Access-Control-Allow-Origin
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.itpro.com
access-control-expose-headers
x-my-header-out
date
Mon, 05 Aug 2024 14:18:57 GMT
server
uvicorn
main.19.8.524.js
static.adsafeprotected.com/ Frame 3F5B 		228 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/main.19.8.524.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:3e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f44515cfbac90b44dd220432d91b6643e03089eb0c6c66cc9f647fae287a0a50

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 12:02:16 GMT
x-amz-version-id
94zFud2KMrru2DbIoKITdJqEO_sxu3Ax
content-encoding
gzip
via
1.1 ec0c03792167c1faa09ce29d408be53a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
age
8203
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 16 Jul 2024 18:45:20 GMT
server
AmazonS3
etag
W/"3c3d9686a48311f601e1f633745ae7a4"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
EzKXrPOEMqWXb_zPAnFe2ou18jwbckZIpqyZxDtGsONnTbqpgdkQtQ==
main.19.8.524.js
static.adsafeprotected.com/ Frame 6E51 		228 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/main.19.8.524.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:3e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f44515cfbac90b44dd220432d91b6643e03089eb0c6c66cc9f647fae287a0a50

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 12:02:16 GMT
x-amz-version-id
94zFud2KMrru2DbIoKITdJqEO_sxu3Ax
content-encoding
gzip
via
1.1 ec0c03792167c1faa09ce29d408be53a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
age
8203
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 16 Jul 2024 18:45:20 GMT
server
AmazonS3
etag
W/"3c3d9686a48311f601e1f633745ae7a4"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
EzKXrPOEMqWXb_zPAnFe2ou18jwbckZIpqyZxDtGsONnTbqpgdkQtQ==
manage
router.infolinks.com/usync/ Frame CBBB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/manage?pid=3272039&wsid=0&pdom=www.itpro.com&purl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&usprivacy=1YNN
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control
no-store
cf-cache-status
DYNAMIC
cf-ray
8ae76b6169caa576-MIA
content-encoding
br
content-type
text/html;charset=UTF-8
date
Mon, 05 Aug 2024 14:18:58 GMT
p3p
CP="NON DSP NID OUR COR"
server
cloudflare
via
1.1 google
lcmanage
router.infolinks.com/usync/ 		282 B
318 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/lcmanage?pid=3272039&wsid=0&pdom=www.itpro.com&purl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&usprivacy=1YNN
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fed93bf3cfa87a3914de4297f1136668391d444874f2086713abf980ce0bde61

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 google
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
content-type
application/javascript;charset=ISO-8859-1
p3p
CP="NON DSP NID OUR COR"
cache-control
no-store
cf-ray
8ae76b60fe0d7487-MIA
gsd
router.infolinks.com/ 		332 B
472 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/gsd?evt=afterGSD&pid=3272039&pdom=www.itpro.com&purl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&jsv=1943.011-3.034&_cb=17228675380140
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d14379b16e5181052f1c02642e259c4b7f4932a4970936e022ddabd58a6a6d9d

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 google
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/javascript;charset=UTF-8
p3p
CP="NON DSP NID OUR COR"
cache-control
max-age=0
cf-ray
8ae76b60fe0a7487-MIA
expires
Thu, 01 Jan 1970 00:00:00 GMT
cast_framework.js
www.gstatic.com/cast/sdk/libs/sender/1.0/ 		35 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c02::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a2bdd8cb01353d4ed2a9ab4c7d7c263225f6908aa875614d015a2f39956d9d73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12197
x-xss-protection
0
last-modified
Mon, 14 Nov 2022 23:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="chrome-dongle"
vary
Accept-Encoding
report-to
{"group":"chrome-dongle","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/chrome-dongle"}]}
content-type
text/javascript
cache-control
private, max-age=0
accept-ranges
bytes
expires
Mon, 05 Aug 2024 14:18:58 GMT
cast_sender.js
www.gstatic.com/eureka/clank/127/ 		49 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/127/cast_sender.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c02::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b9340c244415ad1e60ca4b33bdc796cf120318cf8435d829920849d7d2a950ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 01:56:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
44548
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14619
x-xss-protection
0
last-modified
Mon, 03 Jun 2024 15:06:26 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Tue, 06 Aug 2024 01:56:30 GMT
/
analytics.rlcdn.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://analytics.rlcdn.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-93.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.itpro.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
GET,OPTIONS,POST
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 021c711549f5f4a7c98f2f921f46beba.cloudfront.net (CloudFront)
x-amz-apigw-id
cCfU9FH2DoEEZ0w=
x-amz-cf-id
ShhHfRgUW9DBgwrT7R1bO6J2Rvc0bb6Pwnj43gtMRKQb4y9ur3WnwA==
x-amz-cf-pop
JFK50-P7
x-amzn-requestid
6330d198-b92e-4a41-bd9e-34bb3cb224e8
x-cache
Miss from cloudfront
/
analytics.rlcdn.com/ 		13 KB
14 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.rlcdn.com/
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-93.jfk50.r.cloudfront.net
Software
/
Resource Hash
190452d2dc2b0a4003a01129838219bf46504ba4303d7e9e097a2d4dda65cbef

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 021c711549f5f4a7c98f2f921f46beba.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amzn-trace-id
Root=1-66b0df52-5f5b8d3d704e6d3e537ca9cc
x-amzn-requestid
e8a49805-801f-4d05-9eba-d46067d4c478
access-control-allow-methods
OPTIONS,POST
content-type
application/json
access-control-allow-origin
*
x-cache
Miss from cloudfront
access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id
cCfU_H7XDoEEurw=
content-length
13499
x-amz-cf-id
uecfVrIzH2-iUIgS9L7luapE38s9gTTMvcxEk5qm3CtyAd1SZMxwfQ==
iqusync-1.31.min.js
resources.infolinks.com/static/usync/ 		2 KB
881 B 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/static/usync/iqusync-1.31.min.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7adedc362a799da2168fec3a6b8ee1d705edbcbebb4d2fbf456af1f575a2ecae

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 11 Jul 2024 11:30:04 GMT
server
cloudflare
age
11674
etag
W/"7ce-61cf7158b5e00"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
8ae76b619e9c7487-MIA
expires
Wed, 04 Sep 2024 11:04:24 GMT
any
idx.liadm.com/idex/did-0043/ 		342 B
756 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://idx.liadm.com/idex/did-0043/any?duid=ee7a5467f5a4--01j4hegjh3vbydcmr0sx2napcp&us_privacy=1YNN&gdpr=0&did=did-0043&cd=.itpro.com&pu=https%3A%2F%2Fwww.itpro.com&resolve=nonId&resolve=uid2&resolve=index&resolve=bidswitch&resolve=pubmatic&resolve=magnite&resolve=openx
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.77.198 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-77-198.compute-1.amazonaws.com
Software
/
Resource Hash
a5a0b474cdff8269f1e25cc024706a881e258c87908f9a15fd0b9f62fc27d26e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
request-time
4
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.itpro.com
cache-control
max-age=86399, private
access-control-allow-credentials
true
trace-id
6aed9c25e822ef61
content-length
342
expires
Tue, 06 Aug 2024 14:18:58 GMT
envelope
api.rlcdn.com/api/identity/ 		0
278 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=12243
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.165.188 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
188.165.107.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 google
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.itpro.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pbcas
ads.yieldmo.com/ Frame D29D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/pbcas?us_privacy=1YNN&gdpr=0&gdpr_consent=&type=iframe
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.205.222.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-134.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-headers
Cache-Control, Pragma, *
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
*
content-encoding
gzip
content-type
text/html;charset=utf-8
date
Mon, 05 Aug 2024 14:18:58 GMT
pragma
no-cache
vary
accept-encoding
usersync.html
cdn.undertone.com/js/ Frame EFAE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.undertone.com/js/usersync.html?gdpr=0&gdprstr=&ccpa=1YNN
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:f000:1f:2473:9080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

age
23922
content-encoding
gzip
content-type
text/html
date
Mon, 05 Aug 2024 07:40:17 GMT
etag
W/"c0ad5bceb34dc473809dd23603a31cec"
last-modified
Wed, 13 Dec 2023 14:37:07 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 4e1c4d133adc8d8214916eeaddd7af66.cloudfront.net (CloudFront)
x-amz-cf-id
YwmaZASM4upHmjMX5hE2d28FnDHQtRex0EQdnpOKx3dgtVTfryZQ_w==
x-amz-cf-pop
JFK52-P3
x-amz-replication-status
COMPLETED
x-amz-server-side-encryption
AES256
x-amz-version-id
FpPUYNzys4ObbGRuHL8tOpxgUSayXD44
x-cache
Hit from cloudfront
async_usersync.html
acdn.adnxs.com/dmp/ Frame 2257 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.221.240.246 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-221-240-246.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Mon, 05 Aug 2024 14:18:58 GMT
ETag
"623de86a-cf34"
Expires
Tue, 06 Aug 2024 14:19:00 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
sync
eb2.3lift.com/ Frame 4076 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?us_privacy=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7&
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
1160
content-type
text/html; charset=utf-8
date
Mon, 05 Aug 2024 14:18:58 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame C4F5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=162345&gdpr=0&gdpr_consent=&us_privacy=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.9.13 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-9-13.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=155643
content-encoding
gzip
content-length
5516
content-type
text/html
date
Mon, 05 Aug 2024 14:18:58 GMT
expires
Wed, 07 Aug 2024 09:33:01 GMT
last-modified
Mon, 05 Aug 2024 09:22:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame B979 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?gdpr=0&us_privacy=1YNN&gpp=DBABLA~BVQqAAAAAgA.QA&gpp_sid=7
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.55.205.215 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-55-205-215.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
224
content-type
text/html; charset=UTF-8
date
Mon, 05 Aug 2024 14:18:58 GMT
etag
"2052a-10d-6142d69a886c0"
last-modified
Thu, 21 Mar 2024 15:32:19 GMT
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
isyn
sync.a-mo.net/ Frame FC00 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1YNN&_e=CuYESg13d3cuaXRwcm8uY29tUgthYXMtNDk1N2NmNVoIcGJhMS4zLjRqDXd3dy5pdHByby5jb236AQY4LjQ3LjDoAgCIA8--w7UGqANB6gMkYzhhYTAxYTQtZWRiOS00M2YxLWI3MDAtNmQzMGJlMzQ2ZjhkogSkA2h0dHBzOi8vd3d3Lml0cHJvLmNvbS9zZWN1cml0eS9jeWJlci1jcmltZS9yZXNlYXJjaGVycy1kaXNjb3Zlci1oaWdobHktc29waGlzdGljYXRlZC1vcGVyYXRpb24tdXNpbmctYS0zMDAwLXN0cm9uZy1uZXR3b3JrLW9mLWdob3N0LWFjY291bnRzLXRvLXNwcmVhZC1tYWx3YXJlLW9uLWdpdGh1Yj91dG1fc291cmNlPVNlbGxpZ2VudCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj1JVFBfU0VDVVJJVFlfQlVMTEVUSU5fQVVHXzIwMjQmdXRtX2NvbnRlbnQ9SVRQX1NFQ1VSSVRZX0JVTExFVElOX0FVR18yMDI0JnV0bV90ZXJtPTI1OTE1OTc0Jm1faT1kU3RLa0YzeVVqUHUyUDdRdEpEVE10THRXb3lZMXE3NTRuTDJuQ3JUR3g5JTJCS2VhcnIlMkJldGxVb1RnbTdHeHJKajJwbFliUGx2UXlweXRhJTJCNHRNcjFBaFRxektPVkRqNmRkY6oEA0RDSLIFA1VTROoFB2Rlc2t0b3D6BQNueTXABgDIBgGqBwN3ZWLKBwlpdHByby5jb23gBwGCCAlpdHByby5jb22KCAZjaHJvbWU
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.195.77 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control
max-age=0, private, must-revalidate
content-encoding
gzip
content-length
655
content-type
text/html; charset=utf-8
date
Mon, 05 Aug 2024 14:18:57 GMT
server
envoy
vary
accept-encoding
x-envoy-upstream-service-time
3
ixmatch.html
js-sec.indexww.com/um/ Frame C5EF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

age
874
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
8ae76b634a54a4ec-MIA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 05 Aug 2024 14:18:58 GMT
expires
Mon, 05 Aug 2024 18:18:58 GMT
last-modified
Mon, 25 Jul 2022 19:18:19 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
Accept-Encoding
iquid-01.js
resources.infolinks.com/static/ 		68 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/static/iquid-01.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f60c8e46ff2161132091c8bdaf0628c161918a67a1d65854c21bc6bdff7eb91

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 08 Mar 2024 09:50:03 GMT
server
cloudflare
age
7528
etag
W/"11007-613231db6db5c"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
8ae76b621f367487-MIA
expires
Wed, 04 Sep 2024 12:13:30 GMT
ima.js
cdn-ima.33across.com/ 		16 KB
89 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ima.33across.com/ima.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.35.167 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25e106a5f1c5d1a80bc895df64e131503ea560d57fa360b32277e01c7bacfe8c

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 24 Jul 2024 21:41:51 GMT
server
cloudflare
age
404321
etag
W/"66a1751f-4089"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
8ae76b62182167bd-MIA
expires
Thu, 08 Aug 2024 14:18:58 GMT
id5.js
resources.infolinks.com/static/ 		58 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/static/id5.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05e77dab19940dd457e00282837faecc886434cc8cc5f631575a5e6c386de774

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 26 Mar 2023 15:25:02 GMT
server
cloudflare
age
10735
etag
W/"e65f-5f7cf3aed6f0f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
8ae76b621f377487-MIA
expires
Wed, 04 Sep 2024 11:20:03 GMT
did-004d.min.js
d-code.liadm.com/ 		98 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d-code.liadm.com/did-004d.min.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:6400:1c:2afd:fb00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
ec516dc31a72ec6f2d2e01d6a4e5e38d0aa7e6d4e687deaec53e772089a022cf

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 07:05:37 GMT
content-encoding
gzip
via
1.1 f5b36a6d650578e8cf7b1700c37caa00.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P1
age
26001
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public,max-age=86400
x-amz-cf-id
c74PCgXBt1otuZQKHQ0mH8XVUun_HWBM2JTLND4bn3Xx1Yfz41Cuig==
sca.17.6.4.js
static.adsafeprotected.com/ Frame 872C 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.4.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:3e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ac42cf20760d5b0f71be7a0391c76020002aa1dcfc75bae782360bf2761db29f

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 12:02:16 GMT
x-amz-version-id
bOtNsqPibVajaDyuqqyqCrhSRcjcC6sa
content-encoding
gzip
via
1.1 ec0c03792167c1faa09ce29d408be53a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
age
8203
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 13 May 2024 16:44:02 GMT
server
AmazonS3
etag
W/"8fa66f8b94450bd040e7b5a7550c52de"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
4VkmyUiPaK4ZYtTUTFL60NoN5dexIjRicMKfP19_ruqcdAw47JgQlg==
mon
pixel.adsafeprotected.com/ 		43 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.adsafeprotected.com/mon?anId=923193&campId=970x250&pubId=4676654121&chanId=22905713822&placementId=6749414608&pubCreative=138481120911&pubOrder=3562784821&cb=1008586515&adsafe_par&impId=a5c3a8e9-5335-11ef-bf97-0e86acdf905b&custom=1,pre_inline_1&custom2=top-leaderboard&custom3=itprocom&custom4=358&custom5=no&adsafe_url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&adsafe_type=abcedq&adsafe_url=https%3A%2F%2Fwww.itpro.com%2F&adsafe_type=f&adsafe_jsinfo=,id:10c01698-bfca-0b93-0d56-d34e44d78703,c:ktTfAv,sl:outOfView,em:true,fr:true,thd:1,mn:jsserver-primary-55c7c74d44-4429h,rg:va,pt:1-5-15,wc:1570.1170.1600.1200,ac:1885.1276.970.250,am:i,cc:1885.1276.970.250,piv:0,obst:0,th:0,reas:l,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1.grpm1,mtim:324,mot:0,app:0,maw:0,tdt:s,fm:ukAoBVZ+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C165%7C166%7C167%7C168%7C169%7C16a%7C16b%7C16c%7C16d%7C17%7C18%7C19%7C1a%7C1b%7C1c11%7C1c12%7C1c13%7C1c14%7C1c2%7C1c3%7C1c41%7C1c42%7C1c43%7C1c51%7C1c52%7C1c6%7C1c71%7C1c72%7C1c73%7C1c8%7C1d1%7C1d2%7C1d3%7C1e%7C1f111%7C1f112%7C1f113%7C1f114%7C1f115%7C1f116%7C1f117%7C1f12%7C1f13%7C1f141%7C1f142%7C1f15%7C1f16%7C1f17%7C1f18%7C1f19%7C1f1a%7C1f1b1%7C1f1b2%7C1f1c%7C1g%7C1h*.-%7C1h1%7C1h2%7C1i1%7C1j1%7C1j211%7C1j212%7C1j213%7C1j22%7C1k%7C1l1%7C1l2%7C1l3%7C1l4%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v%7C1w,idMap:1h*,pl:CV8L.CV8L.CV8L.CV8L.CV8L,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:397,oid:a765985c-5335-11ef-9dcc-ae42d0f888bc,v:19.8.524,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ff:1,ov:0
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.129.126.64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-174-129-126-64.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

p3p
CP="COM NAV INT STA NID OUR IND NOI"
pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
cache-control
no-cache
server
Apache-Coyote/1.1
content-length
43
content-type
image/gif
dt
dt.adsafeprotected.com/ 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923193&asId=10c01698-bfca-0b93-0d56-d34e44d78703&tv=%7Bc:ktTfAy,pingTime:-8,time:399,type:l,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:399,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:396,wc:1570.1170.1600.1200,ac:1885.1276.970.250,am:i,cc:1885.1276.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B70~0%5D,as:%5B70~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:ukAoBVZ+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C165%7C166%7C167%7C168%7C169%7C16a%7C16b%7C16c%7C16d%7C17%7C18%7C19%7C1a%7C1b%7C1c11%7C1c12%7C1c13%7C1c14%7C1c2%7C1c3%7C1c41%7C1c42%7C1c43%7C1c51%7C1c52%7C1c6%7C1c71%7C1c72%7C1c73%7C1c8%7C1d1%7C1d2%7C1d3%7C1e%7C1f111%7C1f112%7C1f113%7C1f114%7C1f115%7C1f116%7C1f117%7C1f12%7C1f13%7C1f141%7C1f142%7C1f15%7C1f16%7C1f17%7C1f18%7C1f19%7C1f1a%7C1f1b1%7C1f1b2%7C1f1c%7C1g%7C1h*.-%7C1h1%7C1h2%7C1i1%7C1j1%7C1j211%7C1j212%7C1j213%7C1j22%7C1k%7C1l1%7C1l2%7C1l3%7C1l4%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v%7C1w,idMap:1h*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:398%7D&br=c
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:7f9d:427e:9ca6:5b95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
server
nginx
x-server-name
dt31.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
sca.17.6.4.js
static.adsafeprotected.com/ Frame 8974 		91 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.4.js
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:3e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ac42cf20760d5b0f71be7a0391c76020002aa1dcfc75bae782360bf2761db29f

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 12:02:16 GMT
x-amz-version-id
bOtNsqPibVajaDyuqqyqCrhSRcjcC6sa
content-encoding
gzip
via
1.1 ec0c03792167c1faa09ce29d408be53a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
age
8203
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 13 May 2024 16:44:02 GMT
server
AmazonS3
etag
W/"8fa66f8b94450bd040e7b5a7550c52de"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
4VkmyUiPaK4ZYtTUTFL60NoN5dexIjRicMKfP19_ruqcdAw47JgQlg==
mon
pixel.adsafeprotected.com/ 		43 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.adsafeprotected.com/mon?anId=923193&campId=300x250&pubId=4971039325&chanId=22905714311&placementId=6435228879&pubCreative=138458895445&pubOrder=2801906293&cb=1000001850&adsafe_par&impId=a5c3a8ea-5335-11ef-bf97-0e86acdf905b&custom=1,pre_right_1&custom2=mpu1&custom3=itprocom&custom4=358&custom5=no&adsafe_url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&adsafe_type=abcedq&adsafe_url=https%3A%2F%2Fwww.itpro.com%2F&adsafe_type=f&adsafe_jsinfo=,id:a79c574a-d185-8058-884e-8f38a1015ead,c:ktTfBA,sl:outOfView,em:true,fr:true,thd:1,mn:jsserver-primary-55c7c74d44-p6lnb,rg:va,pt:1-5-15,wc:1570.1170.1600.1200,ac:2535.1627.300.250,am:i,cc:2535.1627.300.250,piv:0,obst:0,th:0,reas:l,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1.grpm1,mtim:430,mot:0,app:0,maw:0,tdt:s,fm:ukAoBW5+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C165%7C166%7C167%7C168%7C169%7C16a%7C16b%7C16c%7C16d%7C17%7C18%7C19%7C1a%7C1b%7C1c11%7C1c12%7C1c13%7C1c14%7C1c2%7C1c3%7C1c41%7C1c42%7C1c43%7C1c51%7C1c52%7C1c6%7C1c71%7C1c72%7C1c73%7C1c8%7C1d1%7C1d2%7C1d3%7C1e%7C1f111%7C1f112%7C1f113%7C1f114%7C1f115%7C1f116%7C1f117%7C1f12%7C1f13%7C1f141%7C1f142%7C1f15%7C1f16%7C1f17%7C1f18%7C1f19%7C1f1a%7C1f1b1%7C1f1b2%7C1f1c%7C1g%7C1h1%7C1h2%7C1h3%7C1i*.-%7C1i1%7C1j1%7C1j211%7C1j212%7C1j213%7C1j22%7C1k%7C1l1%7C1l2%7C1l3%7C1l4%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v%7C1w,idMap:1i*,pl:CV8L.CV8L.CV8L.CV8L.CV8L,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:458,oid:a765c04b-5335-11ef-809a-fa6d7b870312,v:19.8.524,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ff:1,ov:0
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.129.126.64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-174-129-126-64.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

p3p
CP="COM NAV INT STA NID OUR IND NOI"
pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
cache-control
no-cache
server
Apache-Coyote/1.1
content-length
43
content-type
image/gif
AECRGZMD-120.jpg
assets-jpcust.jwpsrv.com/thumbnails/
Redirect Chain
  • https://cdn.jwplayer.com/v2/media/vOlFj47S/poster.jpg?width=120
  • https://assets-jpcust.jwpsrv.com/thumbnails/AECRGZMD-120.jpg
5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/thumbnails/AECRGZMD-120.jpg
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d332e08a2355ddb8fa70634fbf1751b9c952fc92b55fd96a4e7db3b9a27d0b06

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
768
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
5565
x-served-by
cache-iad-kcgs7200164-IAD, cache-mia-kmia1760042-MIA
last-modified
Wed, 13 Mar 2024 16:31:38 GMT
server
nginx
x-timer
S1722867539.587787,VS0,VE1
etag
"f88a818f37f517256154ce1003459f0e"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
14289, 0

Redirect headers

date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 e2e847b082ff9d1bdd61dc9c27ca0786.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
IAD61-P1
access-control-allow-methods
GET
content-type
image/jpeg
location
https://assets-jpcust.jwpsrv.com/thumbnails/AECRGZMD-120.jpg
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-cache
Miss from cloudfront
x-robots-tag
noindex, indexifembedded
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
content-length
0
x-amz-cf-id
PG2LLItsMa44Mm_lHPE6Lwantr6t1N3nRTFszze88S5U6V-6z2TS4Q==
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923193&asId=10c01698-bfca-0b93-0d56-d34e44d78703&tv=%7Bc:ktTfBR,pingTime:-2,time:480,type:a,im:%7BpBlk:422,sf:0,pom:1,prf:%7BbeA:200,beZ:202,mfA:523,cmA:525,inA:526,inZ:532,prA:533,prZ:585,si:597,poA:599,bl:622,poZ:622,cmZ:622,mfZ:622,loA:629,loZ:633,ltA:679,ltZ:679,mdA:203,mdZ:500%7D%7D,sca:%7Blts:2024-08-05%2004.18.58,dfp:%7Bdf:4,sz:970.254,dom:body%7D%7D,env:%7Bgca:false,cca:true,ccd:%7Bversion:1,uspString:1YNN,newUser:true,dateCreated:2024-08-05T14:18:53.232Z,gpcEnabled:undefined%7D,gca2:true,gcd2:%7Bappl:0,cnst:na%7D%7D,clog:%5B%7Bpiv:0,vs:o,r:l,w:970,h:250,t:396%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:480,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:396,wc:1570.1170.1600.1200,ac:1885.1276.970.250,am:i,cc:1885.1276.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B151~0%5D,as:%5B151~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:ukAoBVZ+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C165%7C166%7C167%7C168%7C169%7C16a%7C16b%7C16c%7C16d%7C17%7C18%7C19%7C1a%7C1b%7C1c11%7C1c12%7C1c13%7C1c14%7C1c2%7C1c3%7C1c41%7C1c42%7C1c43%7C1c51%7C1c52%7C1c6%7C1c71%7C1c72%7C1c73%7C1c8%7C1d1%7C1d2%7C1d3%7C1e%7C1f111%7C1f112%7C1f113%7C1f114%7C1f115%7C1f116%7C1f117%7C1f12%7C1f13%7C1f141%7C1f142%7C1f15%7C1f16%7C1f17%7C1f18%7C1f19%7C1f1a%7C1f1b1%7C1f1b2%7C1f1c%7C1g%7C1h*.-%7C1h1%7C1h2%7C1i1%7C1j1%7C1j211%7C1j212%7C1j213%7C1j22%7C1k%7C1l1%7C1l2%7C1l3%7C1l4%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v%7C1w,idMap:1h*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:398,slid:%5Bgoogle_ads_iframe_/10518929/itpro.co.uk/news/article/top-leaderboard_0,google_ads_iframe_/10518929/itpro.co.uk/news/article/top-leaderboard_0__container__,bordeaux-ad-2,bordeaux-slot_static_0-hook_0%5D,sinceFw:79,readyFired:true%7D&br=c
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:7f9d:427e:9ca6:5b95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
server
nginx
x-server-name
dt32.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923193&asId=a79c574a-d185-8058-884e-8f38a1015ead&tv=%7Bc:ktTfDJ,pingTime:-2,time:590,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:252,beZ:255,mfA:682,cmA:684,inA:684,inZ:688,prA:688,prZ:702,si:710,poA:710,poZ:721,cmZ:721,mfZ:721,loA:737,loZ:742,ltA:841,ltZ:841,mdA:257,mdZ:547%7D%7D,sca:%7Blts:2024-08-05%2004.18.58,dfp:%7Bdf:4,sz:100.100,dom:div%7D%7D,env:%7Bgca:false,cca:true,ccd:%7Bversion:1,uspString:1YNN,newUser:true,dateCreated:2024-08-05T14:18:53.232Z,gpcEnabled:undefined%7D,gca2:true,gcd2:%7Bappl:0,cnst:na%7D%7D,clog:%5B%7Bpiv:0,vs:o,r:l,w:300,h:250,t:457%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:590,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:457,wc:1570.1170.1600.1200,ac:2535.1627.300.250,am:i,cc:2535.1627.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B157~0%5D,as:%5B157~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:ukAoBW5+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C165%7C166%7C167%7C168%7C169%7C16a%7C16b%7C16c%7C16d%7C17%7C18%7C19%7C1a%7C1b%7C1c11%7C1c12%7C1c13%7C1c14%7C1c2%7C1c3%7C1c41%7C1c42%7C1c43%7C1c51%7C1c52%7C1c6%7C1c71%7C1c72%7C1c73%7C1c8%7C1d1%7C1d2%7C1d3%7C1e%7C1f111%7C1f112%7C1f113%7C1f114%7C1f115%7C1f116%7C1f117%7C1f12%7C1f13%7C1f141%7C1f142%7C1f15%7C1f16%7C1f17%7C1f18%7C1f19%7C1f1a%7C1f1b1%7C1f1b2%7C1f1c%7C1g%7C1h1%7C1h2%7C1h3%7C1i*.-%7C1i1%7C1j1%7C1j211%7C1j212%7C1j213%7C1j22%7C1k%7C1l1%7C1l2%7C1l3%7C1l4%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v%7C1w,idMap:1i*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:458,slid:%5Bgoogle_ads_iframe_/10518929/itpro.co.uk/news/article/mpu1_0,google_ads_iframe_/10518929/itpro.co.uk/news/article/mpu1_0__container__,bordeaux-ad-3,bordeaux-slot_static_1-hook_0,sidebar-top,widgetArea17,main%5D,sinceFw:131,readyFired:true%7D&br=c
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:7f9d:427e:9ca6:5b95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
server
nginx
x-server-name
dt27.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
doq.htm
rt3027.infolinks.com/action/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rt3027.infolinks.com/action/doq.htm?pcode=utf-8&r=17228675385371
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1943.011-3.034/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9045d220fc9659f87c2cf03369ad0df670513b1872d6682432afbdfab7acb280

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:59 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
text/html;charset=UTF-8
access-control-allow-origin
https://www.itpro.com
p3p
CP="NON DSP NID OUR COR"
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-language
en-US
cf-ray
8ae76b66c91331f5-MIA
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
ProfilesEngineServlet
api.intentiq.com/profiles_engine/ 		110 B
987 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=328512134&pt=17&dpn=1&jsver=5.36&iiqidtype=2&iiqpcid=6d1247dc-035d-4b7e-ae6b-b2bd14006251&iiqpciddate=1722867538583&iiqcallcount=0&iiqfailcount=0&iiqnodata=false&iiqlocalstorageenabled=true&tsrnd=986_1722867538584&fbp=646215245&cttl=43200000&rrtt=0&dud=0&abtg=A&iiqppcc=0
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/static/iquid-01.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-127.jfk50.r.cloudfront.net
Software
/
Resource Hash
cf45d26e12518ff1b515e4d6875d13ed9b8c12b841816fa8e691d1a0b994ab07

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:59 GMT
via
1.1 ed016821a44f073856f1ffba399e1728.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P2
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
patent
https://www.almondnet.com/ip
alt-svc
h3=":443"; ma=86400
pragma
no-cache
access-control-max-age
3600
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.itpro.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Accept, X-Requested-With, remember-me, DNT,X-CustomHeader,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control
x-amz-cf-id
DVryjU8Qaw0FnGJhbr1VpI2LIGth4rSbpgbZH3Vem-z3vgjaE1TrJw==
expires
Thu, 01 Jan 1970 00:00:00 GMT
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=328512134&rnd=164056&iiqidtype=2&iiqpcid=6d1247dc-035d-4b7e-ae6b-b2bd14006251&iiqpciddate=1722867538583&tsrn...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=328512134&rnd=164056&iiqidtype=2&iiqpcid=6d1247dc-035d-4b7e-ae6b-b2bd14006251&iiqpciddate=1722867538583&tsrn...
43 B
939 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=328512134&rnd=164056&iiqidtype=2&iiqpcid=6d1247dc-035d-4b7e-ae6b-b2bd14006251&iiqpciddate=1722867538583&tsrnd=403_1722867538585&fbp=646215245&jsver=5.36&abtp=100&abtg=A&ckls=true&ci=C0hrfHQxoy&nc=false&trid=-999590801
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Server
2600:9000:26fa:5400:1b:6b7d:2300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:59 GMT
via
1.1 5773f2f43b989a9f02f459e75620d5f4.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P1
x-cache
Miss from cloudfront
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=86400
content-length
43
x-amz-cf-id
5Fuf6oM_S20T6TZpvV-KEK8fu2l53JJXDvSJGl6bluLXLjeyBlKrXg==
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:59 GMT
via
1.1 5773f2f43b989a9f02f459e75620d5f4.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P1
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=328512134&rnd=164056&iiqidtype=2&iiqpcid=6d1247dc-035d-4b7e-ae6b-b2bd14006251&iiqpciddate=1722867538583&tsrnd=403_1722867538585&fbp=646215245&jsver=5.36&abtp=100&abtg=A&ckls=true&ci=C0hrfHQxoy&nc=false&trid=-999590801
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
patent
https://www.almondnet.com/ip
alt-svc
h3=":443"; ma=86400
content-length
43
x-amz-cf-id
PUUhoKyp4wlse7Fu-mo7-vBSgTLtjNGIpYOLOOtuB1NI52TW8C-7EQ==
expires
Thu, 01 Jan 1970 00:00:00 GMT
envelope
lexicon.33across.com/v1/ 		42 B
58 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lexicon.33across.com/v1/envelope?pid=0015a0000344WLkAAM&src=ima&ver=1.12.3&us_privacy=1YNN&gpp=DBABLA%7EBVQqAAAAAgA.QA&gpp_sid=7
Requested by
Host: cdn-ima.33across.com
URL: https://cdn-ima.33across.com/ima.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.244.193.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
51.193.244.35.bc.googleusercontent.com
Software
/
Resource Hash
435b1ece4a55f4f8d06866b32c1aee3cc4661eb905265894795f15a57bf1b33d

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 google
vary
origin
content-type
application/json
access-control-allow-origin
https://www.itpro.com
cache-control
private, must-revalidate, max-age=28800
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923193&asId=10c01698-bfca-0b93-0d56-d34e44d78703&tv=%7Bc:ktTfGc,time:749,type:e,im:%7BpWait:36%7D,env:%7Bar:self.0%7D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:749,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:396,wc:1570.1170.1600.1200,ac:1885.1276.970.250,am:i,cc:1885.1276.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B420~0%5D,as:%5B420~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:265,fm:ukAoBVZ+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C165%7C166%7C167%7C168%7C169%7C16a%7C16b%7C16c%7C16d%7C17%7C18%7C19%7C1a%7C1b%7C1c11%7C1c12%7C1c13%7C1c14%7C1c2%7C1c3%7C1c41%7C1c42%7C1c43%7C1c51%7C1c52%7C1c6%7C1c71%7C1c72%7C1c73%7C1c8%7C1d1%7C1d2%7C1d3%7C1e%7C1f111%7C1f112%7C1f113%7C1f114%7C1f115%7C1f116%7C1f117%7C1f12%7C1f13%7C1f141%7C1f142%7C1f15%7C1f16%7C1f17%7C1f18%7C1f19%7C1f1a%7C1f1b1%7C1f1b2%7C1f1c%7C1g%7C1h*.-%7C1h1%7C1h2%7C1i.-%7C1i1%7C1j1%7C1j211%7C1j212%7C1j213%7C1j22%7C1k%7C1l1%7C1l2%7C1l3%7C1l4%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v%7C1w,idMap:1h*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:398,sis:619%7D&br=c
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:7f9d:427e:9ca6:5b95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
server
nginx
x-server-name
dt79.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923193&asId=a79c574a-d185-8058-884e-8f38a1015ead&tv=%7Bc:ktTfGe,time:745,type:e,env:%7Bar:self.0%7D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:745,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:457,wc:1570.1170.1600.1200,ac:2535.1627.300.250,am:i,cc:2535.1627.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B312~0%5D,as:%5B312~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:149,fm:ukAoBW5+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C165%7C166%7C167%7C168%7C169%7C16a%7C16b%7C16c%7C16d%7C17%7C18%7C19%7C1a%7C1b%7C1c11%7C1c12%7C1c13%7C1c14%7C1c2%7C1c3%7C1c41%7C1c42%7C1c43%7C1c51%7C1c52%7C1c6%7C1c71%7C1c72%7C1c73%7C1c8%7C1d1%7C1d2%7C1d3%7C1e%7C1f111%7C1f112%7C1f113%7C1f114%7C1f115%7C1f116%7C1f117%7C1f12%7C1f13%7C1f141%7C1f142%7C1f15%7C1f16%7C1f17%7C1f18%7C1f19%7C1f1a%7C1f1b1%7C1f1b2%7C1f1c%7C1g%7C1h1%7C1h2%7C1h3%7C1i*.-%7C1i1%7C1j1%7C1j211%7C1j212%7C1j213%7C1j22%7C1k%7C1l1%7C1l2%7C1l3%7C1l4%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v%7C1w,idMap:1i*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:458,sis:636%7D&br=c
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:7f9d:427e:9ca6:5b95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
server
nginx
x-server-name
dt86.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
any
idx.liadm.com/idex/did-004d/ 		459 B
873 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://idx.liadm.com/idex/did-004d/any?duid=ee7a5467f5a4--01j4hegjh3vbydcmr0sx2napcp&us_privacy=1YNN&gdpr=0&did=did-004d&gpp_s=DBABLA~BVQqAAAAAgA.QA&gpp_as=7&cd=.itpro.com&pu=https%3A%2F%2Fwww.itpro.com&resolve=nonId&resolve=uid2&resolve=index&resolve=openx&resolve=pubmatic&resolve=magnite&resolve=bidswitch&resolve=medianet&resolve=sovrn&resolve=connatix&resolve=thetradedesk
Requested by
Host: d-code.liadm.com
URL: https://d-code.liadm.com/did-004d.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.77.198 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-77-198.compute-1.amazonaws.com
Software
/
Resource Hash
50e321177e731d71f77530cc2f3457ce628e36f4a5b4fd22da4f7f9cadd74237
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
request-time
5
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.itpro.com
cache-control
max-age=86399, private
access-control-allow-credentials
true
trace-id
7eb7c34f525149bc
content-length
459
expires
Tue, 06 Aug 2024 14:18:58 GMT
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923193&asId=10c01698-bfca-0b93-0d56-d34e44d78703&tv=%7Bc:ktTfJy,pingTime:-10,time:957,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi40djEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi40dk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDAzMDEwN3x8NjAwfHxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjcuMC4wLjAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.4v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200222002220222202,asp:1722867538908%7C%7C55f588b92531c487f17cca3edeb7464a%7C%7C3d96f8e03a42123e5523adf5c57607ad%7C%7C680aeec379c3516978cf37125fc57ade%7C%7Cb60d89fad1059c7934b76b7cb7e0183e%7C%7Cf1a71184b036c47e2e037953fa3d6046%7C%7C9b43e3a0fa357c4258a978b50c8c4ba0%7C%7C4b771e5f283b5dea9bfcddaff1a88dcd%7C%7C1715618633%7D
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:7f9d:427e:9ca6:5b95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
server
nginx
x-server-name
dt34.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
activeview
pagead2.googlesyndication.com/pcs/ Frame 1BD4 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvjXFTm9NpwV49HZ5j-Cu0fOrhZna3c8s_OR2Ee-aG2hc9qXUn8ELaWDWMV1m3kb1AgAiqCm1s9qbjWTevGjednnfuyyHBH236BsDi-liydPL46luqjfBnfEM9xG8dISBXNqABwNhNMXZ1glZ7UsfHBiIww_PQCx1FyEw&sig=Cg0ArKJSzLiuI5uk92ZHEAE&id=lidar2&mcvt=1000&p=457,965,707,1265&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240731&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=736048873&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=1880033700&rst=1722867536849&rpt=1081&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f157.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923193&asId=a79c574a-d185-8058-884e-8f38a1015ead&tv=%7Bc:ktTfMt,pingTime:-10,time:1132,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi40djEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi40dk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDAzMDEwN3x8NjAwfHxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIEhlYWRsZXNzQ2hyb21lLzEyNy4wLjAuMCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.4v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200222002220222202,asp:1722867538537%7C%7C005fd95d928556b3b1195284a4db219e%7C%7C213bd2cb2e8f992537675f18d39532f1%7C%7C0e5b3f5d90bf4b800d1db6dd54294096%7C%7C62123702a45250c409dee3903f20e861%7C%7Cab1e2179e369a536828e980d78b8073b%7C%7C4f3abe54a31ddf3dd9c96aaeb3d63738%7C%7C29a1aa9fdc7f42455ce85dc80a64ff69%7C%7C1715618633,sca:%7Bspg:66d37e27-e9e4-1a28-27bd-51bc9ff2fa3a%7D%7D
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:7f9d:427e:9ca6:5b95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:59 GMT
server
nginx
x-server-name
dt09.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
bubble.js
resources.infolinks.com/js/1943.011-3.034/ 		156 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1943.011-3.034/bubble.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9db508eae3aaa6935f67c16a997c3025a72f6d6da35150e91ae4b40056274421

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:59 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 24 Jul 2024 13:24:13 GMT
server
cloudflare
age
11672
etag
W/"26fed-61dfe31b56184"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
8ae76b679d317487-MIA
expires
Wed, 04 Sep 2024 11:04:27 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ 		416 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0e::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e5cb95ff379f230c85c99082a695af99206bc588010f849d06263da77778087a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
145669
x-xss-protection
0
expires
Mon, 05 Aug 2024 14:18:54 GMT
container-4.0.html
resources.infolinks.com/static/ Frame 35CB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/static/container-4.0.html
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.itpro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

age
11641
cache-control
max-age=2592000
cf-cache-status
HIT
cf-ray
8ae76b67bad3a576-MIA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 05 Aug 2024 14:18:59 GMT
expires
Wed, 04 Sep 2024 11:04:58 GMT
last-modified
Mon, 18 Dec 2023 15:25:02 GMT
server
cloudflare
vary
Accept-Encoding
via
1.1 google
in_place.js
resources.infolinks.com/js/1943.011-3.034/ 		41 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1943.011-3.034/in_place.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ab786ee46014f1dc1344d3a683ec5eff4ad045b14b7ef2c137fa59988bff4e2

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:59 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 24 Jul 2024 13:24:13 GMT
server
cloudflare
age
11639
etag
W/"a377-61dfe31b551e4"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
8ae76b67cd617487-MIA
expires
Wed, 04 Sep 2024 11:05:00 GMT
publishertag.prebid.144.js
static.criteo.net/js/ld/ 		96 KB
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
content-encoding
gzip
last-modified
Fri, 27 Oct 2023 06:43:26 GMT
server
nginx
etag
W/"653b5c0e-1811e"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 06 Aug 2024 14:18:58 GMT
ima_ppub_config
securepubads.g.doubleclick.net/pagead/ 		159 B
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ima_ppub_config?ippd=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
cafe /
Resource Hash
7440fd1f5f27f173cbd583c5815a81906118886e771450c405fe7497d49bc472
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:55 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64
x-xss-protection
0
expires
Mon, 05 Aug 2024 14:18:55 GMT
ping.gif
prd.jwpltx.com/v1/jwplayer6/ 		0
203 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prd.jwpltx.com/v1/jwplayer6/ping.gif?h=-985906226&e=e&n=5468179867326599&abc=0&abt=128_sendDomainToFeedsOn&aid=wRvAOEYoEeyfkEbo2AynAw&amp=0&ask=dqH3tS48&at=1&c=1&ccp=0&cp=0&d=2&eb=0&ed=6&emi=10zndk6fu3d3&i=0&id=ffZUX3mV&lid=1kgyepb14ls4&lsa=read&mt=1&pbd=1&pbr=1&pgi=72d3g9vjqme7&ph=1&pid=aWeJUC35&pii=0&pl=339&plc=5&pli=edw0vz1u7yms&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub%20%7C%20ITPro&pu=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&pv=8.34.5&pyc=0&s=1&sdk=0&stc=1&stpe=0&t=What%20are%20the%20most-targeted%20industries%20for%20cyber%20attacks%3F&tv=4.0.5&vb=0&vi=0&vl=90&wd=602&ab=1&cae=0&cb=1&cdid=botr_YYRngYhb_aWeJUC35_div&cme=0&dd=1&fed=YYRngYhb&flc=0&fv=&ga=0&ipv=0.7.1&lng=en&mk=hls&mu=https%3A%2F%2Fcdn.jwplayer.com%2Fmanifests%2FffZUX3mV.m3u8&pbc=0&pd=2&pdr=&plng=en&plt=5700&pni=1&po=0&pogt=Researchers%20discover%20%E2%80%9Chighly%20sophisticated%E2%80%99%20operation%20using%20a%203%2C000-strong%20network%20of%20ghost%20accounts%20to%20spread%20malware%20on%20GitHub&rf=%2F%2Fcontent.jwplatform.com%2Fv2%2Fplaylists%2FaSCTOjYu%3Frelated_media_id%3DMEDIAID&sn=%7B%22controlbar%22%3A%7B%22background%22%3A%22rgba(0%2C0%2C0%2C0)%22%2C%22icons%22%3A%22rgba(255%2C255%2C255%2C0.8)%22%2C%22iconsActive%22%3A%22%23FFFFFF%22%2C%22text%22%3A%22%23FFFFFF%22%7D%2C%22menus%22%3A%7B%22background%22%3A%22%23333333%22%2C%22text%22%3A%22rgba(255%2C255%2C255%2C0.8)%22%2C%22textActive%22%3A%22%23FFFFFF%22%7D%2C%22timeslider%22%3A%7B%22progress%22%3A%22%23F2F2F2%22%2C%22rail%22%3A%22rgba(255%2C255%2C255%2C0.3)%22%7D%2C%22tooltips%22%3A%7B%22background%22%3A%22%23FFFFFF%22%2C%22text%22%3A%22%23000000%22%7D%7D&sp=0&st=3360&sa=1722867537392
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2479:3200:1b:6b7c:c940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:59 GMT
via
1.1 216cc93d387142758c190b0491dc538c.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
IAD61-P3
x-amz-cf-id
VIYiYc6qr5amBaHRRfATqQE3gHcufoiuUGrZP4jOGABHFbR55ILApA==
x-cache
Miss from cloudfront
view
securepubads.g.doubleclick.net/pcs/ Frame 7AF1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstUTGtg7PGXu-ydngv-tfToJ0kcGXVIkvlCF-hgOUYDm2RpZEKgibujd_IJ7rIinXYvwf4wm6PlvwXNqe4wYXBof8TeHINeX2dK6Nq7LZDpMbEapuGV671w1CBxcFs_Esq9N9MD74t1Hp9IsFto-Lfp9lpYPphkg5fgbvQjHnNNECsLPsXMCUcI6YUcmw6W9JgFmFo03M1AcuHu9bRR3Bz82legi4S1b1yg7QL9dV70D2-FhRRyq7118W7qkB9Km16mRQXWLd-Z9Ptws_wXCy_2Uaza4KydoCJzrd8py1rQXlj-mDB_kL20I5MEG6AZFFCKWC9dX24NU8hGcu27TUJK3APqckuQkCI8ADboy216W95tjL_cukzaNckQLCNh2VkYsiQ3St7j6wim7hyfI99LBRbziDoy5Q&sai=AMfl-YR822RmZqfsRWKD3IbBgHmlYrM5xunQwF66kk5z5UvNxlRqtQhub6s5szV03kexg5-OZXKAnCzL5BdsLUFdXiKwum9KAJafmlluMHZTMewt5S42DOwbrsr980Kx3oq9Y_JApmrlUzlTLLoo5oMxtIA&sig=Cg0ArKJSzIAlf5WczRdiEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f155.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:59 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Mon, 05 Aug 2024 14:18:59 GMT
3pCsmEvent
tungsten-service.prod.na.adsqtungsten.a9.amazon.dev/csm/ Frame 7AF1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tungsten-service.prod.na.adsqtungsten.a9.amazon.dev/csm/3pCsmEvent
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2512:d200:e:f12b:c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 909ec3586e2eba60d35c2f3468905558.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amzn-requestid
a76ee55f-9c9d-4069-80b9-28018879da99
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
content-length
2
x-amz-cf-id
vGVymDpyHh6-9iC5mn_r9iAkB__2UvNLAokG73YkTO7V1_bhv20znw==
pstErrorLoggingEvent
tungsten-service.prod.na.adsqtungsten.a9.amazon.dev/pstLogError/ Frame 7AF1 		2 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tungsten-service.prod.na.adsqtungsten.a9.amazon.dev/pstLogError/pstErrorLoggingEvent
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2512:d200:e:f12b:c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 909ec3586e2eba60d35c2f3468905558.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amzn-requestid
04728873-4e7a-47e3-b9f1-45c8672c2ada
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
content-length
2
x-amz-cf-id
63P4JoKvTnDtW8Jw8nbfuj_EiEBauI4C4VsFHgkvBLpbUqTRHEDdWw==
getads.htm
rt3027.infolinks.com/action/ 		0
0
dt
dt.adsafeprotected.com/ 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923193&asId=10c01698-bfca-0b93-0d56-d34e44d78703&tv=%7Bc:ktTfPu,time:1325,type:e,im:%7BpLoad:1276%7D,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:1325,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:396,wc:1570.1170.1600.1200,ac:1885.1276.970.250,am:i,cc:1885.1276.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B996~0%5D,as:%5B996~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:76,fm:ukAoBVZ+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C165%7C166%7C167%7C168%7C169%7C16a%7C16b%7C16c%7C16d%7C17%7C18%7C19%7C1a%7C1b%7C1c11%7C1c12%7C1c13%7C1c14%7C1c2%7C1c3%7C1c41%7C1c42%7C1c43%7C1c51%7C1c52%7C1c6%7C1c71%7C1c72%7C1c73%7C1c8%7C1d1%7C1d2%7C1d3%7C1e%7C1f111%7C1f112%7C1f113%7C1f114%7C1f115%7C1f116%7C1f117%7C1f12%7C1f13%7C1f141%7C1f142%7C1f15%7C1f16%7C1f17%7C1f18%7C1f19%7C1f1a%7C1f1b1%7C1f1b2%7C1f1c%7C1g%7C1h*.-%7C1h1%7C1h2%7C1i.-%7C1i1%7C1j1%7C1j211%7C1j212%7C1j213%7C1j22%7C1k%7C1l1%7C1l2%7C1l3%7C1l4%7C1m%7C1n%7C1o%7C1p%7C1q%7C1r%7C1s%7C1t%7C1u%7C1v%7C1w,idMap:1h*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:398,sis:619%7D&br=c
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:7f9d:427e:9ca6:5b95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:59 GMT
server
nginx
x-server-name
dt40.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
3pCsmEvent
tungsten-service.prod.na.adsqtungsten.a9.amazon.dev/csm/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tungsten-service.prod.na.adsqtungsten.a9.amazon.dev/csm/3pCsmEvent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2512:d200:e:f12b:c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.itpro.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
access-control-max-age
172800
content-length
0
date
Mon, 05 Aug 2024 14:18:59 GMT
via
1.1 909ec3586e2eba60d35c2f3468905558.cloudfront.net (CloudFront)
x-amz-cf-id
kVMpoeQxJnGQpZc3v4U4RGlv0O1GHhohj53cw3D3PMsdvV_w8Fmwsw==
x-amz-cf-pop
JFK50-P7
x-amzn-requestid
01c6e1bb-f8f6-48e0-8f1e-83148a2c9c61
x-cache
Miss from cloudfront
pstErrorLoggingEvent
tungsten-service.prod.na.adsqtungsten.a9.amazon.dev/pstLogError/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tungsten-service.prod.na.adsqtungsten.a9.amazon.dev/pstLogError/pstErrorLoggingEvent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2512:d200:e:f12b:c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.itpro.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
access-control-max-age
172800
content-length
0
date
Mon, 05 Aug 2024 14:18:58 GMT
via
1.1 909ec3586e2eba60d35c2f3468905558.cloudfront.net (CloudFront)
x-amz-cf-id
zrrcWXFdr7xxkNrKp8rmdt3IrVyf2Q9AxmTCccMJVksdvHAJWwZGFw==
x-amz-cf-pop
JFK50-P7
x-amzn-requestid
a647f627-dcc2-4fa1-a0ff-5864c252e73a
x-cache
Miss from cloudfront
contextfeed.js
www.dianomi.com/js/ 		298 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/js/contextfeed.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.30.150 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7bd1589f452fb979ca876d514c0560ce0504047e6845b3fb70316104e3cde439
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:59 GMT
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
36
x-xss-protection
1; mode=block
cf-bgj
minify
last-modified
Mon, 05 Aug 2024 13:58:20 GMT
server
cloudflare
etag
W/"4a9e8-61ef011dd6fc8"
vary
X-FORWARDED-PROTO, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=120
access-control-allow-credentials
true
cf-ray
8ae76b6999632209-MIA
expires
Mon, 05 Aug 2024 14:20:59 GMT
popularBox.js
slice.vanilla.futurecdn.net/13-0-11/js/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://slice.vanilla.futurecdn.net/13-0-11/js/popularBox.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d69f868aa01ca2a02f54448fea330366c9aa87aa80660a3b5a64f231128d13fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:59 GMT
content-encoding
br
via
1.1 varnish
strict-transport-security
max-age=31536000
age
619738
x-cache
HIT
x-ftr-backend
van-prod
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
3765
x-served-by
cache-mia-kmia1760057-MIA
x-ftr-balancer
vanilla-mochi-http-haproxy-prod-1
x-ftr-request-id
00000000000000000000FFFF8CF85228:973D_00000000000000000000FFFFB9711932:01BB_66A76A78_A7FDF28:2878D3
last-modified
Mon, 29 Jul 2024 09:20:18 GMT
x-timer
S1722867539.348761,VS0,VE0
etag
W/"2c49-190fdca6788"
vary
accept-encoding, Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-ftr-backend-server
http.van-prod
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
2394
localeSelector.js
slice.vanilla.futurecdn.net/13-0-11/js/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://slice.vanilla.futurecdn.net/13-0-11/js/localeSelector.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
19cb747c07726d01d5f745ee457d35ea54268c5d97c418a4cc7ca468c1a60e6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:59 GMT
content-encoding
br
via
1.1 varnish
strict-transport-security
max-age=31536000
age
620180
x-cache
HIT
x-ftr-backend
van-prod
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
6509
x-served-by
cache-mia-kmia1760057-MIA
x-ftr-balancer
vanilla-mochi-http-haproxy-prod-1
x-ftr-request-id
00000000000000000000FFFF8CF8521A:5808_00000000000000000000FFFFB9711932:01BB_66A768BE_A7B5DE1:2878D3
last-modified
Mon, 29 Jul 2024 09:20:18 GMT
x-timer
S1722867539.348871,VS0,VE0
etag
W/"5719-190fdca6788"
vary
accept-encoding, Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-ftr-backend-server
http.van-prod
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
12943
regionRedirectBanner.js
slice.vanilla.futurecdn.net/13-0-11/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://slice.vanilla.futurecdn.net/13-0-11/js/regionRedirectBanner.js
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4ce8d1cf58dbf59700122c3e1b7ba6e35375e86c6698cef08b3ae16dab478a3e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:59 GMT
content-encoding
br
via
1.1 varnish
strict-transport-security
max-age=31536000
age
620180
x-cache
HIT
x-ftr-backend
van-prod
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1694
x-served-by
cache-mia-kmia1760057-MIA
x-ftr-balancer
vanilla-mochi-http-haproxy-prod-2
x-ftr-request-id
00000000000000000000FFFF8CF85247:9DD9_00000000000000000000FFFFB9711938:01BB_66A768BE_A68EF1A:12EE0B
last-modified
Mon, 29 Jul 2024 09:20:18 GMT
x-timer
S1722867539.351154,VS0,VE0
etag
W/"1080-190fdca678c"
vary
accept-encoding, Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-ftr-backend-server
http.van-prod
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
16963
context.pl
www.dianomi.com/cgi-bin/ 		416 B
433 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/cgi-bin/context.pl?id=1505&h=www.itpro.com&url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.30.150 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d2d8703d68b0de752d257a7f719c25eabad5a7789dfa9292aec244e70325ea6
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:59 GMT
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
server
cloudflare
vary
X-FORWARDED-PROTO
content-type
application/json; charset=ISO-8859-1
access-control-allow-origin
https://www.itpro.com
cache-control
no-store
access-control-allow-credentials
true
cf-ray
8ae76b6b3b482209-MIA
x-xss-protection
1; mode=block
RedwCmfxCPMtSW8N8UwyxY-320-80.jpg.webp
cdn.mos.cms.futurecdn.net/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mos.cms.futurecdn.net/RedwCmfxCPMtSW8N8UwyxY-320-80.jpg.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e2:9000:1b:ce45:6040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
fb1399bd43ca56c326ef906985a8d86c601190a2ca38136f94a580b9f90c23f8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-backend
default
age
8885
x-ftr-realm
pip
x-ftr-backend
mos_kodiak
x-ftr-cache-status
MISS
x-svc-build-time
Tue Jul 30 14:24:22 UTC 2024
x-served-by
kodiak-varnish-f96658d5b-qlk9m
x-ftr-balancer
bulkproxyprodred
x-svc-go-version
1.22.5
etag
debbf25bd03191b042e4d2fb65703a7f
x-svc-name
kodiak-svc
access-control-allow-methods
GET, OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=5184000
x-svc-version
latest
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
expires
Fri, 04 Oct 2024 11:50:54 UTC
date
Mon, 05 Aug 2024 11:50:54 GMT
via
1.1 2e8c2e7cad8a51072f754f4edb4b5714.cloudfront.net (CloudFront)
x-svc-env
prod
xkey
/proof/RedwCmfxCPMtSW8N8UwyxY.jpg
x-amz-cf-pop
IAD79-C2
x-cache
Hit from cloudfront
x-ftr-dc
uk-lon2
alt-svc
h3=":443"; ma=86400
content-length
16340
x-ftr-request-id
00000000:783E_00000000:01BB_66B0BC9B_187BDDD:72E3
access-control-max-age
1728000
x-ftr-backend-server
kube
access-control-allow-credentials
true
accept-ranges
bytes
x-amz-cf-id
3ONzWP6RCx81I76F2F7Vb0vqUgt1BkR3FmVHCRkRYlpqqILioWk-HA==
RedwCmfxCPMtSW8N8UwyxY-1280-80.jpg.webp
cdn.mos.cms.futurecdn.net/ 		94 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mos.cms.futurecdn.net/RedwCmfxCPMtSW8N8UwyxY-1280-80.jpg.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e2:9000:1b:ce45:6040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
1cc8530b559210c58000482599dc69939b32ebc5942e12007e4aacb48299fce9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-backend
default
age
7550
x-ftr-realm
pip
x-ftr-backend
mos_kodiak
x-ftr-cache-status
MISS
x-svc-build-time
Tue Jul 30 14:24:22 UTC 2024
x-served-by
kodiak-varnish-f96658d5b-qlk9m
x-ftr-balancer
bulkproxyprodred
x-svc-go-version
1.22.5
etag
debbf25bd03191b042e4d2fb65703a7f
x-svc-name
kodiak-svc
access-control-allow-methods
GET, OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=5184000
x-svc-version
latest
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
expires
Fri, 04 Oct 2024 12:13:02 UTC
date
Mon, 05 Aug 2024 12:13:02 GMT
via
1.1 2e8c2e7cad8a51072f754f4edb4b5714.cloudfront.net (CloudFront)
x-svc-env
prod
xkey
/proof/RedwCmfxCPMtSW8N8UwyxY.jpg
x-amz-cf-pop
IAD79-C2
x-cache
Hit from cloudfront
x-ftr-dc
uk-lon2
alt-svc
h3=":443"; ma=86400
content-length
96614
x-ftr-request-id
00000000:4FF6_00000000:01BB_66B0C1CD_188CF9C:72E3
access-control-max-age
1728000
x-ftr-backend-server
kube
access-control-allow-credentials
true
accept-ranges
bytes
x-amz-cf-id
NJaUJlh9_haTuzc9EwOOoHvpueKstP0DuajlHIG5t04yPBqWWwAGaA==
dianomi-context.css
www.dianomi.com/partner/dianomi/css/ Frame 964C 		169 B
301 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/partner/dianomi/css/dianomi-context.css?v=1.1
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.30.150 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99781410070a5dd4d753fdb8a46f4272082b5be64541dcfcb1b2d3c4aea09c6c
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:59 GMT
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
3518
cf-polished
origSize=199
x-xss-protection
1; mode=block
cf-bgj
minify
last-modified
Mon, 21 Jan 2019 12:43:41 GMT
server
cloudflare
etag
W/"c7-57ff735ded940"
vary
X-FORWARDED-PROTO, Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
8ae76b6c5c3d2209-MIA
expires
Mon, 05 Aug 2024 18:18:59 GMT
smartads.epl
www.dianomi.com/ Frame E5F5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/smartads.epl?id=10250&numAds=8&cf=2250.1505.ITPRO&url=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&unitId=dianomi-10250-ZrDfU0yQW05fJzEjtZsz2wAAAEQ0&responsiveHeight=1&contextfeedFrameId=1505-785&gdpr_consent=null&gdpr=null&canServeAds=true&canCookie=true&partner_tcf_status=2.0&partnerTcfStatus=2.0
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.30.150 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-origin
*
cache-control
no-cache,no-store,private
cf-cache-status
DYNAMIC
cf-ray
8ae76b6daaeedab1-MIA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 05 Aug 2024 14:19:00 GMT
expires
now
link
</img/a/pss/4137/6.css>;rel=preload;as=style
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=2592000
vary
X-FORWARDED-PROTO
x-content-type-options
nosniff
x-xss-protection
1; mode=block
dianomi-max-200x38.png
www.dianomi.com/img/ Frame 964C 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dianomi.com/img/dianomi-max-200x38.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.30.150 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70503c92bcbb8105d95ec4de2012f23098c3383586e95323e4b3384b56af4beb
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:18:59 GMT
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
cf-cache-status
HIT
age
2110980
cf-polished
origFmt=png, origSize=3940
content-disposition
inline; filename="dianomi-max-200x38.webp"
content-length
1164
x-xss-protection
1; mode=block
cf-bgj
imgq:85,h2pri
last-modified
Wed, 29 Jul 2020 16:53:11 GMT
server
cloudflare
etag
"f64-5ab9764140bc0"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2628000
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
8ae76b6c6c412209-MIA
expires
Thu, 05 Sep 2024 00:18:59 GMT
pixeltrack.pl
www.dianomi.com/cgi-bin/ Frame 964C 		77 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dianomi.com/cgi-bin/pixeltrack.pl?cf=2250.1505.ITPRO&geo_ccod=us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.30.150 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4fa79afcf5a5cc5a0f12dedaf825f11530e6397d723fe7044cd37ba3c248e57
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:18:59 GMT
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
vary
X-FORWARDED-PROTO
content-type
image/gif; charset=ISO-8859-1
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate, max-age=0, pre-check=0, post-check=0
access-control-allow-credentials
true
cf-ray
8ae76b6c6c422209-MIA
content-length
77
x-xss-protection
1; mode=block
expires
Sun, 04 Aug 2024 14:18:59 GMT
events
api.permutive.com/v2.0/batch/ 		301 B
183 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=253158cc-875d-4ed4-a52d-e954eca49313
Requested by
Host: 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
URL: https://6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
8608768cfe802423add0ddcf87e0116f4d2d7bdda7804f77b7a14a35b0d7aea8

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Aug 2024 14:19:00 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.itpro.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
165
activeview
pagead2.googlesyndication.com/pcs/ Frame 7AF1 		42 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv-rtAafkrfmPnD785NGrkJApGgFHIMpd7n0XzVYN0Yv9u_RXlDDuudYr4pwaor0pQlK9gHej-rsTcztyfguSwJ-BldEFo5JAvhzTP3oukQebYhuzbIyWEzA7S_--vE6vSGVXDBXjgvneYlzJbch-gvd0z6-FJNG8tQgQ&sig=Cg0ArKJSzASiTJUe_HtWEAE&id=lidar2&mcvt=1009&p=106,315,356,1285&mtos=1009,1009,1009,1009,1009&tos=1009,0,0,0,0&v=20240731&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=2555251210&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=1880033700&rst=1722867536800&rpt=2426&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0
Requested by
Host: www.itpro.com
URL: https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%2BKearr%2BetlUoTgm7GxrJj2plYbPlvQypyta%2B4tMr1AhTqzKOVDj6ddc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f157.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:19:00 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
event-stream
k.p-n.io/ 		0
126 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://k.p-n.io/event-stream
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.77.136 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Mon, 05 Aug 2024 14:19:00 GMT
access-control-allow-headers
*
access-control-max-age
600
access-control-allow-methods
*
%7B%22adCsm%22:[%7B%22tld%22:%22www.itpro.com%22%7D,%7B%22ns%22:1722867536800,%22st%22:%22970.70%22,%22re%22:%221042.60%22,%22ldTot%22:%2271.90%22%7D,%7B%22lteu%22:%220.10%22,%22ltut%22:%220.00%22,...
aax.amazon-adsystem.com/x/px/JLUvyQ-ytQrnw27M3nr7vdwAAAGRIuhPOQEAAAvYAUFhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICBCPXr3/ Frame 7AF1 		43 B
415 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax.amazon-adsystem.com/x/px/JLUvyQ-ytQrnw27M3nr7vdwAAAGRIuhPOQEAAAvYAUFhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICBCPXr3/%7B%22adCsm%22:[%7B%22tld%22:%22www.itpro.com%22%7D,%7B%22ns%22:1722867536800,%22st%22:%22970.70%22,%22re%22:%221042.60%22,%22ldTot%22:%2271.90%22%7D,%7B%22lteu%22:%220.10%22,%22ltut%22:%220.00%22,%22ltpq%22:%220.10%22,%22lths%22:%220.10%22,%22ltpm%22:%220.20%22,%22ltdm%22:%220.50%22,%22ltdb%22:%220.00%22,%22ltpst%22:%220.20%22,%22csmTot%22:%229.30%22%7D],%22pixelId%22:%22gbypcbwxvze%22,%22ts%22:1722867540390,%22ver%22:%22d-1.22%22%7D?cb=466112
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.99.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-99-9.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Aug 2024 14:19:00 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 1abf103face183cd8172f37e6ac30038.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P5
x-amz-rid
YQDR71X4SXPAHDCJ7C3E
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
image/gif
cache-control
no-cache
content-length
43
x-amz-cf-id
Rdap_s4xOKuAm5lYj644JVFXZC1TdzzG9vViCjw9Xxq0LANIlwwy_Q==
gtm.js
www.googletagmanager.com/ 		201 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5DWSLFH
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.175.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qs-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
d899943fc4a3f5663866acbd5fff2e1b4b40fa9e2570907837bf6420b5b3b4ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:19:00 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70776
x-xss-protection
0
last-modified
Mon, 05 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Aug 2024 14:19:00 GMT
gtm.js
www.googletagmanager.com/ 		215 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KHCPGDF
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.175.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qs-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
b4653de23d545d898995540379c13af6c67d257741e2dd632bde971462104112
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 05 Aug 2024 14:19:00 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75657
x-xss-protection
0
last-modified
Mon, 05 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Aug 2024 14:19:00 GMT
event-stream
k.p-n.io/ 		0
125 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://k.p-n.io/event-stream
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.77.136 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itpro.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Mon, 05 Aug 2024 14:19:01 GMT
access-control-allow-headers
*
access-control-max-age
600
access-control-allow-methods
*

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.com
URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRGxFSnobG5WLnUgxjM1KLyrlfa9mp1qWx_n92KInDJTcfRg10UWCnlssG8rsoCSBFd0yGIK4Fok1hQ3LNgMLD-ofniDQ
Domain
imasdk.googleapis.com
URL
https://imasdk.googleapis.com/js/core/bridge3.653.0_en.html
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Domain
rt3027.infolinks.com
URL
https://rt3027.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22u_IL_INPLACE_bordeaux-ad-3_300x250%22%2C%22bdc%22%3A1%2C%22prod_t%22%3A%22u%22%2C%22garc%22%3A0%2C%22as%22%3A%22300*250%22%2C%22sdata%22%3A%22downloads%22%2C%22scs%22%3A%22bKZPp-Wblh%22%7D%5D&rid=4f6af872-2d93-4b5c-8d27-e4b0db46b358&jsv=1943.011-3.034&sr=1600X1200&rts=1722867539247&cfv=-1&cb=getAdsResponse&os=Linux&ov=x86_64&br=Chrome&bv=127.0.0.0&dv=p&ce=t&purl=https%3A%2F%2Fwww.itpro.com%2Fsecurity%2Fcyber-crime%2Fresearchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github%3Futm_source%3DSelligent%26utm_medium%3Demail%26utm_campaign%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_content%3DITP_SECURITY_BULLETIN_AUG_2024%26utm_term%3D25915974%26m_i%3DdStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc&tzo=-1000&c=c&strg=true&pitc=50~EunrrPcsDBQHd3heXVWUdgUuYPHuFCZ_&sua=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D&rsd=kJ4jNdGkhziAHJ3hf1f7UdPubKYwIfsWx0NtuFnxUyE3CIq6-mUwjmKvkxi5GCCzTvOnkB6d67P7Jl-xu66wWz_1b23zZARBUYBgWfjvy8-q7m4ga1-UsLB0e9lHm2M-ESm4eDDDLT6t3PLpTcenGkci_UzCEwLWe-Etcoz-ySM&rsk=55&rcs=5IqSDtBnrtHJia1U5nckeA&cuid=f579b8d3-55f1-4bb7-b7d0-29fae8e0b0c2&usprivacy=1YNN&pnrmid=a991c1c350f5f7058d3144c6e1cea9fb927a006578a9fe431f83a9f95043fb63&li_in_us_res=null&ique=&hbnr=false

Verdicts & Comments Add Verdict or Comment

590 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 object| 31 object| 32 object| 33 object| defaultFlags object| vanilla object| VAN function| lazyObserveElement function| sliceHydrationLazy object| FUTR function| _typeof function| __tcfapi function| __uspapi function| __gpp_addFrame function| __gpp_stub function| __gpp_msghandler function| __gpp object| _sp_queue object| _sp_ object| ccpaAppliesPromise object| reliableConsentGiven function| FEPProcess function| FEPSanitise function| resolveFEP object| processFEP object| reliableDOMContentLoaded object| reliablePageLoad string| hawk_widgets_endpoint string| hawklinks_endpoint object| adParameters object| bordeaux object| FEP_object function| getConnectionDimensions object| getConnectUserDimensions function| missingImage string| ga_code object| analytics_ga_data string| version string| GoogleAnalyticsObject function| ga object| FEP object| freyr object| permutive object| googletag object| freyrData object| dataLayer object| dm object| FlexiLoader function| cssVars object| externalsScriptLoaded object| sliceComponents function| selligent_initialiser function| comscoreIntegration object| dfp_config object| vanillaComponents object| ffte object| xkeys object| __LOADABLE_LOADED_CHUNKS__ object| google_tag_data object| gaplugins object| _sp_wp_jsonp function| e function| t function| n function| r object| a number| s function| u function| c boolean| d function| f function| p object| h object| _ object| m function| v function| g function| b function| x object| y boolean| w function| S function| A object| O function| k object| N function| j function| T function| $ function| R function| L object| P function| D function| F function| I function| M object| B function| z function| W function| q function| G boolean| U function| V function| K function| H function| J function| Y object| X function| Z string| Q function| ee object| te function| ne function| re function| ie object| ae symbol| se function| le function| ue function| ce object| de function| fe function| pe function| he string| _e object| me function| ve function| ge function| be function| xe boolean| ye object| we object| Ee function| Se function| Ae function| Oe function| ke function| Ce function| Ne object| je function| Te function| $e object| Re function| Pe function| De function| Fe function| Ie function| Me function| Be function| ze function| We function| qe function| Ge function| Ve object| Ke function| He function| Ye function| Xe function| Ze function| Qe function| et function| tt function| nt function| rt function| it function| ot function| at object| st object| ut function| ct object| dt object| ft function| pt object| _t function| mt function| vt function| gt function| bt function| xt function| yt function| wt function| Et function| St function| At function| Ot function| kt object| Ct object| Nt symbol| jt symbol| Tt number| $t function| Rt boolean| Lt object| Pt function| Dt function| Ft function| It function| Mt object| Bt function| zt function| Wt object| qt function| Gt function| Ut function| Vt object| Kt object| Ht function| Jt function| Yt function| Xt function| Zt function| Qt function| en function| tn function| nn function| rn function| on function| an function| sn function| ln function| un function| cn object| dn object| fn object| pn object| hn function| _n object| mn object| vn function| gn object| bn object| xn object| yn object| wn function| En function| Sn function| An function| On function| kn object| Cn function| Nn function| jn object| Tn function| $n function| Rn function| Ln function| Pn function| Dn function| Fn function| In function| Mn function| Bn function| zn function| Wn function| qn function| Gn object| Un function| Vn function| Kn function| Hn function| Jn function| Yn function| Xn function| Zn function| Qn function| tr function| nr function| rr function| ir function| or object| ar string| sr function| ur function| cr function| dr function| fr function| pr function| hr function| _r function| mr function| vr function| gr function| br function| xr function| yr function| wr function| Er function| Sr string| Ar function| Or function| kr function| Cr function| Nr object| jr function| Tr function| $r function| Rr function| Lr function| Pr function| Dr function| Fr function| Ir object| Alpine object| utils object| champagne object| vanillaJsonp object| regeneratorRuntime object| fastdom number| future_sponsoredPostVersion function| renderSponsoredPost object| featureVariables function| jwplayerInit object| slice object| Flexi object| webpackChunkbordeaux string| indexExchangeDeviceType object| bordeauxAds object| bdx object| hawk object| google_tag_manager object| PARSELY function| gtag boolean| DotMetricsInitScript object| hawklinks object| gaGlobal object| gaData function| pbq function| getUserConsentsUsnat function| fbq function| _fbq object| _fbq_gtm_ids object| _ml object| el object| pbProcessor object| jwDefaults object| webpackChunkjwplayer function| jwplayer function| onYouTubeIframeAPIReady object| permutiveContextual object| DotMetricsSettings object| _pbjsGlobals object| __bt object| __bt_intrnl object| __bt_tag_d object| PushlySDK function| pushly object| adsmtag object| _aps boolean| apstagLOADED object| apstag object| apscustom object| pbjs object| DotmetricsJSON object| DotMetricsObj object| diagPixSentCodes object| __iasPET object| __iasAdRefreshConfig object| ggeac boolean| google_plmetrics object| google_js_reporting_queue object| lotame_sync_16576 boolean| __bt_already_invoked function| clearImmediate function| setImmediate object| atsdropmatchpixelmodule object| atsdetectionmodule object| atsenvelopemodule object| ats object| liQ_instances object| prebid object| __pubxFloors__ object| __pmacCpmHistory__ number| __loadTime__ number| __loadTimestamp__ object| __pubx__ object| __pubxGamQue__ object| _comscore object| google_reactive_ads_global_state object| __euid function| lotameIsCompatible function| sync16576_aa function| sync16576_c function| sync16576_f object| sync16576_h function| sync16576_ca function| sync16576_j function| sync16576_da object| sync16576_ object| sync16576_ja object| sync16576_ka object| sync16576_r object| sync16576_xa function| sync16576_a function| sync16576_b function| sync16576_g function| sync16576_i function| sync16576_k function| sync16576_l function| sync16576_m function| sync16576_n function| sync16576_ea function| sync16576_o function| sync16576_p function| sync16576_q function| sync16576_ga function| sync16576_fa function| sync16576_ha function| sync16576_ia function| sync16576_s function| sync16576_u function| sync16576_v function| sync16576_w function| sync16576_la function| sync16576_ma function| sync16576_x function| sync16576_na function| sync16576_y function| sync16576_z function| sync16576_t function| sync16576_B function| sync16576_oa function| sync16576_pa function| sync16576_qa function| sync16576_C function| sync16576_D function| sync16576_E function| sync16576_ra function| sync16576_F function| sync16576_G function| sync16576_H function| sync16576_J function| sync16576_L function| sync16576_K function| sync16576_M function| sync16576_N function| sync16576_I function| sync16576_sa function| sync16576_ta function| sync16576_ua function| sync16576_va function| sync16576_wa function| sync16576_O function| sync16576_P function| sync16576_ya function| sync16576_Q function| sync16576_za function| sync16576_Aa function| sync16576_Ba function| sync16576_R function| sync16576_Ca function| sync16576_Da function| sync16576_Ea function| sync16576_Fa function| sync16576_S function| sync16576_Ga function| sync16576_T function| sync16576_U function| sync16576_V function| sync16576_W function| sync16576_Ha function| sync16576_X function| sync16576_Y function| sync16576_Z function| sync16576__ function| sync16576_0 function| sync16576_1 function| sync16576_Ia function| sync16576_2 function| sync16576_Ka function| sync16576_Ja function| sync16576_3 function| sync16576_4 function| sync16576_La function| sync16576_Oa function| sync16576_Na function| sync16576_Ma function| sync16576_Qa function| sync16576_Sa function| sync16576_Pa function| sync16576_6 function| sync16576_Ra function| sync16576_Va function| sync16576_Ua function| sync16576_Ta function| sync16576_7 function| sync16576_5 function| sync16576_8 function| sync16576_Wa function| sync16576_Xa function| sync16576_Ya function| sync16576_Za function| sync16576_9 function| sync16576__a function| sync16576_$ function| sync16576_0a function| sync16576_1a function| sync16576_2a object| adsm function| _33AcrossIdMappingsProvider object| __id5_finalization_registry object| ID5 object| google_tag_topics_state object| Criteo object| _google_rum_ns_ object| google_persistent_state_async number| google_global_correlator function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList number| google_srt object| google object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$companion_ad_selection_settings object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ads_rendering_settings object| ima object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_error object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_error_event object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_event object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ads_manager_loaded_event function| sbiImg boolean| envelopeModuleReady object| COMSCORE object| ns_p number| google_unique_id object| closure_lm_636885 function| __onGCastApiAvailable number| infolinks_pid boolean| infolinks_iframe string| infolinks_basePath object| infolinks_slots boolean| infolinks_initFromFrame boolean| iceLoadStarted object| closure_lm_604717 object| [object Object] function| _defineProperty object| cast object| iqscript object| criteo_pubtag object| criteo_pubtag_prebid_144 object| Criteo_prebid_144 function| getIfbip number| iqilsource number| $iceId object| __IntegralASExec function| _createForOfIteratorHelper function| _unsupportedIterableToArray function| _arrayLikeToArray function| IntentIqObject function| PartnersWinEvent object| iiq_object_array object| liQd object| liQd_did_004d object| criteo_syncframe_state object| bubble object| skins object| stip object| regionRedirectBanner object| popularBox object| localeSelector function| dianomiReloadContext

419 Cookies

Domain/Path Name / Value
www.itpro.com/security/cyber-crime Name: logglytrackingsession
Value: d398bbff-eeba-4a69-8c3b-e9bb4bc092bb
.3lift.com/sync Name: sync
Value: CgoIoQEQhLShl5IyCgoI4gEQhLShl5IyCgoI5gEQhLShl5IyCgoIhwIQhLShl5IyCgkIOhCEtKGXkjIKCQgbEIS0oZeSMgoKCIwCEIS0oZeSMgoKCKwCEIS0oZeSMgoKCK0CEIS0oZeSMgoJCF8QhLShl5Iy
.smartadserver.com/api Name: pid
Value: 8497415044238285566
.liadm.com/j Name: lidid
Value: 1daad95f-a3e4-4f2a-89ff-e9952ac1d3d6
.www.itpro.com/ Name: FTR_Country_Code
Value: US
.www.itpro.com/ Name: FTR_Cache_Status
Value: HIT-CLUSTER
.www.itpro.com/ Name: usprivacy
Value: 1YNN
.itpro.com/ Name: _parsely_session
Value: {%22sid%22:1%2C%22surl%22:%22https://www.itpro.com/security/cyber-crime/researchers-discover-highly-sophisticated-operation-using-a-3000-strong-network-of-ghost-accounts-to-spread-malware-on-github?utm_source=Selligent&utm_medium=email&utm_campaign=ITP_SECURITY_BULLETIN_AUG_2024&utm_content=ITP_SECURITY_BULLETIN_AUG_2024&utm_term=25915974&m_i=dStKkF3yUjPu2P7QtJDTMtLtWoyY1q754nL2nCrTGx9%252BKearr%252BetlUoTgm7GxrJj2plYbPlvQypyta%252B4tMr1AhTqzKOVDj6ddc%22%2C%22sref%22:%22%22%2C%22sts%22:1722867533008%2C%22slts%22:0}
.itpro.com/ Name: _parsely_visitor
Value: {%22id%22:%22pid=763b9ef5-355a-4d71-b7b5-b574197a838c%22%2C%22session_count%22:1%2C%22last_session_ts%22:1722867533008}
.itpro.com/ Name: AMP_TOKEN
Value: %24NOT_FOUND
.itpro.com/ Name: _gid
Value: GA1.2.430158571.1722867533
.itpro.com/ Name: _gat
Value: 1
.servebom.com/ Name: u
Value: B2167199D88D4351A8D4D8CA17E65824
www.itpro.com/ Name: h_id
Value: B2167199D88D4351A8D4D8CA17E65824
.itpro.com/ Name: permutive-id
Value: 7e2a4e8b-d35f-4af2-86c1-12941ecffdc0
.itpro.com/ Name: __psid
Value: 1722867533681
.dotmetrics.net/ Name: DotMetrics.DeviceKey
Value: DeviceID=
.dotmetrics.net/ Name: DotMetrics.UniqueUserIdentityCookie
Value: UserID=e0b2dfc7-13d6-44f7-9390-b2082ec408a4&Created=08/05/2024 14:18:53&UserMode=0&guid=fa5a9b08-9df8-462e-87c5-97e0dbc19fc1&ver=1
.itpro.com/ Name: _ga
Value: GA1.2.1843726432.1722867533
.itpro.com/ Name: _gat_hawkWidgetsAffiliate
Value: 1
.itpro.com/ Name: usnatUUID
Value: 3f592608-b377-478c-ba60-260133303161
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.itpro.com/ Name: consentUUID
Value: ff04d907-91d8-47f2-8103-075fdf61c901
.6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co/ Name: pxid
Value: e0d8e91c-8ce0-42ec-a280-c4d5bbab7f68
.www.google-analytics.com/ Name: ar_debug
Value: 1
.ml314.com/ Name: pi
Value: 3646078572539412529
.ml314.com/ Name: tp
Value: 4%253B08%252F05%252F2024%2B14%253A18%253A53%253B0
.www.itpro.com/ Name: pushly.user_puuid_pay9ZILu
Value: zyay8ImIPiNDmyxxy7ifj5xf9cL6pMta
.www.itpro.com/ Name: _pnss_pay9ZILu
Value: none
.itpro.com/ Name: _fbp
Value: fb.1.1722867534168.555095722409106393
www.itpro.com/ Name: DM_SitId1423
Value: 1
www.itpro.com/ Name: DM_SitId1423SecId12368
Value: 1
.adsrvr.org/ Name: TDID
Value: 48c3f041-3e95-40ba-9b98-d1e5372b4104
.itpro.com/ Name: _li_dcdm_c
Value: .itpro.com
.demdex.net/ Name: demdex
Value: 41357460724346580133900109970120065457
.itpro.com/ Name: _lc2_fpi
Value: ee7a5467f5a4--01j4hegjh3vbydcmr0sx2napcp
.itpro.com/ Name: _lc2_fpi_meta
Value: %7B%22w%22%3A1722867534371%7D
.eyeota.net/ Name: mako_uid
Value: 19122e84a3f-21cd0000010a50f2
.eyeota.net/ Name: SERVERID
Value: 20722~DM
.dpm.demdex.net/ Name: dpm
Value: 41357460724346580133900109970120065457
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: 5908e6c1f62489d97c7b0c6c4cb95f0d
.ml314.com/ Name: u
Value: aHR0cHM6Ly93d3cuaXRwcm8uY29tLw%3D%3D
www.itpro.com/ Name: usp.23
Value: 1
www.itpro.com/ Name: usp.22
Value: 1
www.itpro.com/ Name: usp.9
Value: 1
www.itpro.com/ Name: usp.24
Value: 1
www.itpro.com/ Name: usp.14
Value: 1
www.itpro.com/ Name: usp.2
Value: 1
www.itpro.com/ Name: usp.42
Value: 1
www.itpro.com/ Name: usp.46
Value: 1
www.itpro.com/ Name: usp.19
Value: 1
www.itpro.com/ Name: usp.57
Value: 1
www.itpro.com/ Name: usp.59
Value: 1
www.itpro.com/ Name: usp.61
Value: 1
www.itpro.com/ Name: usp.48
Value: 1
www.itpro.com/ Name: usp.62
Value: 1
www.itpro.com/ Name: usp.64
Value: 1
www.itpro.com/ Name: usp.65
Value: 1
www.itpro.com/ Name: usp.66
Value: 1
www.itpro.com/ Name: _lr_geo_location_state
Value: FL
www.itpro.com/ Name: _lr_geo_location
Value: US
.casalemedia.com/ Name: CMID
Value: ZrDfTsAoJKAAADCUAWqq6AAA
.casalemedia.com/ Name: CMPS
Value: 1636
.casalemedia.com/ Name: CMPRO
Value: 1636
.go.sonobi.com/ Name: __uqc
Value: 1
.openx.net/ Name: i
Value: c0a26ff9-e377-0288-24eb-f148684b278b|1722867534
.3lift.com/ Name: tluidp
Value: 4287211908149823403099
.3lift.com/ Name: tluid
Value: 4287211908149823403099
.bidswitch.net/ Name: tuuid
Value: 3c82e640-f4c3-40ed-bb04-5704e47b66be
.bidswitch.net/ Name: c
Value: 1722867534
.bidswitch.net/ Name: tuuid_lu
Value: 1722867534
.go.sonobi.com/ Name: __uis
Value: 63f1a1cd-c9e8-4f0a-b97c-ff4127efb843
.yahoo.com/ Name: A3
Value: d=AQABBE7fsGYCEG1ATUqkAo6Rr5pklKIJR_wFEgEBAQEwsma6ZtxH0iMA_eMAAA&S=AQAAArjTCH3LTMB8R9uRDSztWLw
.sharethrough.com/ Name: stx_user_id
Value: 24039c5b-f546-451a-b072-135b2d89a060
.advertising.com/ Name: A3
Value: d=AQABBE7fsGYCEAvrRQ7Ephc4CEKsL-LZsD4FEgEBAQEwsma6ZtxH0iMA_eMAAA&S=AQAAAvPulUvVGTIf3WcFyYvpHKM
.yellowblue.io/ Name: wrvUserID
Value: 0k6UaqQzCp_s
.33across.com/ Name: 33x_ps
Value: u%3D212729161477666%3As1%3D1722867534817%3Ats%3D1722867534817
.lijit.com/ Name: ljt_reader
Value: JHGaALZH0G2OhhTTRTKJc_Dl
.omnitagjs.com/ Name: ayl_visitor
Value: 833700fcbbcf37dbf517b864d810ad87
.bfmio.com/ Name: __io_cid
Value: e43947ebd53362cb807baab152ce668985f01e8c
.casalemedia.com/ Name: receive-cookie-deprecation
Value: 1
.33across.com/ Name: check
Value: true
.3lift.com/ Name: receive-cookie-deprecation
Value: 1
.itpro.com/ Name: lotame_domain_check
Value: itpro.com
.itpro.com/ Name: _cc_id
Value: 5908e6c1f62489d97c7b0c6c4cb95f0d
.itpro.com/ Name: panoramaId_expiry
Value: 1722953934795
.itpro.com/ Name: panoramaId
Value: a991c1c350f5f7058d3144c6e1cea9fb927a006578a9fe431f83a9f95043fb63
.itpro.com/ Name: panoramaIdType
Value: panoDevice
.aidemsrv.com/ Name: __cf_bm
Value: c.GavpxBobqewOO6G.Q2SHpFxzgNR8qbyTud3vZD1h4-1722867535-1.0.1.1-iS9uCg8f_tP9QEIZ.YLepzEoqjzaYz3k5nHF2nIZzqRj3AXgquaif7HSZ7SXTgS2cms2V1RrXCsIto3bGSJqnw
www.itpro.com/ Name: _scor_uid
Value: d7da1d0dcfbb4feba64a0feb9da1d1bb
.zemanta.com/ Name: zuid
Value: HEgOeDXx340qmVGjg1Fk
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 3b3f8095b89ca498
.media.net/ Name: data-ris
Value: {{APID}}~~25
.doubleclick.net/ Name: IDE
Value: AHWqTUlArrIGADBlfKZjFYQGOe26sGq806aBFUtkED51lalczjg5G0IdeNFaUh8fYDo
.scorecardresearch.com/ Name: UID
Value: 1440604f518b3cdc5389fae1722867535
.scorecardresearch.com/ Name: XID
Value: 1440604f518b3cdc5389fae1722867535
.adnxs.com/ Name: XANDR_PANID
Value: I-ycrNJTHFymAoyM8VqgsdF_QOw9GzMfug3TRNGE0sfu4rG8xVlzsp_X7LiksxiIByFq5h6btYBBUboqqNiyZ2QJuRSCiTEzdpeebsafFms.
.adnxs.com/ Name: uuid2
Value: 8227823255572650278
.amazon-adsystem.com/ Name: ad-id
Value: A4WuAHV3BEotkWJiP42M2e4
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.servebom.com/ Name: ud
Value: 20240805141854+0000
.servebom.com/ Name: ramp_session
Value: 81D0F2B9F80C491E8037509836B2F0C5
.servebom.com/ Name: ias.fraud
Value: false
.contextweb.com/ Name: V
Value: OtbdQJhemzbV
.contextweb.com/ Name: VP
Value: part_OtbdQJhemzbV
.go.sonobi.com/ Name: __uir_an
Value: 216177446498599998
.go.sonobi.com/ Name: __uin_an
Value: 8227823255572650278
.sitescout.com/ Name: ssi
Value: 7020ec74-1c8f-4cee-a3ac-401b1757aa34#1722867535240
.go.sonobi.com/ Name: __uir_td
Value: 216177446498599998
.go.sonobi.com/ Name: __uin_td
Value: 48c3f041-3e95-40ba-9b98-d1e5372b4104
.smaato.net/ Name: SCM
Value: 7bf4e0fa1a
.smaato.net/ Name: SCMrise
Value: 7bf4e0fa1a
.liadm.com/ Name: lidid
Value: 1daad95f-a3e4-4f2a-89ff-e9952ac1d3d6
.pubmatic.com/ Name: KADUSERCOOKIE
Value: EF052076-B46A-4770-A15A-AF0F1FC8093D
.openwebmp.com/ Name: wrvUserID
Value: kEQUtq1-kp_ow
.yieldmo.com/ Name: yieldmo_id
Value: VmIYkccQmYcrT6EvbFfs%7C1722816000000%7C0
.adform.net/ Name: C
Value: 1
.media.net/ Name: visitor-id
Value: 3658691351524568000V10
.servebom.com/ Name: up_66
Value: 0k6UaqQzCp_s
.servebom.com/ Name: up_2
Value: ZrDfTsAoJKAAADCUAWqq6AAA%261636
.servebom.com/ Name: up_65
Value: 833700fcbbcf37dbf517b864d810ad87
.servebom.com/ Name: up_64
Value: 24039c5b-f546-451a-b072-135b2d89a060
.servebom.com/ Name: up_61
Value: y-_rx4DJNE2uK14Jh8SqzY8GErABv6KnA-~A
.servebom.com/ Name: up_62
Value: 3c82e640-f4c3-40ed-bb04-5704e47b66be
.servebom.com/ Name: up_57
Value: y-BmNVrOxE2uGb9LYLUKpwxiisaEBIR4Xj~A
.creativecdn.com/ Name: g
Value: 4w62OFsM5HIOPCB94ojl_1722867535318
.creativecdn.com/ Name: ts
Value: 1722867535
.servebom.com/ Name: up_59
Value: 212729161477666
.servebom.com/ Name: up_23
Value: 8544957376819976494
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-087e31b1-d131-5b54-55b0-ecd4c8ecd8b2.TjBqfqIv0nyRytbQvW8D%2BsI3AyJNMiNsmIyIP3uNLAU
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-087e31b1-d131-5b54-55b0-ecd4c8ecd8b2.TjBqfqIv0nyRytbQvW8D%2BsI3AyJNMiNsmIyIP3uNLAU
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3ACH4xsdExW1RVsOzUyOzYsiaEdk0.hX%2Bn8rqBI1GrNfsa1CnPxrc0Tymydf1rbuHhQABuvhw
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3ACH4xsdExW1RVsOzUyOzYsiaEdk0.hX%2Bn8rqBI1GrNfsa1CnPxrc0Tymydf1rbuHhQABuvhw
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKINs5fA_N9ZazmHCppWCJXnHta0A5oSbX6bDrSDnxLdeTENYBGAQgz77DtQYwAToEFPvsiUIEj79yCQ.UkQKHcGwgHPh0ZfeRD9mBbf%2BkXEsnIAxT%2BWP%2BDFbPtE
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKINs5fA_N9ZazmHCppWCJXnHta0A5oSbX6bDrSDnxLdeTENYBGAQgz77DtQYwAToEFPvsiUIEj79yCQ.UkQKHcGwgHPh0ZfeRD9mBbf%2BkXEsnIAxT%2BWP%2BDFbPtE
.mathtag.com/ Name: uuid
Value: ad7b66b0-df4f-4500-9723-6bb53b165bb1
.servebom.com/ Name: up_24
Value: JHGaALZH0G2OhhTTRTKJc_Dl
.servebom.com/ Name: up_14
Value: 4287211908149823403099
.servebom.com/ Name: up_22
Value: 7ded7626-175f-00a1-10a2-8c80b0d42a90
.servebom.com/ Name: up_9
Value: 63f1a1cd-c9e8-4f0a-b97c-ff4127efb843
.adnxs.com/ Name: icu
Value: ChkIjJ6KARAKGAIgAigCMM--w7UGOAJAAkgCEM--w7UGGAE.
.adform.net/ Name: uid
Value: 5042828190446846974
.servebom.com/ Name: up_46
Value: 5ED56B71-A3A8-4A54-B106-903963D21960
.go.sonobi.com/ Name: __uir_st
Value: 216177450793567295
.go.sonobi.com/ Name: __uin_st
Value: CH4xsdExW1RVsOzUyOzYsiaEdk0
.go.sonobi.com/ Name: __uir_if
Value: 216177450793567295
.go.sonobi.com/ Name: __uin_if
Value: ad7b66b0-df4f-4500-9723-6bb53b165bb1
.servebom.com/ Name: nuv
Value: 2
.bidr.io/ Name: bitoIsSecure
Value: ok
.bidr.io/ Name: bito
Value: AAE-1E7NYb8AABXY6WCpaQ
.go.sonobi.com/ Name: __uir_eb
Value: 216177450793567295
.go.sonobi.com/ Name: __uin_eb
Value: CAESEDG5ZXYUGrmd3BD1p6GAEB4||1
.tynt.com/ Name: uid
Value: p7fwLGaw308nE9noUQe1LQ==
.simpli.fi/ Name: suid
Value: 76A8822E24A2408E8505F3AC0C8CCFF6
.turn.com/ Name: uid
Value: 9187170888897202693
.quantserve.com/ Name: mc
Value: 66b0df4f-8c0cb-0f40f-82970
.pubmatic.com/ Name: KRTBCOOKIE_188
Value: 3189-7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553&KRTB&23418-7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEKo6H2V-6k7domtU86HFFSc&KRTB&23025-CAESEKo6H2V-6k7domtU86HFFSc&KRTB&23386-CAESEKo6H2V-6k7domtU86HFFSc
.aniview.com/ Name: aniC
Value: f7242e6b-86ec-4874-824d-561404eecd81
sync.aniview.com/ Name: aniC
Value: f7242e6b-86ec-4874-824d-561404eecd81
.csync.loopme.me/ Name: viewer_token
Value: 2e7f4e62-a0c2-41b4-953c-c8b5ae31767c
.deepintent.com/ Name: CDIUSER
Value: di_31f5ee28cef9432b91f58
.prebid.a-mo.net/ Name: __amc
Value: 1_1722867535_1722867535
.a-mo.net/ Name: amuid2
Value: 42e64b33-d71d-4ac6-b31b-a0e1486a2111
.a-mo.net/ Name: pamuid2
Value: 42e64b33-d71d-4ac6-b31b-a0e1486a2111
.prebid.a-mo.net/ Name: psd_amuid2
Value: 42e64b33-d71d-4ac6-b31b-a0e1486a2111
.prebid.a-mo.net/ Name: sd_amuid2
Value: 42e64b33-d71d-4ac6-b31b-a0e1486a2111
.open-adsyield.com/ Name: lluid
Value: 80020dc3-9d14-e7dd-dc29-bcc128b66169
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.adentifi.com/ Name: adtheorent[cuid]
Value: cuid_a60ff350-5335-11ef-803a-12328e819285
.mxptint.net/ Name: mxpim
Value: R33647_119C8FE74_4DAA27B2.1.000000000000000066B0DF4F
.mfadsrvr.com/ Name: tuuid
Value: b13a71d1-91bf-4919-8e35-21503c7ef96d
.mfadsrvr.com/ Name: c
Value: 1722867535
.mfadsrvr.com/ Name: tuuid_lu
Value: 1722867535
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-5042828190446846974&KRTB&23231-5042828190446846974&KRTB&23263-5042828190446846974&KRTB&23481-5042828190446846974
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-48c3f041-3e95-40ba-9b98-d1e5372b4104&KRTB&22918-48c3f041-3e95-40ba-9b98-d1e5372b4104&KRTB&22926-48c3f041-3e95-40ba-9b98-d1e5372b4104&KRTB&23031-48c3f041-3e95-40ba-9b98-d1e5372b4104
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-IQzTnV0zUX1ttNxRYZnCjCaEdk0&KRTB&23334-IQzTnV0zUX1ttNxRYZnCjCaEdk0&KRTB&23417-IQzTnV0zUX1ttNxRYZnCjCaEdk0&KRTB&23426-IQzTnV0zUX1ttNxRYZnCjCaEdk0
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-9187170888897202693&KRTB&23150-9187170888897202693&KRTB&23527-9187170888897202693
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:76A8822E24A2408E8505F3AC0C8CCFF6&KRTB&23486-uid:76A8822E24A2408E8505F3AC0C8CCFF6&KRTB&23489-uid:76A8822E24A2408E8505F3AC0C8CCFF6&KRTB&23539-uid:76A8822E24A2408E8505F3AC0C8CCFF6
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 19420-vf4Fd--uUyGm8AR36KpKd-38VyGm8FV-vPjN3lML&KRTB&22979-vf4Fd--uUyGm8AR36KpKd-38VyGm8FV-vPjN3lML&KRTB&23462-vf4Fd--uUyGm8AR36KpKd-38VyGm8FV-vPjN3lML
.ipredictive.com/ Name: cu
Value: 4049c5fc-4bfe-45c3-9d18-77e9d90c5d6a|1722867535634
.w55c.net/ Name: wfivefivec
Value: MxVGrDmY1SAYy35
.adgrx.com/ Name: ADGRX_UID
Value: a616538a-5335-11ef-8fc0-be40a7c067c1
.tapad.com/ Name: TapAd_TS
Value: 1722867535634
.tapad.com/ Name: TapAd_DID
Value: f400708d-f58e-4efb-b3f2-4b3d1b0c417e
.go.sonobi.com/ Name: __uir_bw
Value: 216177450793567295
.go.sonobi.com/ Name: __uin_bw
Value: 3c82e640-f4c3-40ed-bb04-5704e47b66be
.cpx.to/ Name: dsp_dbm
Value: CAESENsJpGcCPkAEN-ACtZd-SKk#1722867535603
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNrQ0MjA1NzE0NQMCIwtjAwtTIT5DXeMg58LyYOOowNK0SAALEx1qJQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNrQ0MjA1NzE0NQMCIwtjAwtTIT5DXeMg58LyYOOowNK0SAALEx1qJQAAAA
.aralego.com/ Name: sspid
Value: 31793053-71b6-306c-846c-b93f19e20569
.cpx.to/ Name: dsp_app_nexus
Value: 8227823255572650278#1722867535690
.cpx.to/ Name: dsp_TTD
Value: 0e365dc4-1852-45c2-ba63-fb539bbe7a2c#1722867535690
.ads.stickyadstv.com/ Name: UID
Value: f7b12ced3a3f77cae6df837e36a11c9d
.w55c.net/ Name: matchpubmatic
Value: 5
.smartadserver.com/ Name: pid
Value: 7092360138809547436
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-4049c5fc-4bfe-45c3-9d18-77e9d90c5d6a&KRTB&23011-4049c5fc-4bfe-45c3-9d18-77e9d90c5d6a&KRTB&23355-4049c5fc-4bfe-45c3-9d18-77e9d90c5d6a
.pubmatic.com/ Name: KRTBCOOKIE_1278
Value: 23329-d092c2fe-b252-49ba-a76e-3d044fd648ae&KRTB&23340-d092c2fe-b252-49ba-a76e-3d044fd648ae&KRTB&23498-d092c2fe-b252-49ba-a76e-3d044fd648ae
.pubmatic.com/ Name: KRTBCOOKIE_52
Value: 22772-R33647_119C8FE74_4DAA27B2&KRTB&23092-R33647_119C8FE74_4DAA27B2
.pubmatic.com/ Name: KRTBCOOKIE_18
Value: 22947-1921700058209664252
.adgrx.com/ Name: ADGRX_CM_PUBMATIC_BRIDGED
Value: 1
.mfadsrvr.com/ Name: ssh
Value: !adyoulike=1722867535
.go.sonobi.com/ Name: __uir_zt
Value: 216177450793567295
.go.sonobi.com/ Name: __uin_zt
Value: 1920574156666283085
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:MxVGrDmY1SAYy35&KRTB&23421-uid:MxVGrDmY1SAYy35
.aniview.com/ Name: 1_C_24
Value: 3c82e640-f4c3-40ed-bb04-5704e47b66be
sync.aniview.com/ Name: 1_C_24
Value: 3c82e640-f4c3-40ed-bb04-5704e47b66be
.bttrack.com/ Name: GLOBALID
Value: 2uKlc8-sIBd984cSmD72DtzKhbfc7yPxzSfqUhkeKHb6hbg5MpcbinzslxvHRlCJVBCXOh3UsrMC4Q2
.postrelease.com/ Name: visitor
Value: 67cdd0c3-96e8-4ace-8254-523c59713a4e
.postrelease.com/ Name: status
Value: 0
.cpx.to/ Name: dsp_rubicon
Value: LZH2UI73-I-1PCS#1722867535797
.cpx.to/ Name: dsp_OPENX
Value: 53337cb3-7658-0170-1cab-c10c0dfb0bf4#1722867535797
beacon.lynx.cognitivlabs.com/ Name: UID
Value: ae6b2708-0981-421e-96da-a986c7281aa2
beacon.lynx.cognitivlabs.com/ Name: ss
Value: TlpPvXFgMvkZBXVGQVKKs4w4ioSkvbwGDqnrZdhuKAIFLe6VnqyisaIDqHOpm81xt054jnl430qhGYLGjY1Phw%3D%3D
.smartadserver.com/ Name: csync
Value: 80:bQRSRT9UBBN2ClIRPQEdRzhUURR2CgdHb1N4VXaL|155:AQAHF5tQ7FkWvgJYDHBcAQEBAQEBAQCQI-lOnwEBAJAj6U6f
.pubmatic.com/ Name: KRTBCOOKIE_1003
Value: 22761-a616538a-5335-11ef-8fc0-be40a7c067c1&KRTB&23275-a616538a-5335-11ef-8fc0-be40a7c067c1
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-3c82e640-f4c3-40ed-bb04-5704e47b66be
.pubmatic.com/ Name: KRTBCOOKIE_32
Value: 11175-AQAEuc6p7nKxNQJ6mgq8AQEBAQEBAQCQI-lOnwEBAJAj6U6f&KRTB&22715-AQAEuc6p7nKxNQJ6mgq8AQEBAQEBAQCQI-lOnwEBAJAj6U6f&KRTB&23519-AQAEuc6p7nKxNQJ6mgq8AQEBAQEBAQCQI-lOnwEBAJAj6U6f
.aniview.com/ Name: 1_C_72
Value: 7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553
sync.aniview.com/ Name: 1_C_72
Value: 7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553
.aniview.com/ Name: 1_C_18
Value: JHGaALZH0G2OhhTTRTKJc_Dl
sync.aniview.com/ Name: 1_C_18
Value: JHGaALZH0G2OhhTTRTKJc_Dl
.go.sonobi.com/ Name: __uir_fw
Value: 216177450793567295
.go.sonobi.com/ Name: __uin_fw
Value: f7b12ced3a3f77cae6df837e36a11c9d
.go.sonobi.com/ Name: __uir_bs
Value: 216177450793567295
.go.sonobi.com/ Name: __uin_bs
Value: 7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553
.go.sonobi.com/ Name: __uir_rh
Value: 216177450793567295
.go.sonobi.com/ Name: __uin_rh
Value: dyuPae2CiZZKG9h04ucCYmKrx8231kEeP6IkZ_nU-DI
.go.sonobi.com/ Name: __uir_pp
Value: 216177450793567295
.go.sonobi.com/ Name: __uin_pp
Value: OtbdQJhemzbV
.cpx.to/ Name: dsp_pubmatic
Value: EF052076-B46A-4770-A15A-AF0F1FC8093D#1722867535919
.rubiconproject.com/ Name: receive-cookie-deprecation
Value: 1
.gumgum.com/ Name: vst
Value: u_913a6103-3ada-4684-b970-c749566a88ed
.kargo.com/ Name: ktcid
Value: 0b0ccd32-f41f-0159-54f3-57a346cc4c41
.krushmedia.com/ Name: krm_usr
Value: db7e5dcf-30da-57b0-a951-1525942d45ca
.linkedin.com/ Name: bcookie
Value: "v=2&376450a4-ee4f-43a1-8caa-4d4031ff792f"
.linkedin.com/ Name: lidc
Value: "b=OGST04:s=O:r=O:a=O:p=O:g=3268:u=1:x=1:i=1722867536:t=1722953936:v=2:sig=AQEzY5N-llvHFh4nbNm4z5t4hzSmi2vJ"
.deepintent.com/ Name: CDIPARTNERS
Value: %7B%221%22%3A%2220240805%22%2C%22142%22%3A%2220240805%22%7D
.aniview.com/ Name: 1_C_5
Value: LZH2UI73-I-1PCS
sync.aniview.com/ Name: 1_C_5
Value: LZH2UI73-I-1PCS
.servebom.com/ Name: up_19
Value: LZH2UI73-I-1PCS
.rubiconproject.com/ Name: khaos
Value: LZH2UI73-I-1PCS
.rubiconproject.com/ Name: khaos_p
Value: LZH2UI73-I-1PCS
.lijit.com/ Name: ljtrtbexp
Value: eJyrVrIwULIyNDcyMTA3NzQ201EyNDBCFTAyA%2FONLA0NzMF8czDf2ASIQXxLFPW1AKYgEHQ%3D
.ads.yieldmo.com/ Name: ptrt
Value: 48c3f041-3e95-40ba-9b98-d1e5372b4104
.technoratimedia.com/ Name: tads_uidp_16
Value: 1551371482546
.technoratimedia.com/ Name: tads_uidp_37
Value: dcdc208b-e306-3e4d-8502-d493308fc947
.technoratimedia.com/ Name: tads_uidp_44
Value: LZH1OG0D-1E-IO4T
.technoratimedia.com/ Name: tads_uidp_45
Value: 79F2060E-A633-4206-A893-10347237D95B
.technoratimedia.com/ Name: tads_uidp_46
Value: 6625296346491922105
.technoratimedia.com/ Name: tads_uidp_48
Value: e6d35f37-43ed-4823-8da1-aab6e06d949f
.technoratimedia.com/ Name: tads_uidp_49
Value: AQAE4T4MFTZ8mwJp04GQAQEBAQEBAQCQI8tkDgEBAJAjy2QO
.technoratimedia.com/ Name: tads_uidp_50
Value: 5ef394fb-6e02-49db-b550-638d916f0ec9
.technoratimedia.com/ Name: tads_uidp_61
Value: 212729296389702
.technoratimedia.com/ Name: tads_uidp_62
Value: 3658671731523901000V10
.technoratimedia.com/ Name: tads_uidp_64
Value: 9hTOq9b3u8jlOR1dfTzaKfIMmnwkfsY8
.technoratimedia.com/ Name: tads_uidp_7
Value: 1c6484c9-6c52-422e-9c83-b526449f906a
.technoratimedia.com/ Name: tads_uidp_70
Value: 1668364574412-986994375386-009124-010-008838
.technoratimedia.com/ Name: tads_uidp_73
Value: AAE-1E7NYb8AABXY6WCpaQ
.technoratimedia.com/ Name: tads_uidp_76
Value: RX-ad9a696f-a29e-457c-8249-63b7191b9223-004
.technoratimedia.com/ Name: tads_uidp_77
Value: wVX8cVAO7bBo0xeCWr53vHiq4n3-rKl8DEzMEOgP99M
.technoratimedia.com/ Name: tads_uidp_79
Value: 1f98861f-c14a-4b89-87a2-9e82af3c9ec2
.technoratimedia.com/ Name: tads_uidp_80
Value: y-C7E8bs1E2uHD8pUd53EIa7AUJ5ovjt8j~A
.technoratimedia.com/ Name: tads_uidp_82
Value: ZrDOwdHM47sAAGpfAMARDQAA&2775
.technoratimedia.com/ Name: tads_uidp_83
Value: R9WXtN4HSgtT
.technoratimedia.com/ Name: tads_uidp_88
Value: 2644755899138975512423
.technoratimedia.com/ Name: tads_uidp_90
Value: 10c87e9f-8a95-459f-8d8c-ece36ac01bef
.technoratimedia.com/ Name: tads_uidp_91
Value: 1127780877599371273brt56851661351334633785b9
.technoratimedia.com/ Name: tads_uid
Value: 0ACA07A79B244833993E8B9798357D18
.technoratimedia.com/ Name: tads_uid_cd
Value: 20230514043511+0000
.technoratimedia.com/ Name: tads_zora
Value: 2
.technoratimedia.com/ Name: envelope_liveramp.com
Value: 1706659281636
.ads.yieldmo.com/ Name: ptrunl
Value: OPTOUT
.krushmedia.com/ Name: krm_r
Value: 615|572
.undertone.com/ Name: UID_EXT_39
Value: 58633787-4a5f-011c-14b8-2667fbc03424
.undertone.com/ Name: UID_EXT_54
Value: 7020ec74-1c8f-4cee-a3ac-401b1757aa34-66b0df4f-5553
.undertone.com/ Name: UID_EXT_56
Value: y-vQK0hJ9E2uH2d6JsQUePtLwYjZ4quKLhUa4JZIQ-~A
.undertone.com/ Name: UID_EXT_46
Value: 48c3f041-3e95-40ba-9b98-d1e5372b4104
.undertone.com/ Name: UTID
Value: 06bf2451d1714ea5b142fc27f73805ca
.undertone.com/ Name: UTID_ENC
Value: edn8o8bf6i1yk3ggvr6aagui
.lijit.com/ Name: _ljtrtb_80
Value: LZH2UI73-I-1PCS
.lijit.com/ Name: _ljtrtb_27
Value: 48c3f041-3e95-40ba-9b98-d1e5372b4104
.pubmatic.com/ Name: KRTBCOOKIE_632
Value: 23041-dyuPae2CiZZKG9h04ucCYmKrx8231kEeP6IkZ_nU-DI&KRTB&23047-dyuPae2CiZZKG9h04ucCYmKrx8231kEeP6IkZ_nU-DI&KRTB&23234-dyuPae2CiZZKG9h04ucCYmKrx8231kEeP6IkZ_nU-DI&KRTB&23361-dyuPae2CiZZKG9h04ucCYmKrx8231kEeP6IkZ_nU-DI
.lijit.com/ Name: _ljtrtb_102
Value: db7e5dcf-30da-57b0-a951-1525942d45ca
.pubmatic.com/ Name: KRTBCOOKIE_699
Value: 22727-AAE-1E7NYb8AABXY6WCpaQ
.server.cpmstar.com/ Name: USER_ID
Value: %0a0d%8c%9c%bcjR%1d%f4%5c%00jk%ec
.adx.opera.com/ Name: UID
Value: OPU757e054fd21a4eec8097a1482d28f6ed
.itpro.com/ Name: __gads
Value: ID=f946fdb1416e532e:T=1722867535:RT=1722867535:S=ALNI_MaU2fhuSwKXq-wEDrRTAbdT4f3z_A
.itpro.com/ Name: __gpi
Value: UID=00000ec70f1b865b:T=1722867535:RT=1722867535:S=ALNI_MalleQWOz97NteL1GCawVPw5Djdwg
.itpro.com/ Name: __eoi
Value: ID=2f51b486ff92d1c0:T=1722867535:RT=1722867535:S=AA-AfjbZVlvSv7I9lk59xSYvMDCy
.undertone.com/ Name: UID_EXT_47
Value: LZH2UI73-I-1PCS
.ads.yieldmo.com/ Name: ptrpub
Value: EF052076-B46A-4770-A15A-AF0F1FC8093D
.pubmatic.com/ Name: SyncRTB3
Value: 1724025600%3A54_220_21_13_71
.richaudience.com/ Name: pdid
Value: 01df5fef-e6fa-44de-971f-1zz1722867381
pool.admedo.com/ Name: tuuid
Value: e3cc3c68-c57d-4bde-9f3a-acb97afeedf8
pool.admedo.com/ Name: c
Value: 1722867537
pool.admedo.com/ Name: tuuid_lu
Value: 1722867537
.itpro.com/ Name: _ga_H58Q5KTB4D
Value: GS1.1.1722867533.1.0.1722867537.56.0.0
.lijit.com/ Name: ljtrtb
Value: eJwNyjEOQjEIANC7MEsCFEJxdfEnDibGxa2U%2FksY727f%2FL7AJHCFSl9W88RGNdA8CUcYI5tYqJTaHHAB8X21z3aSMrYVhko5MDI6Fi9rLqlMum%2BnfR%2Bfu7wPb3ggP28v%2BP0BK1cbWA%3D%3D
.lijit.com/ Name: _ljtrtb_26
Value: 3c82e640-f4c3-40ed-bb04-5704e47b66be
.itpro.com/ Name: _ga_E36MVD1BQT
Value: GS1.1.1722867533.1.0.1722867537.56.0.0
.socdm.com/ Name: SOC
Value: ZrDfUcCo5ssAAE9Ive0AAAAA
.w55c.net/ Name: matchcasale
Value: 5
www.itpro.com/ Name: _lr_sampling_rate
Value: 100
.doubleclick.net/ Name: DSID
Value: NO_DATA
www.itpro.com/ Name: _lr_retry_request
Value: true
www.itpro.com/ Name: _lr_env_src_ats
Value: false
.googleadservices.com/ Name: ar_debug
Value: 1
.infolinks.com/ Name: cuid
Value: f579b8d3-55f1-4bb7-b7d0-29fae8e0b0c2
.ads.yieldmo.com/ Name: re_sync
Value: pp%3D1197275%7Crc%3D1197275%7Cunl%3D1197275%7Cc%3D1197275%7Ccriteo%3D1197275%7Ct%3D1197275%7Ctapad%3D1197275%7Cdv360%3D1197275%7Cpub%3D1197275%7Can%3D1197275
.sitescout.com/ Name: _ssuma
Value: eyIzOSI6MTcyMjg2NzUzNTQ1OCwiNyI6MTcyMjg2NzUzNTQ1OCwiODAiOjE3MjI4Njc1Mzg0MzMsIjc0IjoxNzIyODY3NTM1NzYwfQ
.rlcdn.com/ Name: rlas3
Value: dz5Mokb2XrjpQ9PUeZdR+dje0PrIUK9ECilaH0rA4CA=
.quantserve.com/ Name: d
Value: ECwBGQG_LPijC_vLEI268QA
.ads.yieldmo.com/ Name: ptrc
Value: CAESEEaqhi_k0v0xciVTWzKxLOk
.ads.yieldmo.com/ Name: ptrpp
Value: OtbdQJhemzbV
.pubmatic.com/ Name: SPugT
Value: 1722867538
.analytics.yahoo.com/ Name: IDSYNC
Value: "18vo~2jye:18z8~2jye:190u~2jye:1969~2jye:18z9~2jye"
.tynt.com/ Name: pids
Value: %5B%7B%22p%22%3A%22797f54a72d%22%2C%22f%22%3A1%2C%22ts%22%3A1722867535797%7D%2C%7B%22p%22%3A%224ef5c9a86a%22%2C%22f%22%3A1%2C%22ts%22%3A1722867535797%7D%2C%7B%22p%22%3A%224bee518595%22%2C%22f%22%3A1%2C%22ts%22%3A1722867538578%7D%2C%7B%22p%22%3A%22029cc11ae7%22%2C%22f%22%3A1%2C%22ts%22%3A1722867538578%7D%2C%7B%22p%22%3A%226f27415d53%22%2C%22f%22%3A1%2C%22ts%22%3A1722867538578%7D%2C%7B%22p%22%3A%22162dbd77b3%22%2C%22f%22%3A1%2C%22ts%22%3A1722867538578%7D%2C%7B%22p%22%3A%227daaa56bb0%22%2C%22f%22%3A1%2C%22ts%22%3A1722867538578%7D%2C%7B%22p%22%3A%2224c05c7b76%22%2C%22f%22%3A1%2C%22ts%22%3A1722867535797%7D%2C%7B%22p%22%3A%22d26852f088%22%2C%22f%22%3A1%2C%22ts%22%3A1722867535797%7D%2C%7B%22p%22%3A%22cf4d6e49b5%22%2C%22f%22%3A1%2C%22ts%22%3A1722867535797%7D%2C%7B%22p%22%3A%22f9a4a8fd15%22%2C%22f%22%3A1%2C%22ts%22%3A1722867535797%7D%2C%7B%22p%22%3A%22008c314e8f%22%2C%22f%22%3A1%2C%22ts%22%3A1722867538578%7D%5D
.infolinks.com/ Name: EQVSERCOOKIE
Value: 7092360138809547436
.infolinks.com/ Name: R1USERCOOKIE
Value: OPTOUT
.infolinks.com/ Name: URUSERCOOKIE
Value: OPTOUT
.go.sonobi.com/ Name: HAPLB8G
Value: s85101|ZrDfV
.pxl.iqm.com/ Name: infolink
Value: MTcyNDA3NzEzODYyMw==
.pxl.iqm.com/ Name: iqm.retarget.uid
Value: c4fcfa6a-926c-469a-8eb4-5d3091dd9053
.infolinks.com/ Name: TPLSERCOOKIE
Value: 4287211908149823403099
.media.net/ Name: data-inf
Value: setstatuscode~~41
.linkedin.com/ Name: li_sugr
Value: 9eafdd53-fa28-47b3-972a-e78970b984af
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!5246
.infolinks.com/ Name: SHTUSERCOOKIE
Value: 24039c5b-f546-451a-b072-135b2d89a060
.infolinks.com/ Name: SOVRNUSERCOOKIE
Value: JHGaALZH0G2OhhTTRTKJc_Dl
.infolinks.com/ Name: 33AUSERCOOKIE
Value: 212729161477666
.infolinks.com/ Name: VRUSERCOOKIE
Value: y-i9HaQ0ZE2uKeM4jddbI88kQ.QskGeKOG~A
.infolinks.com/ Name: QCUSERCOOKIE
Value: -STTtKt0heLiKtK0rHCctKkmgeLiKoO9-CLeesSz
.infolinks.com/ Name: OUTHUSERCOOKIE
Value: y-vh9ycrNE2uGGSiyjNS6XKUjfo04vVx4V~A
.pubmatic.com/ Name: SyncRTB4
Value: 1724112000%3A35_268%7C1723420800%3A15_223_2_38%7C1728000000%3A69%7C1723680000%3A63%7C1725408000%3A224%7C1724025600%3A46_8_178_266_231_96_243_267_240_234_21_238_176_220_214_56_48_249_81_104_13_250_71_7_233_55_99_166_5_54_3_165_22_264%7C1723248000%3A216
.rubiconproject.com/ Name: audit_p
Value: 1|BKM5imX6IgAw9Vb0ilev9QIM+9w+KzegySFOotLK5NY8fCYmOTvXg0RM8m706KULEBGA1N4HlnVS8G+dhi1GhdBvhTFcXXpv1I4M9dnrY5O3EU1ox3HlVA==
.rubiconproject.com/ Name: audit
Value: 1|BKM5imX6IgAw9Vb0ilev9QIM+9w+KzegySFOotLK5NY8fCYmOTvXg0RM8m706KULEBGA1N4HlnVS8G+dhi1GhdBvhTFcXXpv1I4M9dnrY5O3EU1ox3HlVA==
.infolinks.com/ Name: FRWHUSERCOOKIE
Value: f7b12ced3a3f77cae6df837e36a11c9d
.ads.yieldmo.com/ Name: ptrrc
Value: LZH2UI73-I-1PCS
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1sw9|4is.0.CAESEDzGFv1d6uzz9h_HnZ3OOIM|80p.0.1|7LJ.0.4cfaf80b-30bf-4a24-8ad4-5dc9dbc991fd|7TZ.0.1|7bq.0.1|7dN.0.AAE-1E7NYb8AABXY6WCpaQ|8i8.0.1
.contextweb.com/ Name: pb_rtb_ev_part
Value: 3-1sw9|4is.0.CAESEDzGFv1d6uzz9h_HnZ3OOIM|80p.0.1|7LJ.0.4cfaf80b-30bf-4a24-8ad4-5dc9dbc991fd|7TZ.0.1|7bq.0.1|7dN.0.AAE-1E7NYb8AABXY6WCpaQ|8i8.0.1
.undertone.com/ Name: UID_EXT_53
Value: EF052076-B46A-4770-A15A-AF0F1FC8093D
.dotomi.com/ Name: DotomiTest
Value: 7b7f59f536991421
.bluekai.com/ Name: bku
Value: fEy99an4LsRu28QQ
.bluekai.com/ Name: bkpa
Value: KJy9JyeRd02pSUHknpWNBEAlwtkAwVPAqMCFmsJZBZAhKVLpjt5tzMjCRV5NSx19IcGB/9==
.pippio.com/ Name: did
Value: Zt95jCC3FkioAcrf
.pippio.com/ Name: didts
Value: 1722867538
.pippio.com/ Name: nnls
Value:
.pippio.com/ Name: pxrc
Value: CNK+w7UGEgYIgr0rEAA=
.infolinks.com/ Name: MNETUSERCOOKIE
Value: 3658691351524568000V10
.infolinks.com/ Name: IQMUS
Value: c4fcfa6a-926c-469a-8eb4-5d3091dd9053
.infolinks.com/ Name: IXUSERCOOKIE
Value: ZrDfTsAoJKAAADCUAWqq6AAA&1636
.infolinks.com/ Name: OXUSERCOOKIE
Value: 38997231-5924-0af3-3ff2-0e52f4cbb1e3
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_1slymtobmRkYWZuamxqZmCxShzBtzA3MQMAeyp5qSAAAAA
.infolinks.com/ Name: KADUSERCOOKIE
Value: EF052076-B46A-4770-A15A-AF0F1FC8093D~1722875314782
.infolinks.com/ Name: ZMNUSERCOOKIE
Value: HEgOeDXx340qmVGjg1Fk
.tribalfusion.com/ Name: ANON_ID
Value: aynv7yRwEfES2QVoqavnRgZcOPTAS7qZcBiKk9BNJFYJ0sjwnatl3aLddNk3SwtcZa5MxOgNbKFHPiE4wNT3XNa4GgaaV8xr0FsbVKHbnErvLVE3xuHkLDE
.rlcdn.com/ Name: pxrc
Value: CM6+w7UGEgUI6AcQABIFCOhHEAQSBQjbThAAEgYIuOsBEAQ=
.pubmatic.com/ Name: KRTBCOOKIE_594
Value: 17105-OPTOUT&KRTB&17107-OPTOUT
.infolinks.com/ Name: PUBMUSERCOOKIE
Value: EF052076-B46A-4770-A15A-AF0F1FC8093D
.infolinks.com/ Name: SONOBIUSERCOOKIE
Value: 63f1a1cd-c9e8-4f0a-b97c-ff4127efb843
.infolinks.com/ Name: ZTUSERCOOKIE
Value: 1920574156666283085
.disqus.com/ Name: zeta-ssp-user-id
Value: ua-9a8142ce-6876-37d3-a644-86c2a75dd528
.bing.com/ Name: MUID
Value: 18A22F5808FB6E1A1F003B8A098A6FD4
.c.bing.com/ Name: MR
Value: 0
.adkernel.com/ Name: DSP2F_3
Value: 336050
.adkernel.com/ Name: ADKUID
Value: A6454871140195225784
.mgid.com/ Name: lmg_usr
Value: b44a0755-59e6-4277-ac7a-f9fcfd7a8879
.mgid.com/ Name: lmg_r
Value: 13
.pubmatic.com/ Name: KRTBCOOKIE_1323
Value: 23480-OPU757e054fd21a4eec8097a1482d28f6ed&KRTB&23485-OPU757e054fd21a4eec8097a1482d28f6ed&KRTB&23524-OPU757e054fd21a4eec8097a1482d28f6ed&KRTB&23575-OPU757e054fd21a4eec8097a1482d28f6ed
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:ad7b66b0-df4f-4500-9723-6bb53b165bb1
.infolinks.com/ Name: MGIDUSERCOOKIE
Value: b44a0755-59e6-4277-ac7a-f9fcfd7a8879
.company-target.com/ Name: tuuid
Value: 842b9120-b626-450f-b2bf-718dd82b36c5
.company-target.com/ Name: tuuid_lu
Value: 1722867539|ix:0
.eqads.com/ Name: EQUser
Value: UID=8a6c7abd-5c0d-4524-978e-7b2468447c63
.iqzone.com/ Name: iq_u_key
Value: 5a0674ec-3012-47c9-8e1f-ad435ee64f5d
.iqzone.com/ Name: iq_r_key
Value: 299
.intentiq.com/ Name: intentIQCDate
Value: 1722867539124
.intentiq.com/ Name: IQver
Value: 1.9
.intentiq.com/ Name: intentIQ
Value: C0hrfHQxoy
.resetdigital.co/ Name: ckbk
Value: 00000151AEE9A889
.ctnsnet.com/ Name: cid_ddb56ae65f7d4b6ba9cadd10d611a450
Value: 1
.thrtle.com/ Name: mc
Value: eyJpZCI6IjVlNGQ1Y2M2LWEyYTQtNDZjMy04M2FiLTA5NGRjYWEyMGM3MSIsImwiOjE3MjI4Njc1MzkxNzcsInQiOjF9
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 12
.pubmatic.com/ Name: DPSync4
Value: 1723420800%3A265_252_253%7C1724025600%3A256_259_260_262_261_236_258_201_263_245%7C1722902400%3A255_248%7C1723852800%3A257
.adsrvr.org/ Name: TDCPM
Value: CAESFgoHZDB0cm8xahILCKDfgZ3y2Jo9EAUSFwoIcHVibWF0aWMSCwja__Gz8tiaPRAFEhYKB3J1Ymljb24SCwikoJer8tiaPRAFEhsKDHNoYXJldGhyb3VnaBILCLjK6q3y2Jo9EAUSFAoFdGFwYWQSCwi-w4nF8tiaPRAFGAEgASgCMgsIhMiJ-IjZmj0QBTgBWglzdGlja3lhZHNgAg..
.sportradarserving.com/ Name: zuuid
Value: eaf96478-abc6-4178-945f-1bb729a9348a
.sportradarserving.com/ Name: c
Value: 1722867539
.sportradarserving.com/ Name: zuuid_lu
Value: 1722867539
.ads.pubmatic.com/ Name: pubsyncexp
Value: 1722889139230
.owneriq.net/ Name: p2
Value: pmc
.owneriq.net/ Name: si
Value: Q7761539391605357484P
.owneriq.net/ Name: pmc
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_1199
Value: 23168-00000151AEE9A889&KRTB&23175-00000151AEE9A889
.pubmatic.com/ Name: PugT
Value: 1722867537
.intentiq.com/ Name: CSDT
Value: UEQ6MTUzMjRfMCZVS2FPY0dK
.intentiq.com/ Name: ASDT
Value: 0
.intentiq.com/ Name: IQPData
Value: 646215245#1722867539209#0#1722867539209
.adsby.bidtheatre.com/ Name: __kuid
Value: d4dd35ea-1139-4921-b9be-61c9389267f2.492081539
.smaato.net/ Name: SCMinf
Value: 7bf4e0fa1a
.sportradarserving.com/ Name: zuuid_k
Value: 1
.sportradarserving.com/ Name: zuuid_k_lu
Value: 1722867539
.cw.addthis.com/ Name: ouid
Value: 66b0df5300016361323866343437356561656562636231346430
.cw.addthis.com/ Name: uid
Value: 66b0df53c7adc2bd
.cw.addthis.com/ Name: na_id
Value: 2024080514185924001535160640
.infolinks.com/ Name: SAMUSERCOOKIE
Value: 7bf4e0fa1a
.a-mx.com/ Name: amdt_t
Value: p::1722867539329
.a-mx.com/ Name: amuid2
Value: 42e64b33-d71d-4ac6-b31b-a0e1486a2111
.adkernel.com/ Name: SSPR_40
Value: aHR0cHM6Ly9yb3V0ZXIuaW5mb2xpbmtzLmNvbS9keW4vMTUybXVzP3VpZD1BNjQ1NDg3MTE0MDE5NTIyNTc4NA==
.adkernel.com/ Name: SSPZ
Value: 202694
.adkernel.com/ Name: DSP2F_40
Value: 639242
.serverbid.com/ Name: CONSUMABLEID
Value: 6e1238d7bd57432d9238d7bd57c32d42
.emxdgt.com/ Name: uid
Value: 49781722867539437815b8
.infolinks.com/ Name: CONSUSERCOOKIE
Value: 6e1238d7bd57432d9238d7bd57c32d42
io.narrative.io/ Name: io.narrative.guid.v2
Value: a85b42e0-5335-11ef-9dab-00000a0dbcff
.rtb.mx/ Name: amdt_t
Value: p::1722867539508
.rtb.mx/ Name: amuid2
Value: 42e64b33-d71d-4ac6-b31b-a0e1486a2111
.infolinks.com/ Name: QORAUSERCOOKIE
Value: A6454871140195225784

5 Console Messages

Source Level URL
Text
network error URL: https://cdn.brandmetrics.com/tag/62da25c406df470db725091722ab7306/itpro.js
Message:
Failed to load resource: the server responded with a status of 404 ()
security warning URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security warning URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security warning URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security warning URL: https://cadmus.script.ac/d4el4parm0zb3/script.js
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors self
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co
8296f9d9ba96a7d278c7a725bafa1f77.safeframe.googlesyndication.com
aax-us-east.amazon-adsystem.com
aax.amazon-adsystem.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.pubmatic.com
ads.servebom.com
ads.stickyadstv.com
ads.yieldmo.com
ampcid.google.com
analytics.google.com
analytics.rlcdn.com
ap.lijit.com
api.btloader.com
api.intentiq.com
api.pbxai.com
api.permutive.com
api.rlcdn.com
assets-jpcust.jwpsrv.com
ats-wrapper.privacymanager.io
bcp.crwdcntrl.net
bh.contextweb.com
bidder.criteo.com
bordeaux.futurecdn.net
btloader.com
c.amazon-adsystem.com
cadmus.script.ac
cdn-ima.33across.com
cdn.adsafeprotected.com
cdn.brandmetrics.com
cdn.id5-sync.com
cdn.jwplayer.com
cdn.mos.cms.futurecdn.net
cdn.p-n.io
cdn.parsely.com
cdn.pbxai.com
cdn.privacy-mgmt.com
cdn.undertone.com
champagne.futurecdn.net
check.analytics.rlcdn.com
cm.g.doubleclick.net
config.aps.amazon-adsystem.com
connect.facebook.net
content.jwplatform.com
creativecdn.com
cs-server-s2s.yellowblue.io
d-code.liadm.com
dpm.demdex.net
dt.adsafeprotected.com
eb2.3lift.com
entitlements.jwplayer.com
eus.rubiconproject.com
eventsproxy.gargantuan.futureplc.com
fastlane.rubiconproject.com
freyr.futurecdn.net
functions.adnami.io
futureplc-com.videoplayerhub.com
futureplc.slgnt.eu
geo.privacymanager.io
hb.undertone.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.clean.gg
ib.adnxs.com
idsync.rlcdn.com
idx.liadm.com
image2.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
in.ml314.com
js-sec.indexww.com
k.p-n.io
lexicon.33across.com
macro.adnami.io
match.adsrvr.org
match.sharethrough.com
ml314.com
mos.fie.futurecdn.net
p.cpx.to
p.rfihub.com
p1.parsely.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.adsafeprotected.com
pixel.advertising.com
pixel.rubiconproject.com
pixel.servebom.com
pixel.tapad.com
prd.jwpltx.com
prebid-server.rubiconproject.com
prebid.a-mo.net
prod.euid.eu
ps.eyeota.net
purch-sync.go.sonobi.com
r.skimresources.com
resources.infolinks.com
rm-script.dotmetrics.net
router.infolinks.com
rp.liadm.com
rp4.liadm.com
rt3027.infolinks.com
s.amazon-adsystem.com
s.cpx.to
s0.2mdn.net
sb.scorecardresearch.com
search-api.fie.futurecdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
slice.vanilla.futurecdn.net
sommelier.futurehybrid.tech
sr.studiostack.com
ssc-cms.33across.com
ssl.p.jwpcdn.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.criteo.net
stats.g.doubleclick.net
sync.a-mo.net
sync.bfmio.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.intentiq.com
sync.mathtag.com
sync.srv.stackadapt.com
tags.crwdcntrl.net
tlx.3lift.com
tpc.googlesyndication.com
tungsten-service.prod.na.adsqtungsten.a9.amazon.dev
u.openx.net
uk-script.dotmetrics.net
ups.analytics.yahoo.com
us-u.openx.net
vanilla.futurecdn.net
visitor.omnitagjs.com
www.dianomi.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.itpro.com
x.bidswitch.net
imasdk.googleapis.com
pagead2.googlesyndication.com
rt3027.infolinks.com
www.google.com
104.18.30.150
104.18.35.167
104.18.38.76
108.138.115.149
108.138.128.28
108.139.29.127
13.32.151.21
13.35.93.71
130.211.23.194
142.251.16.157
142.251.163.155
147.75.195.77
151.101.130.114
151.101.2.114
152.199.5.228
157.240.229.1
172.253.62.157
172.64.151.101
172.66.41.9
172.66.42.247
173.194.175.97
174.129.126.64
18.134.80.43
18.154.227.84
18.160.10.80
18.164.124.93
18.164.99.9
18.205.222.134
18.210.96.54
18.238.49.15
18.238.49.91
18.238.55.102
18.238.80.119
18.238.80.52
185.184.8.90
195.244.31.11
198.148.27.131
198.8.71.130
20.49.104.19
2001:4860:4802:34::181
207.65.37.179
209.85.144.101
209.85.144.155
216.200.232.249
216.239.34.181
23.221.240.246
23.52.9.13
23.55.205.215
23.9.159.188
2600:1408:5400:19::173e:e619
2600:1408:c400:9::17cd:6986
2600:1f18:1aca:4282:7f9d:427e:9ca6:5b95
2600:1f18:730:b110:cdff:49d9:20e2:24d0
2600:9000:20e2:9000:1b:ce45:6040:93a1
2600:9000:211c:de00:d:5ce3:a4c0:93a1
2600:9000:21dd:2a00:19:ee95:9600:93a1
2600:9000:21dd:d000:12:b587:d880:93a1
2600:9000:2209:7000:1:a3fa:7cc0:93a1
2600:9000:2209:7200:15:a2ae:35c0:93a1
2600:9000:23cb:6400:1c:2afd:fb00:93a1
2600:9000:2479:3200:1b:6b7c:c940:93a1
2600:9000:247b:3e00:8:48e:53c0:93a1
2600:9000:2501:ce00:b:b084:ebc0:93a1
2600:9000:2511:a600:b:b084:ebc0:93a1
2600:9000:2512:d200:e:f12b:c80:93a1
2600:9000:261f:5400:5:a6be:f9c0:93a1
2600:9000:261f:f000:1f:2473:9080:93a1
2600:9000:26c1:4000:6:4010:e280:93a1
2600:9000:26c1:4600:1:a3fa:7cc0:93a1
2600:9000:26fa:5400:1b:6b7d:2300:93a1
2602:803:c002:200::32
2606:4700:10::6816:3556
2606:4700:10::ac43:293c
2606:4700:20::681a:246
2606:4700:20::681a:932
2606:4700:20::ac43:45bf
2606:4700::6811:7912
2606:4700::6812:1791
2606:4700::6812:1f20
2607:f350:3:2569:0:10:0:200c
2607:f350:3:2569:0:10:0:d
2607:f8b0:400d:c02::5e
2607:f8b0:400d:c04::95
2607:f8b0:400d:c0b::61
2607:f8b0:400d:c0d::84
2607:f8b0:400d:c0e::5f
2607:f8b0:400d:c0e::64
2607:f8b0:400d:c0f::84
2607:f8b0:400d:c0f::9b
2620:100:a00b::4
2a03:2880:f003:100:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
2a04:4e42:200::626
2a04:4e42:400::626
3.162.103.73
3.162.125.30
3.222.206.48
3.225.218.10
3.225.72.197
3.230.62.22
3.231.77.198
34.107.165.188
34.107.254.252
34.111.113.62
34.117.77.79
34.193.77.136
34.199.95.167
34.206.91.202
34.225.45.248
34.248.170.187
34.36.216.150
34.95.69.49
34.98.64.218
35.190.59.101
35.211.178.172
35.241.9.51
35.244.154.8
35.244.193.51
37.19.207.34
52.17.165.159
52.205.167.202
52.223.22.214
52.223.40.198
52.45.43.30
52.46.155.104
52.5.0.17
52.73.249.18
52.85.131.58
52.90.184.229
52.94.231.7
54.157.99.80
54.197.190.99
54.86.2.203
63.251.28.231
67.202.105.24
68.67.160.186
69.173.146.5
69.173.154.9
74.119.117.6
74.125.192.148
8.28.7.81
8.28.7.83
02d7fe30f4ee8927fd443321989f80f5e6867a5d7ee47b90394f5b539015632c
0476e7ddf41b09b1729163a652456f88ee57d72ef49f41897b4d3b8c5cfd48ed
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05e77dab19940dd457e00282837faecc886434cc8cc5f631575a5e6c386de774
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08c49b44d7d93f860cbf32d3161044a15afe10f55e6d5ee7b7a6ade68a7d3a09
0a9c619069f1c087616cd7968061e07fb84a8581bf0db804a12f761acce82ab6
0b8330a87803dae67c96bbdc03b0bfc72f37eff34dd72bbe4bd0829897407cd1
0d8b03841765702006ffe3ba5f085de99f7c3c9c14961993adf59caa39075e86
0eafa55998d0d61f477653cb15168105c06763c74aaebe8ff7e55da98457f030
0f9f2b7abd847cbb4d71e7d6752dd3babe0e4d9ee7484d54895f16649e10b1fc
10b769db125b250bdbec1755cfb52c99fea004acab591b6e59b08b78a6d5d3e9
11ef079071a94b04e7cc8553580e7dc6e317a69271049189d430773e38402f94
16c97b6c26473d70b044e56a04aaa08a40cbf07d644e8bea637f41d3e4acbc7e
190452d2dc2b0a4003a01129838219bf46504ba4303d7e9e097a2d4dda65cbef
194eb999d56264c8f26af2eb08cc4c98580340e0baca419e5e268d22ac9e347f
19cb747c07726d01d5f745ee457d35ea54268c5d97c418a4cc7ca468c1a60e6b
1a8f3bcfb18640af36a25d18683762a2eed240e4173c629000c577987d4c16ea
1cc8530b559210c58000482599dc69939b32ebc5942e12007e4aacb48299fce9
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1e17a6dc8969cceb1eda479ad962804096e5fffe36d11afd16e5bea8606d0360
235391e07181afc87e39e1913e93c8e096938d8fb20412864e875c962a8b8b75
25e106a5f1c5d1a80bc895df64e131503ea560d57fa360b32277e01c7bacfe8c
2af10aeac0d5a954811b040322248d8ea9183d094cfd85af419f0ec9afefb8a3
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9
2c483137847048876305e1be8f1bf2b58daae7be986a37e3bc7c8ea955bd2d6f
2c6d13081750bfcfb93cb02b49b291d1055d5ec08d4e2e7ea8205b089c0ab390
2f8405195ca878bae465b73e5d375cc0bf135b8db2893e48a081115de519e457
310ec95e17507fe06109a54d3c96db6a6286b35d903d31d7691e12b8c46702bc
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3270662f6b1fead8a28fe62d1cd881fec495d6acb29bf4695490a145203a52b2
33bf41558b24231dfe07d3fbae63916cd253a33ef2e85fb79645071f3907870f
34a728ab4c4fd61585ca4d3d148533f13b6788ee5ce7e02cda845239cae48fb7
34e2d9f8df5271137f3cd95ace8ff8e0afd3fbadb43a2f98858f840fcf8249ee
355ed062ee95dabbc5ec6da25a77d578df031563a64c639aa0df171e62275f0b
36ca880a2b872e7097559793709a30ddcf2861851b4b1f6e0eca2aaed5e69ec3
37605b73e3f8c754340c086d05c5b2db0f5fbd1a66d19af0fc6f9cb27d8920c3
38e75c227eb3aa7bdf950f712e6b8fd16f24ea6fac31c48ecf4a0d338d3a2ba4
3a3c7af129666b6ad90013dc7da1ea8857454306d9c35120816a44a838750dc3
3afc6e6ea738015fcbae182b646af4f9422061fb8ba9a12c81cf2c21cbeecfb3
40184d782003909aa908a44ccc7e73c013d9224849373a277e12b087a3944cba
417e4656c1f16fcbeb4f3c64712cc142124bf2f1f617ba7a8c9c812df0aa5df6
41e08f9d9fbbcde37eedbba3e8254585d117f4578551a09eb681ed6a91cd7989
42a2d7f8e26230c174e2161cafd897abd697f48e1b2782c865cb32b8cf78f4f9
435b1ece4a55f4f8d06866b32c1aee3cc4661eb905265894795f15a57bf1b33d
499b708e755e7feaca4e6f8cf03138c6785d90fd8bc3340e2ab023c8fb690164
49d6042db392c2587273c4f7ba9b2bd47767f982ed9ac49b22222df081cbf055
4c1d72b7278fa6856b19e8b04c3bed88ca313ca448fcff75f9f701f200986a66
4ce8d1cf58dbf59700122c3e1b7ba6e35375e86c6698cef08b3ae16dab478a3e
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
50e321177e731d71f77530cc2f3457ce628e36f4a5b4fd22da4f7f9cadd74237
526d5e2177e2983c46260b324888319eca0321c2c7c6fa2f741049e0b82d074b
53c8c0a9dc4a7ac59b808b821af9f6648578256b1a170b9f195629a8f2100c7e
5427e10c23520fbca480e8750c7e03dc2858eee594081879ea72a559bbd9fa81
5461b1d41e5f2c9c21787567406a5f7ae036429cf897ce0ea1deadd88d85ac99
57d831a0329a6484b36f24355c95bbc4fcd8894f8fbe79d2b455997cc01d329e
58bbcc2692dc655f38caf71fa557de27cd47ec0148dc7bba2205c175ed7bfe94
59f7659a7cd0191598c55aa1dd2fa4e2aee514e90b0b23ba196320b53b90d0a1
5a290261156b126873e0343873f0efc7758bf06d128d1060a953ea1451011a61
5c04716ed614f5d4254be76fed11b14ade4cf94a936b11a25bb756c14b50c75d
5ecf9a625ab4e06d3fc2636a6a4be4792494000519122162f69d81ecc48b3961
5f031a666ebc2f33c4bea0995a53a57a8689037e75d71953f4813cce65f15a6c
60ba587021922d691624730f1d9faa7974c7e4f4f9cfc7a33a354d334bed2926
61abfc5de5a0c0f86a2fcf857118cb9c9f5ab4feb35881b5d4e57fd3115c8122
6243c43f81a5f45b6c9de57f1f4e4e17f2765348726d8d9835ea7226d0c36f09
66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507
66e9bf446316f6eec5eaefa7098592bbd2144a60eb38c481db233a6ca8b8d94a
6b7fa434f92a8b80aab02d9bf1a12e49ffcae424e4013a1c4f68b67e3d2bbcd0
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bb4a1fe808501538539c64ace6de2d6fddcb6a5d6aac5bd14f653ccd5a43c14
6bd6db6f127ab3a3eef137bf658ec38601d198d40e1e8c2e5096695e76be2b73
6e0fa0cda115ff61fdefdde945e16703b97710c99567a4a7e9da44d4207e148b
6fece802a06166bb5e303ec7c5db1a3b202117dcc50f793ecf0533d84351de80
70503c92bcbb8105d95ec4de2012f23098c3383586e95323e4b3384b56af4beb
70e399190484d543b22988906fe79388c338b959205ba6034be3f2b77a6aa8fd
7424aa4394f94cbe1c3fd292f451890ac599d35ac8c63945ea802e02173505e6
743eeeb5a70c2aa157091852dc451fcf61b09e4e5819be575e4f3e8985f33065
7440fd1f5f27f173cbd583c5815a81906118886e771450c405fe7497d49bc472
74e3fc0669f14262e5e32ee0cc0b9ff8b6cc655a1ec827cb1e6efcf28d9cafd4
74e8b86216b20fe385a2f2ac89131510db9e9b604730c5d886b8f610ff13a53a
771850557d5df12ee1886358a2319cd12d2acfb03a11198df427817da7eee2d2
78cf63050aab5064c8477ff0371ce5a9ca4723f60fcc7661227d9e51a56d22df
7ab786ee46014f1dc1344d3a683ec5eff4ad045b14b7ef2c137fa59988bff4e2
7adedc362a799da2168fec3a6b8ee1d705edbcbebb4d2fbf456af1f575a2ecae
7b0556ee4836bedc71ab34916e58d41b6422875d378d2490f98dde15fba0d595
7b81815362ab845bed0ce2a4f884d1bbf64098022fee123f10968de5169d51d5
7bd1589f452fb979ca876d514c0560ce0504047e6845b3fb70316104e3cde439
7c498397aa84d61b57d5596d59dedf2f74d135c85b512adef492daf87e58e786
7cfbfb45f9a9caff789687b5ab5d6a1913e60b546b8d5b875f7a56c3824a7338
80302c9b10d5bb4a0db8d810c9fefdbbf4aaed8763eec224535ac25fafd770b3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84b2a8c2c5bde5b690dc44c9d525edc8113d18cd7bf516ad8fa93c782c02a443
84e5aa85594b35c4b60787f4a97e2e1eb369dacbe23d8154f61f60bb0343d465
8608768cfe802423add0ddcf87e0116f4d2d7bdda7804f77b7a14a35b0d7aea8
87053da4324f73f1254f505e432b68e7d263b38c6b0d7a94676e177fe3dbd16f
8915d65325b84a23c52d8304389afb87cbfbf0c62aa9e5abb3680640a3befe2b
89853af5b5821e5f1e73013d54934372728a19bba75d7bd5c42c0829d0c3cbaa
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335
8b5282bb31b99ae57490af721c0b3930782311ed47a00cb16074a01a973aa6fa
8b76f18f3b53e80550678b79794d98c3898fb17913062cb82f37228ee4786bee
8cb6edfe3d8d51b14a83779aeb87cd86e380fa86f8aeb0b4a11190e74283d07f
8d2d8703d68b0de752d257a7f719c25eabad5a7789dfa9292aec244e70325ea6
8db87868b4bd2378a58f4c9e9eaddefdb265d238a6c50cce918fa8a2dab49293
8dff0c506e841f478486ff17d667dea9326c51feef5ec1ce19fa43fa7b17c20d
8f60c8e46ff2161132091c8bdaf0628c161918a67a1d65854c21bc6bdff7eb91
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8f83e23bd32ec4c0f5d59ffcb447c6d171f8c3ac319a101fe098d6092f2f5f49
9045d220fc9659f87c2cf03369ad0df670513b1872d6682432afbdfab7acb280
924e5cdd56019f10cefe4b4a8b8f6ca2295efdde1f670ebf02a1001f063d6e7f
938866a09049f4313c172ad4a1e9d7d7af5a86e375b2ed02838de495109774f0
96b4878df8e1604830e9201e0de0bbdcf234c21b22e81c85f935ec1f7aeeee8c
97675c501a2d7b36ab30e742a371c4b7e043de77d2b72fb7b2dc983e433a4cbc
99781410070a5dd4d753fdb8a46f4272082b5be64541dcfcb1b2d3c4aea09c6c
9af85f31381f718dec61afdb8292c8e9b473cf2236d005566b692c98a57fe639
9db508eae3aaa6935f67c16a997c3025a72f6d6da35150e91ae4b40056274421
9ef9e8c03f203e12b05a9fa4eeef7f755806838a557fb5321cf7989dcde0b9f2
9f4c0014a4f36c11302077dc073ef529031ce3eebc04c0ca9bc1d7ea0ed95eca
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a13b3fafcf606b88e429d2f6437f6c3781a31ff880a5066ba3748f8a9e233ff5
a2bdd8cb01353d4ed2a9ab4c7d7c263225f6908aa875614d015a2f39956d9d73
a3d75a7384786eebcf308b73a246c5968160a1ee0e3be87f45a260a6ee470062
a3e7f2a5272104940ef3a43cfa6912b72d4c390a39b639788ab9986e35423a9b
a5a0b474cdff8269f1e25cc024706a881e258c87908f9a15fd0b9f62fc27d26e
aa4b94fa80e280aca72d20b655035008e91e0a64db808553f82746ed2c437219
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac42cf20760d5b0f71be7a0391c76020002aa1dcfc75bae782360bf2761db29f
af4904dfba625213c0e0b59a0203184072811fc9179ef21ec36e172de5261a54
b0dd05c41cc99b7c1d6bfd0782560a710875295bfc112c42b11d3e17c4b0b208
b0e7bdcb46ea789052bd4bc094f6b6f5829ea6821db0109ecb0b30cc115875d9
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2afc2c1faf59499c12b6a353d1e641eed775513414bd987d30613882bdba200
b4653de23d545d898995540379c13af6c67d257741e2dd632bde971462104112
b5c2fedc2c334db8d5741ba5e0223149c8c399120df49cdf83df9fb23e7dc071
b80d4438d584e151205637babaa8844efa1bb34e509041251f5fa1a3952ebaf0
b8f0ca68362cf245f891fc09ddfa50806d195e78e196cf96ac5d9cf72be2577a
b9340c244415ad1e60ca4b33bdc796cf120318cf8435d829920849d7d2a950ac
b93b0dc9163049501a9b8cbe46ad7718152dd7983c5431f2fbccadfed7b28058
b94047a885ec91143818ebb76251e206a303a492429f67defc1c2e46c10c41c9
bb9455ed1c60692f1b1852805bf3225557b2a1db531843ce4434e710230e200b
bbd217605911cc0bebff1b15f7ac0386666e262e76f0ab47f90586c21c2fec26
bc5c66d8ce81c568a102a794e09d7899dd322513e6c886ff16bda027e96a9d0b
bc80560049de257d25860fb2bedefb26156de677e0c3c6e6faeb6570192bed24
be5f1e4652adca75be58c899628da63a9c080eb32eec72a872b85d49577be768
bf502caa9f11dae06e8b99a87e26a61cebeef612a8cbc679f14f1177b7ddc463
c0a177730664a02710981330dacbe32e843153f32945016aa1e7b377ed4f9819
c0ba6f628d77979b587f1466188ebd4e251d2829adaf1642c0e261e9da5a0911
c1249bd6073a4d074ea27bcf7c527bea2fa3d7b8510847914ca3875dfbcb29f5
c3236e846411a9b946b91f7ba04d4625b9d2946c11de3976940b849f2b0fd964
c54e64c138c879df18329f8aaf8d7e0b02fe28492ca1014ac3bc6bfeb4ce7f5a
c5f5f57f61b31f64abb3f93517fb7b42f56ff715e6c0ceed7428375eea787c8b
c9b247eda2ed9c6f0517da1d7edf7482405dc939074cf6d78975892b1f93dcf3
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca6ad8d8dd612f359654595c5f0c241daec0459525fb51932a5896cbd028dda2
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc3a41863d92b22799ff23c52e2173e80b13ebc75b9144151ea105cd52b59de5
ccbe4077d860a9ec0e19f0497ac298d734869158093b87d6541e551653663180
cccaedb13f2aa38970538b043bfd16b0fa24e6a6a386833059595fd0a408e105
cce19dc96fc6b61981e1699997b813cc5744590140e3f4beda7d410af0571550
cd1f831f13f9c3a5cb508ec69a5d1164b2d14451a8cf174c4c40a2ff390e8140
cf2bbdcc78bcb6afbb8fa7d45864a41c497d38c46ef57e3400546bf826f53a5d
cf45d26e12518ff1b515e4d6875d13ed9b8c12b841816fa8e691d1a0b994ab07
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d022b9e5554fff3313f9f6b3e4aac94183daa7943183f529392334d59b01b9d0
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d14379b16e5181052f1c02642e259c4b7f4932a4970936e022ddabd58a6a6d9d
d332e08a2355ddb8fa70634fbf1751b9c952fc92b55fd96a4e7db3b9a27d0b06
d4191259e90b27d0d1f1bd056ea23512273574f38d357bc7fa8f7e7d7f200ceb
d4fa79afcf5a5cc5a0f12dedaf825f11530e6397d723fe7044cd37ba3c248e57
d56fdf57f25e8a4c79b0c9bc9a959ee1e77aa7569729e97cc53fa50348a12b72
d69f868aa01ca2a02f54448fea330366c9aa87aa80660a3b5a64f231128d13fb
d707a8faf4af3138081365716b1852e959262f8e80b307e7337f1087688b8583
d7bb013f7be157b07cb16bb4425396ea3bf167a8cc103c8492051f9cd48a269f
d81ecdfd770abb03106fc5106e92380e2ee6dc602ffdd25f3d6e2e622fdf5a10
d899943fc4a3f5663866acbd5fff2e1b4b40fa9e2570907837bf6420b5b3b4ad
d937c02b1de25e9efce6ce297994e1003a4d345c24bf1effe88efd6dcc130ccc
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9a077e8f0876baecde403d10d2a8797d588fc31d7bc1397b7400b5b19d16b08
dab16854c6bced29f94385160851d692d465e805f667b1feda6010a192cd71a0
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de31de3e62162cf316c90ce40ebcfd66e7c736d5c5673c1dd34e5ce188edcfac
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e134482fbae6a9c1bf3c384bdad5838a29d0c82c803ff79f8fa9208a40565e69
e25daaa77ec57b7c7cbf10265b1f0e2876919ef9f5cb66dc225ae1324c624e71
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47fc13411b2e45a4c572e1c210eaffbe4c4287d6f5728ffb69ab93fe3d972db
e4a3244265d56628662429fe1217ba4b1f5692a87831c9e68e09abf5bf45a6a1
e4abbc3005af062b731c906bfec2b31b765579ca4d8c6d23d0a72f2434a3495b
e53d53b45ba79b86c31054a9e29da8052d34b85257edf2aa4307a02551d6f5cb
e540b8efca2df42fe182279b7e1495af9cda40d1eef3189017a6f09d25b381fc
e5cb95ff379f230c85c99082a695af99206bc588010f849d06263da77778087a
e7ccfe7f8055d753aad32de3cc52f5c356eea5be1b07ef9ae1141e5525c862d2
e9b3aa672d536755b6c6879384ed8303c6c6548a4c6d082c581b0f6bfef4da2b
eaba478b7e74d2b774aa89d04725935608b2273516d701df4176c8cefa566ef4
ec516dc31a72ec6f2d2e01d6a4e5e38d0aa7e6d4e687deaec53e772089a022cf
ecb6d31ea3fde8d4409f0b5e0460b1f03fe509e2335c0b393afc4cab1bfa66ba
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed45bc78331db47c765e5894d92cfe69fd02d5c8cc6d8eaca73dd6e155dc0c0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
f3b17f9af560b005fba3b568590792d952f2bd4a9e5cfe0357b0ecdd545ca16c
f44515cfbac90b44dd220432d91b6643e03089eb0c6c66cc9f647fae287a0a50
f60bdb24790ab913d70825c0219bfd407a988a304a276a3ef1f1795cb8d7a475
f65329a3db68a68c542fe17485430268a4f86882c6e579344e42a862d43ef2b8
f675d9886939cdfa47a9fbe4bd16bcb2e212e0c95a5d45e7baf95baad29f07bf
f7944bfabacd3e4ae698bd8f2772daf46cb096ca3d880105fdac67bd036b547c
f7a04676040d7682bac7de21871e0543c36192dedcbf74fa758b52a1df58d8fc
fb1399bd43ca56c326ef906985a8d86c601190a2ca38136f94a580b9f90c23f8
fb6ab1073cde3166b6000e29997f96d96645c9cba747ba4058dfd6bdd3de5600
fe5ebadb2eeaf7d27fc217f0dadfa65ca152ae7f244c6f4d835e579d7481bc01
fed93bf3cfa87a3914de4297f1136668391d444874f2086713abf980ce0bde61