www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Submission: On June 11 via api (June 11th 2019, 8:26:05 pm UTC) from CL

Summary HTTP 263 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 56 IPs in 7 countries across 47 domains to perform 263 HTTP transactions. The main IP is 104.20.59.209, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.bleepingcomputer.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 12th 2018. Valid for: 2 years.

This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.20.59.209 104.20.59.209	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
6	2a00:1450:400... 2a00:1450:4001:817::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
31	104.24.1.61 104.24.1.61	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	2a04:4e42::645 2a04:4e42::645	54113 (FASTLY) (FASTLY - Fastly)
1	2a00:1450:400... 2a00:1450:4001:825::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
5 8	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
5	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
4	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	2606:4700:20:... 2606:4700:20::6819:c072	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
10	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:20b... 2600:9000:20bb:6400:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81e::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
6	2a00:1450:400... 2a00:1450:4001:818::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
8	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE - Google LLC)
1	13.35.253.108 13.35.253.108	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2600:9000:20b... 2600:9000:20bb:ee00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
9	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE - Google LLC)
2	13.35.253.52 13.35.253.52	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	13.35.253.67 13.35.253.67	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	23.227.137.178 23.227.137.178	55081 (24SHELLS) (24SHELLS - 24 SHELLS)
3	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:204... 2600:9000:2043:2a00:1:af78:4c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.35.253.19 13.35.253.19	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a03:2880:f01... 2a03:2880:f01c:20e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	2a05:f500:10:... 2a05:f500:10:101::b93f:9101	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
2	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY - Fastly)
1	50.19.38.129 50.19.38.129	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	91.228.74.147 91.228.74.147	27281 (QUANTCAST) (QUANTCAST - Quantcast Corporation)
2	23.58.216.132 23.58.216.132	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1 3	23.38.19.203 23.38.19.203	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	104.111.215.236 104.111.215.236	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	52.19.153.98 52.19.153.98	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
21	2a00:1450:400... 2a00:1450:4001:81f::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
15	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	172.217.21.198 172.217.21.198	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:20b... 2600:9000:20bb:9000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	2a00:1450:400... 2a00:1450:4001:81d::2014	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a02:fa8:8806... 2a02:fa8:8806:16::1460	41041 (VCLK-EU-) (VCLK-EU-)
1	185.33.223.215 185.33.223.215	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
15	99.80.164.175 99.80.164.175	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	2606:4700:10:... 2606:4700:10::6814:8428	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	3.82.30.32 3.82.30.32	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	35.202.179.74 35.202.179.74	15169 (GOOGLE) (GOOGLE - Google LLC)
4	208.100.17.190 208.100.17.190	32748 (STEADFAST) (STEADFAST - Steadfast)
1	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2 4	173.241.240.143 173.241.240.143	36089 (OPENX-AS1) (OPENX-AS1 - OPENX TECHNOLOGIES)
1	104.17.119.107 104.17.119.107	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2606:4700::68... 2606:4700::6812:1aef	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	104.17.120.107 104.17.120.107	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	52.216.107.62 52.216.107.62	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
263	56

1 104.20.59.209 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.bleepingcomputer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:817::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 104.24.1.61 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.bleepstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42::645 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)

cdn.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdns.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ck.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:817::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

s9.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::6819:c072 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20bb:6400:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:818::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.226.36.58 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 58.36.226.35.bc.googleusercontent.com

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.108 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-108.fra6.r.cloudfront.net

freestar-io.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20bb:ee00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

static.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.18.98 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: zrh04s05-in-f98.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.35.253.52 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-52.fra6.r.cloudfront.net

audit.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.35.253.67 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-67.fra6.r.cloudfront.net

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.227.137.178 (Piscataway, United States)

ASN55081 (24SHELLS - 24 SHELLS, US)

s.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.188.71.214 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2043:2a00:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

vendorlist.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.19 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-19.fra6.r.cloudfront.net

api.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:20e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9101 (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.140 (United States)

ASN54113 (FASTLY - Fastly, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.19.38.129 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-50-19-38-129.compute-1.amazonaws.com

cluster-na.cdnjquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.147 (United Kingdom)

ASN27281 (QUANTCAST - Quantcast Corporation, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.58.216.132 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-58-216-132.deploy.static.akamaitechnologies.com

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.38.19.203 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-38-19-203.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.236 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-215-236.deploy.static.akamaitechnologies.com

s.ntv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.153.98 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-19-153-98.eu-west-1.compute.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:216:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:81f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.21.198 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s12-in-f198.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20bb:9000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81d::2014 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

amp-error-reporting.appspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:16::1460 (Sweden)

ASN41041 (VCLK-EU-, SE)

web.hb.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.223.215 (Netherlands)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 315.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 99.80.164.175 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::6814:8428 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

i.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.82.30.32 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-82-30-32.compute-1.amazonaws.com

display.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.202.179.74 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 74.179.202.35.bc.googleusercontent.com

ssp.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 208.100.17.190 (Chicago, United States)

ASN32748 (STEADFAST - Steadfast, US)
PTR: ip190.208-100-17.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.230.142 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 173.241.240.143 (Amsterdam, Netherlands) 2 redirects

ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US)
PTR: ox-173-241-240-143.xa.dc.openx.org

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.119.107 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

biddr.brealtime.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1aef (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.120.107 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

edba.brealtime.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.107.62 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	bleepstatic.com www.bleepstatic.com	851 KB
21	ampproject.org cdn.ampproject.org	541 KB
20	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com Failed	275 KB
17	doubleclick.net 1 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net ad.doubleclick.net	119 KB
15	gumgum.com g2.gumgum.com	7 KB
14	pub.network a.pub.network c.pub.network d.pub.network ssp.pub.network	217 KB
10	gstatic.com fonts.gstatic.com	109 KB
10	google.com 5 redirects www.google.com cse.google.com adservice.google.com	2 KB
7	consensu.org quantcast.mgr.consensu.org static.quantcast.mgr.consensu.org audit.quantcast.mgr.consensu.org vendorlist.consensu.org api.quantcast.mgr.consensu.org	107 KB
6	googleapis.com fonts.googleapis.com	4 KB
5	facebook.com graph.facebook.com www.facebook.com	1 KB
4	tynt.com de.tynt.com
4	connectad.io i.connectad.io cdn.connectad.io	1 KB
4	openx.net freestar-d.openx.net Failed u.openx.net	580 B
4	appspot.com amp-error-reporting.appspot.com	256 B
3	facebook.net connect.facebook.net	78 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
3	googletagservices.com www.googletagservices.com	66 KB
3	addthis.com s9.addthis.com s7.addthis.com	185 KB
3	connatix.com cdn.connatix.com cdns.connatix.com ck.connatix.com core.connatix.com Failed	185 KB
2	brealtime.com 1 redirects biddr.brealtime.com edba.brealtime.com	504 B
2	districtm.io dmx.districtm.io Failed cdn.districtm.io
2	dotomi.com web.hb.ad.cpe.dotomi.com	1 KB
2	media.net hbx.media.net	7 KB
2	reddit.com www.reddit.com	931 B
2	linkedin.com www.linkedin.com
2	ad-delivery.net ad-delivery.net	1 KB
2	google-analytics.com www.google-analytics.com	17 KB
1	amazonaws.com s3.amazonaws.com	397 B
1	rubiconproject.com fastlane.rubiconproject.com Failed eus.rubiconproject.com
1	bfmio.com display.bfmio.com sync.bfmio.com Failed	570 B
1	adnxs.com ib.adnxs.com acdn.adnxs.com Failed	1 KB
1	quantcount.com rules.quantcount.com	1 KB
1	postrelease.com jadserve.postrelease.com	505 B
1	ntv.io s.ntv.io	78 KB
1	quantserve.com secure.quantserve.com	6 KB
1	cdnjquery.com cluster-na.cdnjquery.com	379 B
1	adtelligent.com s.adtelligent.com
1	addthisedge.com v1.addthisedge.com	924 B
1	videoplayerhub.com freestar-io.videoplayerhub.com	15 KB
1	google.de adservice.google.de	171 B
1	googletagmanager.com www.googletagmanager.com	25 KB
1	bleepingcomputer.com www.bleepingcomputer.com	15 KB
0	33across.com Failed ssc.33across.com Failed
0	emxdgt.com Failed hb.emxdgt.com Failed
0	3lift.com Failed tlx.3lift.com Failed ib.3lift.com Failed
0	sharethrough.com Failed btlr.sharethrough.com Failed
263	47

	Domain	Requested by
31	www.bleepstatic.com	www.bleepingcomputer.com cdn.connatix.com www.bleepstatic.com pagead2.googlesyndication.com www.googletagservices.com
21	cdn.ampproject.org	securepubads.g.doubleclick.net
15	g2.gumgum.com	a.pub.network
15	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.bleepingcomputer.com
10	fonts.gstatic.com	www.bleepingcomputer.com a.pub.network
9	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.bleepingcomputer.com
8	c.pub.network	a.pub.network
8	www.google.com	5 redirects www.bleepingcomputer.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.bleepingcomputer.com
6	fonts.googleapis.com	www.bleepingcomputer.com securepubads.g.doubleclick.net
5	pagead2.googlesyndication.com	www.bleepingcomputer.com pagead2.googlesyndication.com
4	u.openx.net	2 redirects a.pub.network
4	de.tynt.com	a.pub.network
4	amp-error-reporting.appspot.com	cdn.ampproject.org
3	www.facebook.com	www.bleepingcomputer.com connect.facebook.net
3	connect.facebook.net	a.pub.network connect.facebook.net
3	sb.scorecardresearch.com	1 redirects a.pub.network www.bleepingcomputer.com
3	d.pub.network	a.pub.network
3	www.googletagservices.com	a.pub.network pagead2.googlesyndication.com securepubads.g.doubleclick.net
2	cdn.districtm.io	a.pub.network
2	cdn.connectad.io	a.pub.network
2	i.connectad.io	a.pub.network
2	web.hb.ad.cpe.dotomi.com	a.pub.network
2	ad.doubleclick.net	1 redirects www.bleepingcomputer.com
2	hbx.media.net	a.pub.network hbx.media.net
2	www.reddit.com	s9.addthis.com
2	www.linkedin.com	s9.addthis.com
2	graph.facebook.com	s9.addthis.com
2	s7.addthis.com	s9.addthis.com
2	ad-delivery.net	freestar-io.videoplayerhub.com www.bleepingcomputer.com
2	audit.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org static.quantcast.mgr.consensu.org
2	static.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
2	www.google-analytics.com	www.googletagmanager.com www.bleepingcomputer.com
2	a.pub.network	www.bleepingcomputer.com a.pub.network
1	s3.amazonaws.com	www.bleepingcomputer.com
1	edba.brealtime.com	1 redirects
1	biddr.brealtime.com	a.pub.network
1	eus.rubiconproject.com	a.pub.network
1	ssp.pub.network	a.pub.network
1	display.bfmio.com	a.pub.network
1	ib.adnxs.com	a.pub.network
1	rules.quantcount.com	secure.quantserve.com
1	jadserve.postrelease.com	s.ntv.io
1	s.ntv.io	a.pub.network
1	secure.quantserve.com	a.pub.network
1	cluster-na.cdnjquery.com	freestar-io.videoplayerhub.com
1	api.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	vendorlist.consensu.org	quantcast.mgr.consensu.org
1	s.adtelligent.com	a.pub.network
1	v1.addthisedge.com	s9.addthis.com
1	ck.connatix.com	cdns.connatix.com
1	freestar-io.videoplayerhub.com	a.pub.network
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	quantcast.mgr.consensu.org	www.bleepstatic.com
1	cdns.connatix.com	cdn.connatix.com
1	s9.addthis.com	www.bleepingcomputer.com
1	cse.google.com	www.bleepingcomputer.com
1	www.googletagmanager.com	www.bleepingcomputer.com
1	cdn.connatix.com	www.bleepingcomputer.com
1	www.bleepingcomputer.com
0	acdn.adnxs.com Failed	a.pub.network
0	ib.3lift.com Failed	a.pub.network
0	sync.bfmio.com Failed	a.pub.network
0	ssc.33across.com Failed	a.pub.network
0	fastlane.rubiconproject.com Failed	a.pub.network
0	hb.emxdgt.com Failed	a.pub.network
0	tlx.3lift.com Failed	a.pub.network
0	freestar-d.openx.net Failed	a.pub.network
0	btlr.sharethrough.com Failed	a.pub.network
0	dmx.districtm.io Failed	a.pub.network
0	core.connatix.com Failed	cdns.connatix.com
263	72

This site contains links to these domains. Also see Links.

Domain
www.quantcast.com
www.facebook.com
twitter.com
plus.google.com
www.youtube.com
deals.bleepingcomputer.com
www.virustotal.com
www.blockchain.com

Subject Issuer	Validity	Valid
bleepingcomputer.com COMODO RSA Domain Validation Secure Server CA	`2018-05-12` - `2020-05-17`	2 years	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-05-21` - `2019-08-13`	3 months	crt.sh
ssl391376.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-06-07` - `2019-12-14`	6 months	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2018-08-20` - `2019-10-19`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-05-21` - `2019-08-13`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2019-05-21` - `2019-08-13`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-05-21` - `2019-08-13`	3 months	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-06-06` - `2020-09-04`	a year	crt.sh
ssl376957.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-05-20` - `2019-11-26`	6 months	crt.sh
quantcast.mgr.consensu.org Amazon	`2019-05-06` - `2020-06-06`	a year	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2019-02-09` - `2020-05-16`	a year	crt.sh
*.videoplayerhub.com Amazon	`2018-08-01` - `2019-09-01`	a year	crt.sh
ad-delivery.net Amazon	`2019-03-07` - `2020-04-07`	a year	crt.sh
s.adtelligent.com Let's Encrypt Authority X3	`2019-05-19` - `2019-08-17`	3 months	crt.sh
vendorlist.consensu.org Amazon	`2019-03-06` - `2020-04-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-04-22` - `2019-07-21`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2018-05-30` - `2020-09-01`	2 years	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2018-08-17` - `2020-09-02`	2 years	crt.sh
*.assetbucket.net Amazon	`2018-09-26` - `2019-10-26`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2018-10-16` - `2019-10-21`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2018-12-30` - `2020-03-30`	a year	crt.sh
*.scorecardresearch.com COMODO RSA Organization Validation Secure Server CA	`2018-11-28` - `2019-12-26`	a year	crt.sh
*.ntv.io DigiCert SHA2 Secure Server CA	`2018-06-12` - `2019-12-11`	a year	crt.sh
*.postrelease.com Amazon	`2019-05-15` - `2020-06-15`	a year	crt.sh
misc-sni.google.com Google Internet Authority G3	`2019-05-21` - `2019-08-13`	3 months	crt.sh
tpc.googlesyndication.com Google Internet Authority G3	`2019-05-21` - `2019-08-13`	3 months	crt.sh
www.google.com Google Internet Authority G3	`2019-05-21` - `2019-08-13`	3 months	crt.sh
*.doubleclick.net Google Internet Authority G3	`2019-05-21` - `2019-08-13`	3 months	crt.sh
*.appspot.com Google Internet Authority G3	`2019-05-21` - `2019-08-13`	3 months	crt.sh
ad.cpe.dotomi.com GlobalSign Organization Validation CA - SHA256 - G2	`2018-05-25` - `2020-05-25`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.gumgum.com Amazon	`2018-08-28` - `2019-09-28`	a year	crt.sh
connectad.io CloudFlare Inc ECC CA-2	`2018-08-18` - `2019-08-18`	a year	crt.sh
*.bfmio.com Amazon	`2018-07-17` - `2019-08-17`	a year	crt.sh
*.tynt.com COMODO RSA Domain Validation Secure Server CA	`2014-10-14` - `2019-10-13`	5 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-02-13` - `2021-02-17`	2 years	crt.sh
*.openx.net DigiCert ECC Secure Server CA	`2019-02-08` - `2020-05-12`	a year	crt.sh
*.brealtime.com Go Daddy Secure Certificate Authority - G2	`2017-03-22` - `2020-03-22`	3 years	crt.sh
districtm.io CloudFlare Inc ECC CA-2	`2019-03-26` - `2020-03-26`	a year	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2018-12-03` - `2019-10-25`	a year	crt.sh

This page contains 33 frames:

Primary Page: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Frame ID: 2432F729088D2D3ED07E2AD3E4A5FCCC
Requests: 175 HTTP requests in this frame

Frame: https://cdns.connatix.com/p/1510/min/connatix.renderer.infeed.min_dc.js
Frame ID: A4F5462CBAA61F92C395D2ADB7F6D54A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20190605/r20190131/show_ads_impl.js
Frame ID: C9C5CED1CF5865D14461D961D341244E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20190605/r20190131/zrt_lookup.html
Frame ID: 82AB5C77503D9CAD9D928C86A2B29EF1
Requests: 1 HTTP requests in this frame

Frame: https://static.quantcast.mgr.consensu.org/v18/cmp-3pc-check.html
Frame ID: D534FAAC95B0EE41C73135D8A6E9FA6F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&h=500&slotname=4359266829&adk=3764243768&adf=155314479&w=834&cr_col=4&cr_row=2&fwrn=2&lmt=1559753876&rafmt=9&guci=1.2.0.0.2.2.0.0&format=834x500&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&dt=1560284730779&bpp=62&bdt=590&fdt=510&idt=510&shv=r20190605&cbv=r20190131&saldr=aa&abxe=1&correlator=416186497317&frm=20&pv=2&ga_vid=424828401.1560284731&ga_sid=1560284731&ga_hid=1298611584&ga_fc=0&iag=0&icsg=687197396992&dssz=41&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=208&ady=10918&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C21062810&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=144&bc=31&osw_key=3733268371&ifi=1&uci=1.yty7nv3rn6zp&fsb=1&xpc=XT6UxnUyB5&p=https%3A//www.bleepingcomputer.com&dtd=565
Frame ID: 5E3A63D2EAC6DFB8F28EE83B9FC9C54A
Requests: 1 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=410295
Frame ID: 96A6485B9A301E4A21D04767B56ADC30
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js
Frame ID: 53F47080C72C15F8F41058B22179682D
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-33/html/container.html
Frame ID: 592C04311E280EDE95571A589A406BC8
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-33/html/container.html
Frame ID: 164991E19734978D274A244650B331C4
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js
Frame ID: 3ECD2BF3826D375F896B9E734871AA2B
Requests: 18 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvqX3r_TuHp_zzGvctypQ5PCKDs0jNOQkLAVIwlwUN7Bzm5ASQz2Lc26EZcjoGPZ6JxlLrZe72hIuBb-ZQNmL4ciMf-BP9d1CKjLbiitxcY51BjyvyJLhwTgUl5jsr6pULHu869ja1lXa_MkwC_FSsNX56ucWpERul8pVNdzgf2vcMPB114FA2hfZXNWEcC3_tOhv0WOpl1gxxO96PrUpD6-5YMOeUaK4CnUvK8rN3_IOyal2lXrZ15gFH_Mvp1zxjsCFgpg6N-zI9vQvkJTqo_0PQy&sig=Cg0ArKJSzN3psmsuGXHcEAE&urlfix=1&adurl=
Frame ID: 4D6F63EE3829CE2B62FB17930B8727B0
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js
Frame ID: 8EED62140C972FEFB7BF1750D03AB45C
Requests: 14 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 72DAEA9FB46A82199F9820B7C2C4315E
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js
Frame ID: 602A39EB1FAA49420069E09E7192E676
Requests: 15 HTTP requests in this frame

Frame: https://hbx.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C10000&https=1&gdpr=1&gdprconsent=2
Frame ID: 2EEB3A9DC1520619AF52F7FF3E74A63C
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=bBb-SI6fGr6iocaKkv7mNO
Frame ID: 3F6C8EE6783BA2B1192349D1962E7EB3
Requests: 1 HTTP requests in this frame

Frame: https://sync.bfmio.com/sync_iframe?ifg=1&id=92fd6b68-fe21-44c5-bce8-6f519808339c&gdpr=0&gc=&gce=1
Frame ID: DC2A3C71E32884FF986442CE25246279
Requests: 1 HTTP requests in this frame

Frame: https://sync.bfmio.com/sync_iframe?ifpl=5&ifg=1&id=Freestar+-+Header+Bidding+-+Display&gdpr=0&gc=&gce=1&cb=1560284740750
Frame ID: 88B1391A7E6565DBD4BF6AD708996E1B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: 40A4C9A722D3803F75746BADE2DF2BB7
Requests: 1 HTTP requests in this frame

Frame: https://ib.3lift.com/sync
Frame ID: D2FBF9FFE0169C03D3213E83AF9EA665
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=ddRMkSZxSr6lrlaKkv7mNO
Frame ID: 40AFABB7B91D1F59BC02B98C627BF842
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=ddRMkSZxSr6lrlaKkv7mNO
Frame ID: 2819E654E80F48B7473F53B486C33AF9
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 929DDA2F903CC172C0A3E3C244770FE7
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?cc=1
Frame ID: A206C955CC6876BD1BB1862223CF42FC
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 26BDE31A02E5315AE40DFF7984763198
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: F4A9AA3F7F74A351EE1E7FFD591342FB
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: D5547A480F337670390593821A8C0363
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: 608F7A9BFF06F39207889139A0DDCD5B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 6B5EB8302A0FBB4A28172245B9566322
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=bBb-SI6fGr6iocaKkv7mNO
Frame ID: 9FAA97D5151FA5B655F2BE953BBB35A6
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 5F2ED456BF050DFCB226CCF09D9D6F45
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?cc=1
Frame ID: 5B8F6DB70FD00C58099E3F24CA38AE07
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

env /pbjs/i

AddThis (Widgets) Expand

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i
env /^google_ad_/i
env /^__google_ad_/i
env /^Goog_AdSense_/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^googletag$/i
env /^google_tag_manager$/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^quantserve$/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
env /^_?COMSCORE$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

263
Requests

79 %
HTTPS

48 %
IPv6

47
Domains

72
Subdomains

56
IPs

7
Countries

2921 kB
Transfer

7769 kB
Size

0
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.quantcast.com/gdpr/consent-management-solution/?utm_source=Quantcast%20Choice&utm_medium=Product%20Logo
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BleepingComputer

Search URL Search Domain Scan URL

URL: https://twitter.com/BleepinComputer

Search URL Search Domain Scan URL

URL: https://plus.google.com/+bleepingcomputer/posts

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/BleepingComputer

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/
Title: Deals

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/elearning?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: eLearning

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/certifications?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: IT Certification Courses

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/gear-gadgets?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: Gear + Gadgets

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/collections/tag-cyber-security?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: Security

Search URL Search Domain Scan URL

URL: https://twitter.com/fumik0_
Title: Fumik0_

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/3a3cc5ab5b1c219dbbfc1ed90f033e7a183ea6c7bb946ed6052691609ac48929/detection
Title: Setup.exe executable

Search URL Search Domain Scan URL

URL: https://www.blockchain.com/btc/address/1FFRitFm5rP5oY5aeTeDikpQiWRz278L45
Title: 1FFRitFm5rP5oY5aeTeDikpQiWRz278L45

Search URL Search Domain Scan URL

URL: https://twitter.com/LawrenceAbrams

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 302
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request Chain 93

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1560284733423&ns_c=UTF-8&cv=3.1e&c8=Fake%20Cryptocurrency%20Trading%20Site%20Pushes%20Crypto%20Stealing%20Malware&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1560284733423&ns_c=UTF-8&cv=3.1e&c8=Fake%20Cryptocurrency%20Trading%20Site%20Pushes%20Crypto%20Stealing%20Malware&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&c9=

Request Chain 143

https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=1258258729;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_pre=CICFscuh4uICFUhB4AodjsIBGQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=1258258729;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 153

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 166

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 167

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 172

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 259

https://u.openx.net/w/1.0/pd HTTP 302
https://u.openx.net/w/1.0/pd?cc=1

Request Chain 267

https://u.openx.net/w/1.0/pd HTTP 302
https://u.openx.net/w/1.0/pd?cc=1

Request Chain 268

https://edba.brealtime.com/ HTTP 302
https://s3.amazonaws.com/brt-appnexus-cookie-sync/1x1.gif

263 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/ 71 KB
15 KB 611ms
530ms Document
text/html 104.20.59.209
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

045ec3eaa91bf688089e6086f14e8f0a09b980c0d5b0a3622e3f3124b5dfcc98

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.bleepingcomputer.com
:scheme: https
:path: /news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 11 Jun 2019 20:25:30 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d61c3a83fae7c6a7a97bffe5a3a807b051560284729; expires=Wed, 10-Jun-20 20:25:29 GMT; path=/; domain=.bleepingcomputer.com; HttpOnly session_id=4591af464f4770f627761367699acd1e; path=/; domain=.bleepingcomputer.com; httponly;Secure lav=6094; expires=Thu, 11-Jul-2019 20:25:30 GMT; Max-Age=2592000; path=/;Secure
content-security-policy: upgrade-insecure-requests;
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
last-modified: Wed, 05 Jun 2019 16:57:56 GMT
vary: Accept-Encoding,User-Agent
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4e5650885f10d8ed-AMS
content-encoding: br

GET
H2 200 css
fonts.googleapis.com/ 14 KB
1 KB 33ms
16ms Stylesheet
text/css 2a00:1450:4001:817::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

e1ed25f4abd181e54349b19a94bd563692385ef339df2540abbee5638ccb3765

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 11 Jun 2019 20:25:30 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 11 Jun 2019 20:25:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:25:30 GMT

GET
H2 200 bootstrap.css
www.bleepstatic.com/css/redesign/ 111 KB
17 KB 120ms
30ms Stylesheet
text/css 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/bootstrap.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
cf-polished: origSize=137522
status: 200
cf-bgj: minify
last-modified: Fri, 23 Sep 2016 14:33:06 GMT
server: cloudflare
etag: W/"2184297232"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4e56508c4ebfc85b-AMS
expires: Tue, 26 Mar 2019 04:25:05 GMT

GET
H2 200 main.css
www.bleepstatic.com/css/redesign/ 51 KB
9 KB 134ms
43ms Stylesheet
text/css 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
cf-polished: origSize=60842
status: 200
cf-bgj: minify
last-modified: Thu, 16 Aug 2018 15:28:40 GMT
server: cloudflare
etag: W/"4249134023"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4e56508c4ec0c85b-AMS
expires: Thu, 14 Mar 2019 04:21:16 GMT

GET
H2 200 home.css
www.bleepstatic.com/css/redesign/ 12 KB
3 KB 122ms
32ms Stylesheet
text/css 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/home.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
cf-polished: origSize=14998
status: 200
cf-bgj: minify
last-modified: Sat, 24 Mar 2018 16:18:00 GMT
server: cloudflare
etag: W/"2402535603"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4e56508c4ec1c85b-AMS
expires: Wed, 27 Mar 2019 21:45:08 GMT

GET
H2 200 news.css
www.bleepstatic.com/css/redesign/ 27 KB
5 KB 125ms
34ms Stylesheet
text/css 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/news.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6d4ea4e2f95dcd77bc3acb8408f8ed9c2d9453aeafef8af9387b04e6c9a8ff9

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
cf-polished: origSize=32748
status: 200
cf-bgj: minify
last-modified: Mon, 28 Jan 2019 20:41:57 GMT
server: cloudflare
etag: W/"3696970514"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4e56508c4ec2c85b-AMS
expires: Thu, 20 Jun 2019 11:39:31 GMT

GET
H2 200 jquery-1.11.1.min.js Show response
www.bleepstatic.com/js/redesign/ 94 KB
32 KB 125ms
35ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/jquery-1.11.1.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 23 Apr 2015 12:36:44 GMT
server: cloudflare
access-control-allow-origin: *
etag: W/"3647451394"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 4e56508c4ec4c85b-AMS
expires: Thu, 28 Mar 2019 16:53:04 GMT

GET
H2 200 news.js Show response
www.bleepstatic.com/js/redesign/ 183 B
517 B 117ms
27ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/news.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
cf-polished: origSize=247
status: 200
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 15:41:46 GMT
server: cloudflare
etag: W/"4218930423"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4e56508c4ec6c85b-AMS
expires: Thu, 21 Mar 2019 05:10:14 GMT

GET
H2 200 connatix.renderer.infeed.min.js Show response
cdn.connatix.com/min/ 957 B
1 KB 45ms
6ms Script
application/javascript 2a04:4e42::645
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Varnish /
Resource Hash: 2189c74de68935fc4094fd615682d1b61449f2b6588ad7c7812015d5de3e843d

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-cache: HIT
content-type: application/javascript
status: 200
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-cache-hits: 0
accept-ranges: bytes
x-timer: S1560284730.236855,VS0,VE0
content-length: 957
retry-after: 0
x-served-by: cache-fra19180-FRA

GET
H2 200 qc-consent.js Show response
www.bleepstatic.com/js/qc-consent/ 3 KB
1 KB 38ms
35ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
cf-polished: origSize=3848
status: 200
cf-bgj: minify
last-modified: Thu, 07 Feb 2019 13:49:44 GMT
server: cloudflare
etag: W/"3981350888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4e56508c9f65c85b-AMS
expires: Wed, 27 Mar 2019 02:09:12 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 64 KB
25 KB 61ms
16ms Script
application/javascript 2a00:1450:4001:825::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3c7f3873e71720fd77e2f876858a57548aa478e8d96d551d74af0c3ff589a84f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 25368
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:25:30 GMT

GET
H2 200 logo.png
www.bleepstatic.com/images/site/ 1 KB
1 KB 25ms
17ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/logo.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=1882
status: 200
content-disposition: inline; filename="logo.webp"
cf-bgj: imgq:85
content-length: 1152
last-modified: Sat, 04 Mar 2017 04:12:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508cf81fc85b-AMS
expires: Fri, 05 Jul 2019 21:49:51 GMT

GET
H2

200

brand Show response
cse.google.com/coop/cse/
Redirect Chain

https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

3 KB
1 KB

61ms
6ms

Script
text/javascript

2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

pfe /

Resource Hash

4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:18:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: pfe
age: 395
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=1800
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 1181
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:48:55 GMT

Redirect headers

date: Tue, 11 Jun 2019 20:25:30 GMT
x-content-type-options: nosniff
server: sffe
location: https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 266
x-xss-protection: 0

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 88 KB
33 KB 34ms
28ms Script
text/javascript 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

608ce66fc43803d7d9aec32609ad1f4bd211289c93e6340f4b3581f0fe43cd55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 33177
x-xss-protection: 0
server: cafe
etag: 8399834423475397247
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 11 Jun 2019 20:25:30 GMT

GET
H2 200 twitter.png
www.bleepstatic.com/images/site/login/ 475 B
592 B 30ms
24ms Image
image/png 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/login/twitter.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9278e008fc4edcd157a9a7b3f5dfbd75c167f405d11296e19c313dc5d052cc2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508cf822c85b-AMS
content-length: 475
expires: Fri, 24 May 2019 23:15:26 GMT

GET
H2 200 bootstrap.js Show response
www.bleepstatic.com/js/redesign/ 44 KB
10 KB 31ms
27ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/bootstrap.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
cf-polished: origSize=65813
status: 200
cf-bgj: minify
last-modified: Thu, 23 Apr 2015 12:36:43 GMT
server: cloudflare
etag: W/"3930092018"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4e56508cf825c85b-AMS
expires: Thu, 28 Mar 2019 05:13:57 GMT

GET
H2 200 blazy.min.js Show response
www.bleepstatic.com/js/blazy/ 5 KB
2 KB 36ms
34ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/blazy/blazy.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 16 Aug 2018 21:06:19 GMT
server: cloudflare
access-control-allow-origin: *
etag: W/"753357888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 4e56508c9f62c85b-AMS
expires: Thu, 28 Mar 2019 08:32:18 GMT

GET
H2 200 bleep.js Show response
www.bleepstatic.com/js/redesign/ 3 KB
925 B 29ms
25ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/bleep.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
cf-polished: origSize=3600
status: 200
cf-bgj: minify
last-modified: Mon, 01 Oct 2018 12:47:57 GMT
server: cloudflare
etag: W/"2696894447"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4e56508cf826c85b-AMS
expires: Fri, 22 Mar 2019 04:49:09 GMT

GET
H2 200 jquery.fancybox.js Show response
www.bleepstatic.com/js/redesign/fancybox/ 31 KB
9 KB 30ms
26ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
cf-polished: origSize=48706
status: 200
cf-bgj: minify
last-modified: Wed, 14 Oct 2015 20:25:51 GMT
server: cloudflare
etag: W/"327140449"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4e56508cf828c85b-AMS
expires: Mon, 25 Mar 2019 04:42:04 GMT

GET
H2 200 fixto.min.js Show response
www.bleepstatic.com/js/fixto/ 8 KB
3 KB 32ms
24ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/fixto/fixto.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 13 Jun 2015 21:34:42 GMT
server: cloudflare
access-control-allow-origin: *
etag: W/"1740214911"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 4e56508cf81dc85b-AMS
expires: Thu, 21 Mar 2019 05:36:11 GMT

GET
H2 200 addthis_widget.js Show response
s9.addthis.com/js/300/ 345 KB
110 KB 159ms
36ms Script
application/javascript 23.210.248.44
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s9.addthis.com/js/300/addthis_widget.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 97de0956d11edf44483d9461cb7bac1e20465659368ea7321940ecc75ed5f2da

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: gzip
last-modified: Thu, 06 Jun 2019 17:56:43 GMT
etag: "5cf953db-56207"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
x-host: s9.addthis.com
accept-ranges: bytes

GET
H2 200 pubfig.min.js Show response
a.pub.network/bleepingcomputer-com/ 416 KB
115 KB 106ms
20ms Script
application/javascript 2606:4700:20::6819:c072
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c072 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5aaf688e01a991bd9d796ca1adc8b66d432d477efdad550b7e991b692c6dbc5b

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
x-guploader-uploadid: AEnB2UqPyieZer82f8RkTRQuZi83M_OLgyi57IK3B3N5OScO46w2q9c3HCZDmEa245DzguMgSmreLryFUVbjykx4BlXw51kxEQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cf-ray: 4e56508d7ea1d6ed-FRA
last-modified: Thu, 09 May 2019 18:48:44 GMT
server: cloudflare
etag: W/"5364c515a84b76535ab32ae72c458e81"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=veWEiQ==, md5=U2TFFahLdlNasyrnLEWOgQ==
x-goog-generation: 1557427724494133
cache-control: public, max-age=1800
x-goog-stored-content-length: 425947
content-type: application/javascript
expires: Tue, 11 Jun 2019 20:55:30 GMT

GET
H2 200 login_bg.png
www.bleepstatic.com/images/site/ 187 B
272 B 19ms
17ms Image
image/png 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/login_bg.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46f054a5c98b253c46ff84547ce118625668349700a0730724df4bb25bcf5f78

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508d28a1c85b-AMS
content-length: 187
expires: Sat, 25 May 2019 01:06:01 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v19/ 11 KB
11 KB 10ms
8ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 04:36:10 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:13:33 GMT
server: sffe
age: 834560
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Mon, 01 Jun 2020 04:36:10 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ 11 KB
11 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 16:28:51 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:14:03 GMT
server: sffe
age: 791799
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11020
x-xss-protection: 0
expires: Mon, 01 Jun 2020 16:28:51 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 nav_bg.png
www.bleepstatic.com/images/site/ 83 B
191 B 29ms
12ms Image
image/png 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/nav_bg.png
Requested by: Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6d408ceb31cfae3d3d87971b82e522a331aa2eb042a793223b7ec19e419c564

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Mar 2017 07:57:02 GMT
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508da9b7c85b-AMS
content-length: 83
expires: Fri, 24 May 2019 23:57:34 GMT

GET
H2 200 connatix.renderer.infeed.min_dc.js Show response
cdns.connatix.com/p/1510/min/ Frame A4F5 709 KB
184 KB 51ms
10ms Script
application/x-javascript 2a04:4e42::645
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.connatix.com/p/1510/min/connatix.renderer.infeed.min_dc.js
Requested by: Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 9afd00df4ef8e483eae86ac97fbd54c5a85309ab2d0f6cbbe7d331b5741221b9

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: gzip
age: 116730
x-cache: HIT, HIT
status: 200
content-length: 187738
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-dca17737-DCA, cache-fra19180-FRA
last-modified: Mon, 10 Jun 2019 11:57:24 GMT
x-timer: S1560284731.534954,VS0,VE0
etag: "320a4ee99fddec479e5168af0529c251"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 2, 10102

GET
H2 200 20x20-printer.png
www.bleepstatic.com/images/site/ 422 B
582 B 21ms
19ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/20x20-printer.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=824
status: 200
content-disposition: inline; filename="20x20-printer.webp"
cf-bgj: imgq:85
content-length: 422
last-modified: Sat, 03 Oct 2015 03:18:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508dfa48c85b-AMS
expires: Fri, 05 Jul 2019 22:07:49 GMT

GET
H2 200 calendar.png
www.bleepstatic.com/images/site/ 129 B
213 B 19ms
18ms Image
image/png 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/calendar.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61cb7a1fefe87904c7b02aa16c88d4b42805526d63f9d20f2f797380713e4577

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508dfa4cc85b-AMS
content-length: 129
expires: Fri, 31 May 2019 22:31:50 GMT

GET
H2 200 clock.png
www.bleepstatic.com/images/site/ 252 B
406 B 20ms
18ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/clock.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=1316
status: 200
content-disposition: inline; filename="clock.webp"
cf-bgj: imgq:85
content-length: 252
last-modified: Fri, 29 May 2015 07:08:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508dfa4ec85b-AMS
expires: Fri, 05 Jul 2019 21:10:05 GMT

GET
H2 200 comment-light.png
www.bleepstatic.com/images/site/ 96 B
295 B 21ms
20ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/comment-light.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=1034
status: 200
content-disposition: inline; filename="comment-light.webp"
cf-bgj: imgq:85
content-length: 96
last-modified: Fri, 29 May 2015 07:08:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508dfa51c85b-AMS
expires: Fri, 28 Jun 2019 05:14:17 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 03 Jun 2019 02:07:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:14:42 GMT
server: sffe
age: 757079
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11180
x-xss-protection: 0
expires: Tue, 02 Jun 2020 02:07:31 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ 11 KB
11 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 07:50:18 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:12:38 GMT
server: sffe
age: 822912
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Mon, 01 Jun 2020 07:50:18 GMT

GET
H2 200 cmp.js Show response
quantcast.mgr.consensu.org/ 138 KB
39 KB 66ms
14ms Script
text/javascript 2600:9000:20bb:6400:9:46dc:4700:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/cmp.js
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:6400:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca63a5bf8f9e3e8f87bc6966bd6865309df0ec43339334769f31b42b7dd5bed2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:17:31 GMT
content-encoding: gzip
last-modified: Thu, 23 May 2019 19:17:48 GMT
server: AmazonS3
age: 1262
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-meta-qc-ineu: True
x-amz-cf-pop: FRA56
x-amz-cf-id: suR0RD4FSaXE8sxdKrm3xLiJ_qEjBdJsCtTkc5F7ATJdql9bT8iI5Q==
via: 1.1 617456b5ad99c756ee702b235ecfe148.cloudfront.net (CloudFront)

GET
H2 200 32x32-printer.png
www.bleepstatic.com/images/site/ 256 B
515 B 18ms
18ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/32x32-printer.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=618
status: 200
content-disposition: inline; filename="32x32-printer.webp"
cf-bgj: imgq:85
content-length: 256
last-modified: Fri, 02 Oct 2015 21:57:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508eabb8c85b-AMS
expires: Fri, 05 Jul 2019 22:01:10 GMT

GET
H2 200 21beb902b545b086a90ec39f1df36b94.jpg
www.bleepstatic.com/author/photos/ 7 KB
8 KB 17ms
16ms Image
image/jpeg 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/author/photos/21beb902b545b086a90ec39f1df36b94.jpg
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19e1dbba639ba68ceb71cdada9621e11d0aec6edba410971f1937d6cc4935b32

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
cf-polished: origSize=7617, status=webp_bigger
status: 200
cf-bgj: imgq:85
content-length: 7581
last-modified: Mon, 26 Oct 2015 17:15:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508eabd8c85b-AMS
expires: Wed, 20 Mar 2019 04:25:35 GMT

GET
H2 200 h4-bg.png
www.bleepstatic.com/images/site/ 72 B
187 B 19ms
18ms Image
image/png 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/h4-bg.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4bb3aaeb6bd2ba6d6c88f1497a5b86b2dba5ed0a39dcdbe82ee94dd06990e146

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508f0c87c85b-AMS
content-length: 72
expires: Sat, 25 May 2019 00:08:06 GMT

GET
H2 200 news_email_icon.png
www.bleepstatic.com/images/site/ 126 B
287 B 18ms
17ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/news_email_icon.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a

Request headers

Referer: https://www.bleepstatic.com/css/redesign/home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=1105
status: 200
content-disposition: inline; filename="news_email_icon.webp"
cf-bgj: imgq:85
content-length: 126
last-modified: Fri, 29 May 2015 07:10:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508f0c8ac85b-AMS
expires: Fri, 05 Jul 2019 21:50:24 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 18ms
16ms Script
application/javascript 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 16ms
16ms Script
application/javascript 2a00:1450:4001:81e::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20190605/r20190131/ 210 KB
78 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20190605/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

48566f0a223d2592f114915cdd4a5c3b1de37437dfebf80b45948db446416014

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 79548
x-xss-protection: 0
server: cafe
etag: 12580024925475607442
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Jun 2019 20:25:30 GMT

GET
H2 200 news_footer_icon.png
www.bleepstatic.com/images/site/ 186 B
271 B 16ms
15ms Image
image/png 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/news_footer_icon.png
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 371e60eaea3df0bf53403a81ca0d49fad4e0c08dca679cf6a85300da15bf3208

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e56508f7d74c85b-AMS
content-length: 186
expires: Thu, 23 May 2019 21:41:26 GMT

GET
H2 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20190605/r20190131/ Frame C9C5 210 KB
78 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20190605/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

48566f0a223d2592f114915cdd4a5c3b1de37437dfebf80b45948db446416014

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 79548
x-xss-protection: 0
server: cafe
etag: 12580024925475607442
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Jun 2019 20:25:30 GMT

GET
H2 200 ca-pub-0920899300397823.js Show response
pagead2.googlesyndication.com/pub-config/r20160913/ 108 B
269 B 23ms
6ms Script
text/javascript 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-0920899300397823.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

617229202229089622770a111fef4f514877475b89056525185a70e0cbc5bc95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 19:59:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 Jun 2019 19:14:31 GMT
server: sffe
age: 1539
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=43200
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 118
x-xss-protection: 0
expires: Wed, 12 Jun 2019 07:59:51 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20190605/r20190131/ Frame 82AB 0
0 53ms
12ms Document
text/html 2a00:1450:4001:818::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20190605/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20190605/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Thu, 06 Jun 2019 06:22:30 GMT
expires: Thu, 20 Jun 2019 06:22:30 GMT
content-type: text/html; charset=UTF-8
etag: 8517209858956041601
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 7028
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 482580
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"

GET
H/1.1 200
OK cookie Show response
c.pub.network/ 36 B
448 B 954ms
113ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/cookie
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 05d2034f4da0434abcfb8a5f44f73b33a2a5d5df7c3777b8e82ed935ee3deca6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 11 Jun 2019 20:25:31 GMT
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 36
Vary: Origin
Content-Type: text/plain;charset=utf-8

GET
H/1.1 200
OK gallery.js Show response
freestar-io.videoplayerhub.com/ 62 KB
15 KB 55ms
7ms Script
application/javascript 13.35.253.108
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-io.videoplayerhub.com/gallery.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.108 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-108.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 852bb00e2975ab3cd9c7ff4788109a0cee8238d20a3818067d2f2ecb557be604

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: Tf.4wTiil9pCrFYsF9BiW53_DKxlvqgF
Content-Encoding: gzip
Last-Modified: Thu, 06 Jun 2019 21:05:43 GMT
Server: AmazonS3
Age: 71
Date: Tue, 11 Jun 2019 20:24:51 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
Transfer-Encoding: chunked
Connection: keep-alive
X-Amz-Cf-Id: gE5wrIqtzn53_73FCNTbobgLQCASFtFLX4838qcrZD3vFr04TShlZQ==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 31 KB
10 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:808::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

742273719a18a176d36882e7e067a192b48df21455243666315910d3c7c53e84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "194 / 392 of 1000 / last-modified: 1560278149"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 10471
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:25:31 GMT

GET
H2 200 prebid-analytics-1.33.5.js Show response
a.pub.network/core/ 323 KB
92 KB 137ms
136ms Script
text/html 2606:4700:20::6819:c072
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:c072 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a6ac1e8519aa132772c1f732514d4a2cbcd2143a90710b7656bc23024b4c85c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:31 GMT
content-encoding: br
cf-cache-status: MISS
status: 200
x-guploader-uploadid: AEnB2Ur5UZ1CGxHYQJs13v7xyR9aiWrxCYVp42TfKrS-pGR0Ae5QObf7oV7wGMqE-YRYsM2AsIbQIc1D8hiePrtIchu1hs_poQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cf-ray: 4e565090fa3cd6ed-FRA
last-modified: Wed, 13 Mar 2019 15:07:05 GMT
server: cloudflare
etag: W/"2d4c23f52ecf1a601021349ff773977b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=xB2m2g==, md5=LUwj9S7PGmAQITSf93OXew==
x-goog-generation: 1552489625640716
cache-control: public, max-age=31536000
x-goog-stored-content-length: 330336
content-type: text/html
expires: Wed, 10 Jun 2020 20:25:31 GMT

GET
H/1.1 200
OK location Show response
c.pub.network/ 2 KB
2 KB 577ms
112ms XHR
application/json 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/location
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: a60d6002897ec965c44830190b62f69b8b2d27aa9719a7f2bc424588d7111f01

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 11 Jun 2019 20:25:31 GMT
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 1580
Vary: Origin
Content-Type: application/json;charset=utf-8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 21 May 2019 23:53:44 GMT
server: Golfe2
age: 3176
date: Tue, 11 Jun 2019 19:32:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 17595
expires: Tue, 11 Jun 2019 21:32:35 GMT

GET
H2 200 g Show response
ck.connatix.com/ 46 B
126 B 39ms
5ms Script
text/plain 2a04:4e42::645
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://ck.connatix.com/g?callback=cnxJSONP_933f29fd6116cd7fd6001560284731108
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1510/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Varnish /
Resource Hash: 03efc9c2735a855fd4bdd57a5781d2ac4799ea2a0cf57ab1b5101f7ee3bac772

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:31 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-cache: HIT
status: 200
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-cache-hits: 0
accept-ranges: bytes
x-timer: S1560284731.147638,VS0,VE0
content-length: 46
retry-after: 0
x-served-by: cache-fra19180-FRA

GET
H2 200 cmp-3pc-check.html
static.quantcast.mgr.consensu.org/v18/ Frame D534 0
0 89ms
6ms Document
text/html 2600:9000:20bb:ee00:9:46dc:4700:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v18/cmp-3pc-check.html
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:ee00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: static.quantcast.mgr.consensu.org
:scheme: https
:path: /v18/cmp-3pc-check.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
content-type: text/html
content-length: 583
last-modified: Thu, 23 May 2019 19:17:44 GMT
accept-ranges: bytes
server: AmazonS3
date: Tue, 11 Jun 2019 20:23:19 GMT
etag: "2382c3f01978a379e8fa8bc1a3bec605"
age: 1546
x-cache: Hit from cloudfront
via: 1.1 40b36a86ab4ea993a78087b1ceb80e25.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56
x-amz-cf-id: qpNF-uybLtBnc2O8jQ8-l3D5OuaElLxBaT58kE7M2dbKBDWbGtvNgQ==

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 5E3A 0
0 276ms
275ms Document
text/html 2a00:1450:4001:818::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&h=500&slotname=4359266829&adk=3764243768&adf=155314479&w=834&cr_col=4&cr_row=2&fwrn=2&lmt=1559753876&rafmt=9&guci=1.2.0.0.2.2.0.0&format=834x500&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&dt=1560284730779&bpp=62&bdt=590&fdt=510&idt=510&shv=r20190605&cbv=r20190131&saldr=aa&abxe=1&correlator=416186497317&frm=20&pv=2&ga_vid=424828401.1560284731&ga_sid=1560284731&ga_hid=1298611584&ga_fc=0&iag=0&icsg=687197396992&dssz=41&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=208&ady=10918&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C21062810&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=144&bc=31&osw_key=3733268371&ifi=1&uci=1.yty7nv3rn6zp&fsb=1&xpc=XT6UxnUyB5&p=https%3A//www.bleepingcomputer.com&dtd=565

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20190605/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-0920899300397823&output=html&h=500&slotname=4359266829&adk=3764243768&adf=155314479&w=834&cr_col=4&cr_row=2&fwrn=2&lmt=1559753876&rafmt=9&guci=1.2.0.0.2.2.0.0&format=834x500&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&dt=1560284730779&bpp=62&bdt=590&fdt=510&idt=510&shv=r20190605&cbv=r20190131&saldr=aa&abxe=1&correlator=416186497317&frm=20&pv=2&ga_vid=424828401.1560284731&ga_sid=1560284731&ga_hid=1298611584&ga_fc=0&iag=0&icsg=687197396992&dssz=41&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=208&ady=10918&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C21062810&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=144&bc=31&osw_key=3733268371&ifi=1&uci=1.yty7nv3rn6zp&fsb=1&xpc=XT6UxnUyB5&p=https%3A//www.bleepingcomputer.com&dtd=565
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 11 Jun 2019 20:25:31 GMT
server: cafe
content-length: 12138
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 11-Jun-2019 20:40:31 GMT; path=/; domain=.doubleclick.net
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
expires: Tue, 11 Jun 2019 20:25:31 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 75 KB
28 KB 44ms
41ms Script
text/javascript 2a00:1450:4001:808::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20190605/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

78f96c973c9c1d563d5870a1f7debdb2c0967256fb0c508bb5b3d8b8c695622a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1560165176110314"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 28289
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:25:31 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 14ms
13ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j76&a=1298611584&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ul=en-us&de=UTF-8&dt=Fake%20Cryptocurrency%20Trading%20Site%20Pushes%20Crypto%20Stealing%20Malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IAhAAUAB~&jid=1632115193&gjid=1361314604&cid=424828401.1560284731&tid=UA-91740-1&_gid=714698583.1560284731&_r=1&gtm=2ou5t2&z=249081851

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2019053001.js Show response
securepubads.g.doubleclick.net/gpt/ 148 KB
54 KB 41ms
40ms Script
text/javascript 172.217.18.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019053001.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

8bd06a157f6234495a2a93e0ad4166ebe82bf9d69a20831eadd196aad3f152b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 May 2019 13:05:09 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 55383
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:25:31 GMT

GET
H2 200 Worm_Malware.png
www.bleepstatic.com/content/hl-images/2019/03/12/ 652 KB
652 KB 30ms
29ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2019/03/12/Worm_Malware.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 487623344843550f6b30fd21fe613563803ce9da29c1438b1daceb082e2a4410

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:31 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=1251327
status: 200
content-disposition: inline; filename="Worm_Malware.webp"
cf-bgj: imgq:85
content-length: 667206
last-modified: Tue, 12 Mar 2019 15:01:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e565093eeb1c85b-AMS
expires: Wed, 10 Jul 2019 13:55:34 GMT

GET
H2 200 292x176_FBI_.jpg
www.bleepstatic.com/content/hl-images/2019/04/15/thumb/ 12 KB
12 KB 17ms
16ms Image
image/jpeg 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2019/04/15/thumb/292x176_FBI_.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5c0ed3fba3bb6d1328481babefe2b39126f228bb45b5aafbc09fb81b1a9892a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:31 GMT
cf-cache-status: HIT
cf-polished: origSize=12407, status=webp_bigger
status: 200
cf-bgj: imgq:85
content-length: 11852
last-modified: Mon, 15 Apr 2019 14:28:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e565093eeb2c85b-AMS
expires: Thu, 11 Jul 2019 04:26:43 GMT

GET
H2 200 292x176_BlueKeep_.jpg
www.bleepstatic.com/content/hl-images/2019/05/22/thumb/ 12 KB
12 KB 23ms
22ms Image
image/jpeg 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2019/05/22/thumb/292x176_BlueKeep_.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b939fa63031678d425cd2b90813ef9b665d3ba73324360598a1052d30fec13fd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:31 GMT
cf-cache-status: HIT
cf-polished: origSize=12542, status=webp_bigger
status: 200
cf-bgj: imgq:85
content-length: 11854
last-modified: Wed, 22 May 2019 12:38:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4e565093eeb4c85b-AMS
expires: Thu, 11 Jul 2019 17:12:07 GMT

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/ 2 KB
924 B 94ms
78ms Script
application/javascript 23.210.248.44
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/_ate.track.config_resp
Requested by: Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.8.v20180619) /
Resource Hash: 5fe405e64b42b49a5813c2c7b8e48ccf290310c5eb351d2b15966856d1a2f06e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:31 GMT
content-encoding: gzip
surrogate-key: ra-561517d2c7f964d6
server: Jetty(9.4.8.v20180619)
etag: -1808207170--gzip
vary: Accept-Encoding
cache-tag: ra-561517d2c7f964d6
status: 200
cache-control: public, max-age=19, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-type: application/javascript;charset=utf-8
content-length: 678

GET
H2 200 jquery.fancybox.css
www.bleepstatic.com/js/redesign/fancybox/ 4 KB
1 KB 18ms
17ms Stylesheet
text/css 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:31 GMT
content-encoding: br
cf-cache-status: HIT
cf-polished: origSize=4895
status: 200
cf-bgj: minify
last-modified: Wed, 14 Oct 2015 20:25:51 GMT
server: cloudflare
etag: W/"9108074"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4e565094e97bc85b-AMS
expires: Thu, 28 Mar 2019 18:04:30 GMT

GET
H2 200 font-awesome.css
www.bleepstatic.com/css/redesign/ 22 KB
5 KB 22ms
21ms Stylesheet
text/css 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/font-awesome.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:31 GMT
content-encoding: br
cf-cache-status: HIT
cf-polished: origSize=26776
status: 200
cf-bgj: minify
last-modified: Tue, 03 May 2016 04:39:29 GMT
server: cloudflare
etag: W/"1700274315"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4e565094f97ec85b-AMS
expires: Wed, 03 Jul 2019 05:12:31 GMT

GET pls
core.connatix.com/ Frame A4F5 0
0

GET
H2 200 / Show response
audit.quantcast.mgr.consensu.org/ 80 B
467 B 2370ms
12ms XHR
text/html 13.35.253.52
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://audit.quantcast.mgr.consensu.org/?log=;1560284731714;BleepingComputer.com;https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F;CMP_Display;initializationdisplay;;;;1
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.52 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 10 Jun 2019 21:28:03 GMT
via: 1.1 9810d82af8847b51b9c3048141069a65.cloudfront.net (CloudFront)
vary: Origin
age: 82652
x-cache: Hit from cloudfront
status: 200
content-length: 80
last-modified: Mon, 11 Jun 2018 22:07:34 GMT
server: AmazonS3
etag: "0614149d8033903db5de46d6c184bbfd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: kuNarXlmr265IWLMyHvO19mg1bgTpvifDclFJaz6oXgL8fHBroFBpg==

GET
H2 200 cmpui-popup.js Show response
static.quantcast.mgr.consensu.org/v18/ 165 KB
51 KB 60ms
9ms Script
text/javascript 2600:9000:20bb:ee00:9:46dc:4700:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v18/cmpui-popup.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:ee00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 357017568ad102cf853bced7d960ecd7fcc8854ab807a9958dff7c2106b35d27

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:23:22 GMT
content-encoding: gzip
last-modified: Thu, 23 May 2019 19:17:44 GMT
server: AmazonS3
age: 1828
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-cf-pop: FRA56
x-amz-cf-id: dvJHvG4vYDEwfGnhIz9ZAKbDrfC3oKteHeelLdqAM10-6t1VoNFR3w==
via: 1.1 40b36a86ab4ea993a78087b1ceb80e25.cloudfront.net (CloudFront)

GET
H2 200 beacon.js Show response
ad-delivery.net/ 1 KB
956 B 1100ms
8ms Script
application/x-javascript 13.35.253.67
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ad-delivery.net/beacon.js
Requested by: Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.67 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-67.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:10:51 GMT
content-encoding: gzip
last-modified: Tue, 31 Jan 2017 15:06:54 GMT
server: AmazonS3
age: 881
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-id: QVByiZOv9_pViEIunSsY7creFJCB-Bzlb76Ev620MrYK8UsdkRXl5w==
via: 1.1 d3039ad83798b26ecb9f9f1e666afe27.cloudfront.net (CloudFront)

GET
H2 200 fontawesome-webfont.woff
www.bleepstatic.com/fonts/ 64 KB
64 KB 78ms
21ms Font
application/octet-stream 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepstatic.com/css/redesign/font-awesome.css
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 11 Jun 2019 20:25:31 GMT
cf-cache-status: HIT
last-modified: Thu, 23 Apr 2015 09:36:00 GMT
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
status: 200
accept-ranges: bytes
cf-ray: 4e5650961fbf731d-AMS
content-length: 65452

GET
H/1.1 200
OK sync.html
s.adtelligent.com/ Frame 96A6 0
0 622ms
179ms Document
text/html 23.227.137.178
24 SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=410295
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 23.227.137.178 Piscataway, United States, ASN55081 (24SHELLS - 24 SHELLS, US),
Reverse DNS
Software: Adtelligent 1.0 /
Resource Hash

Request headers

Host: s.adtelligent.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

Server: Adtelligent 1.0
Date: Tue, 11 Jun 2019 20:25:31 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 743
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

GET
H/1.1 200
OK v2 Show response
d.pub.network/floors/ 2 KB
2 KB 731ms
112ms XHR
application/json 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/floors/v2?key=535desktop
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: e145cdc0be27e233cd342ccc4b4da1d5c5b7e87e6629c028d8a51f339dba90d0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 11 Jun 2019 20:25:32 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 layers.b7315dd8028c0248db40.js Show response
s7.addthis.com/static/ 262 KB
74 KB 371ms
341ms Script
application/javascript 23.210.248.44
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s7.addthis.com/static/layers.b7315dd8028c0248db40.js
Requested by: Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7972161a38af4774f022b6d248977895660ccea99afd794dd15832e3e33cfaa5

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:32 GMT
content-encoding: gzip
last-modified: Thu, 06 Jun 2019 17:56:44 GMT
etag: "5cf953dc-41722"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
x-host: s7.addthis.com
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 vendorlist.json Show response
vendorlist.consensu.org/ 80 KB
15 KB 82ms
9ms XHR
application/json 2600:9000:2043:2a00:1:af78:4c0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://vendorlist.consensu.org/vendorlist.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:2a00:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5e9ea707a3d475708008836f6202aed222ee8ea7399770c2a7c0b189fd6d3543

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com

Response headers

x-amz-version-id: MfmuvyXO2DAxy3jDsN1qzKdH8j2xPW0e
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 52978
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 06 Jun 2019 16:00:23 GMT
server: AmazonS3
date: Tue, 11 Jun 2019 05:46:10 GMT
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
via: 1.1 07318a09275049862b4535d73a930b7d.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: FRA54
x-amz-cf-id: 0RxP4VIfH67jV1Oot8ZlslV9S0jcBRAgiAmVf7-RAadWAN0acYenfA==

GET
H2 404 CookieAccess Show response
api.quantcast.mgr.consensu.org/ 30 B
576 B 175ms
110ms XHR
application/json 13.35.253.19
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.quantcast.mgr.consensu.org/CookieAccess
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.19 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-19.fra6.r.cloudfront.net
Software: /
Resource Hash: 5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 11 Jun 2019 20:25:32 GMT
content-encoding: gzip
access-control-allow-origin: https://www.bleepingcomputer.com
x-amzn-requestid: 0fed3c16-8c87-11e9-a6bc-71b22db1ec8f
x-cache: Error from cloudfront
status: 404
x-amz-apigw-id: bIcpfFkboAMFfeQ=
content-length: 50
x-amzn-trace-id: Root=1-5d000e3c-bb76f05b5977c4748e56558e;Sampled=0
vary: Origin
access-control-allow-methods: GET, POST
content-type: application/json
via: 1.1 a350f357b825293e306b1b0a2cb490c1.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
x-amz-cf-id: jcMbBueD1mmzCqLSoJrbMU40D2JpSOpaWowbKtZUsKBZzfmyK5qYsg==

GET
H2 200 49.45d0d44e9b5e129632e0.js Show response
s7.addthis.com/static/ 281 B
450 B 30ms
30ms Script
application/javascript 23.210.248.44
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s7.addthis.com/static/49.45d0d44e9b5e129632e0.js
Requested by: Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 66e0f9a747bdd042fb9d01000d611034c4bdd2351cadb25fda445defec19c603

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:32 GMT
last-modified: Thu, 28 Feb 2019 14:32:49 GMT
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
x-host: s7.addthis.com
accept-ranges: bytes
timing-allow-origin: *
content-length: 281

GET
H2 200 / Show response
graph.facebook.com/ 311 B
398 B 206ms
168ms Script
text/javascript 2a03:2880:f01c:20e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_kwww0

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:20e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

3543db05c16fd9acfa8bed6d11d90c6633f88898f83409338c405d49723498ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Tue, 11 Jun 2019 20:25:32 GMT
x-fb-rev: 1000814130
content-length: 197
pragma: no-cache
x-fb-debug: xARkTmcyiWAg3BVqgL86Pa4Ejj85Eg6iy0YslZ0L4GKE6JcU6C1LNKVq5EaKYokGCOEYD2hVCX2a2W71iL2+ag==
x-fb-trace-id: EziVjA/72iE
etag: "3fdc672540a2a2b8ed6b8d2222831972bd6b99a6"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AhQuF8wOzT6cvfJSF4TLOaA
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.9
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 share
www.linkedin.com/countserv/count/ 0
0 1161ms
1124ms Script
text/html 2a05:f500:10:101::b93f:9101
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin.com/countserv/count/share?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&callback=atajsshctcbajjDQ
Requested by: Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 info.json Show response
www.reddit.com/api/ 126 B
628 B 16986ms
1923ms Script
application/javascript 151.101.1.140
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&jsonp=_ate.cbs.rcb_4ios0

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.140 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

snooserv /

Resource Hash

5a650faeaf8cae499fedf3c6fb974a89d6bb40c830b0bf040adecbd145b7be06

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:49 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
status: 200
x-cache-hits: 0
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 126
x-xss-protection: 1; mode=block
x-served-by: cache-hhn1525-HHN
x-moose: majestic
server: snooserv
x-timer: S1560284748.808481,VS0,VE1910
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
expires: -1

GET
H2 200 / Show response
graph.facebook.com/ 151 B
580 B 142ms
108ms Script
text/javascript 2a03:2880:f01c:20e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_hiv90

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:20e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

f2d7850debd42b20e2d9c9c48cf45599c226a43c14b379d7fa28eaefcb00ce33

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Tue, 11 Jun 2019 20:25:32 GMT
x-fb-rev: 1000814130
content-length: 151
pragma: no-cache
x-fb-debug: tohKFoCgzW/43WlsKML6keVpOQsC/RuKZVVuTW7bOEkKBVY8PS+EKSU1YKWEQhOfZ8emXoiVgReuG/e4cGuWkw==
x-fb-trace-id: CEJoohJSA7V
etag: "ecf53afb3db57bec12dccdb915e6c862a416d570"
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AzQ61CBgTeTM7unfDRDY42-
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.9
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 share
www.linkedin.com/countserv/count/ 0
0 142ms
109ms Script
text/html 2a05:f500:10:101::b93f:9101
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin.com/countserv/count/share?url=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&callback=atajsshctcbnElSW
Requested by: Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 info.json Show response
www.reddit.com/api/ 125 B
303 B 22113ms
7054ms Script
application/javascript 151.101.1.140
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&jsonp=_ate.cbs.rcb_5m50

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.140 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

snooserv /

Resource Hash

c57ba139d8cfdf3809784609f81c6956dab1c2ddd3be5001434fdf1bcb3e2129

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:54 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
status: 200
x-cache-hits: 0
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 125
x-xss-protection: 1; mode=block
x-served-by: cache-hhn1525-HHN
x-moose: majestic
server: snooserv
x-timer: S1560284748.808470,VS0,VE7040
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
expires: -1

GET
H/1.1 200
OK jquery.color-2.1.2.min.js Show response
cluster-na.cdnjquery.com/color/ 136 B
379 B 4393ms
100ms Script
text/javascript 50.19.38.129
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cluster-na.cdnjquery.com/color/jquery.color-2.1.2.min.js?integrity=sha256_H28SdxWrZ387Ldn0qogCzFiUDDxfPiNIyJX7BECQkDE&checksum=%7B%22cbc%22%3A0%2C%22st%22%3A2%2C%22au%22%3A%5B%5D%2C%22hau%22%3A%5B%5D%2C%22ref%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F%22%2C%22aa%22%3A3%2C%22pgid%22%3A%22141647cf-8fea-30f8-8a3a-0153b596ca1e%22%2C%22v%22%3A1%2C%22format%22%3A%22jsonp%22%7D&o=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F

Requested by

Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.19.38.129 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-50-19-38-129.compute-1.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

af2642091af62d35efeac190f019c6c4fc8006c19c7f6d41dd1f8139219a6bd7

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 11 Jun 2019 20:25:37 GMT
Content-Encoding: gzip
Server: nginx/1.12.1
ETag: W/"88-VhI1tIWYuMnAL1TPDflUmOpid3Y"
X-Frame-Options: DENY
Content-Type: text/javascript; charset=utf-8
Charset: utf8
Connection: keep-alive
Content-Length: 106

GET
H2 200 px.gif
ad-delivery.net/ 43 B
349 B 36ms
9ms Image
image/gif 13.35.253.67
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.28722938598099046
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.67 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-67.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 02:32:26 GMT
via: 1.1 d3039ad83798b26ecb9f9f1e666afe27.cloudfront.net (CloudFront)
last-modified: Thu, 27 Jul 2017 18:59:05 GMT
server: AmazonS3
age: 76307
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache: Hit from cloudfront
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 43
x-amz-cf-id: lCocMY9qTg3XYhzrH3ckCgSnAPnU3M4zsGcEE7G26v0wnksrwo6zHw==

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
audit.quantcast.mgr.consensu.org/ 80 B
467 B 1040ms
10ms XHR
text/html 13.35.253.52
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://audit.quantcast.mgr.consensu.org/?log=%3Be%3AShown%2C%3Bua%3AMozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36%3Bc%3Ap%2Coff%2Cfalse
Requested by: Host: static.quantcast.mgr.consensu.org
URL: https://static.quantcast.mgr.consensu.org/v18/cmpui-popup.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.52 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 10 Jun 2019 09:56:06 GMT
via: 1.1 9810d82af8847b51b9c3048141069a65.cloudfront.net (CloudFront)
vary: Origin
age: 37740
x-cache: Hit from cloudfront
status: 200
content-length: 80
last-modified: Mon, 11 Jun 2018 22:07:34 GMT
server: AmazonS3
etag: "0614149d8033903db5de46d6c184bbfd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: TltDerDr1sExgEFGX02xpNsaMyOxP_l8CFDPBbKjosr0TaoMw8tTAQ==

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 190 KB
28 KB 624ms
623ms XHR
text/javascript 172.217.18.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3283818509905571&correlator=2917940244702096&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fifs&adsid=NT&json_a=1&eid=21063760%2C21063817%2C21063989&vrg=2019053001&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A16809992%2C8%3A32776&sc=1&sfv=1-0-33&ecs=20190611&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_1x1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7&prev_iu_szs=728x90%7C970x90%7C970x250%2C728x90%7C970x90%7C970x250%2C300x250%7C300x600%2C300x250%7C300x600%2C728x90%2C1x1%2C300x250%7C300x600&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1559753876&dt=1560284733159&dlt=1560284730188&idt=1686&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C436%2C1082%2C1082%2C268%2C800%2C1082&adys=146%2C11681%2C327%2C1136%2C9709%2C12187%2C1661&adks=960084856%2C976516616%2C771041174%2C2389526111%2C4047242158%2C2635258439%2C523518761&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&dssz=53&icsg=2295780454965248&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1170x120%7C1200x90%7C306x250%7C306x250%7C834x90%7C1600x12188%7C306x250&msz=1170x90%7C1170x90%7C306x250%7C306x250%7C834x90%7C1600x1%7C306x250&blev=1&bisch=1&ga_vid=424828401.1560284731&ga_sid=1560284731&ga_hid=1298611584&fws=4%2C4%2C4%2C4%2C4%2C4%2C4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

9d8264b3a6e6a89bcc6e014635af5ea6a5a33815a2ad68fe34d15dc540a4f48a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 11 Jun 2019 20:25:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 28351
x-xss-protection: 0
google-lineitem-id: -2,-1,-1,-1,-1,4893662829,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-1,-1,-1,-1,138254592126,-1
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2019053001.js Show response
securepubads.g.doubleclick.net/gpt/ 66 KB
25 KB 43ms
41ms Script
text/javascript 172.217.18.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

7afd1e931fc5bb2211f4f89e204c9e5d349e7bff9088ab84c97c3e5c50c6f8b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 May 2019 13:05:09 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 25250
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:25:33 GMT

GET container.html
tpc.googlesyndication.com/safeframe/1-0-33/html/ 0
0

GET
H/1.1 200
OK quant.js Show response
secure.quantserve.com/ 12 KB
6 KB 671ms
37ms Script
application/x-javascript 91.228.74.147
Quantcast Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.147 , United Kingdom, ASN27281 (QUANTCAST - Quantcast Corporation, US),
Reverse DNS
Software: QS /
Resource Hash: 404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 11 Jun 2019 20:25:33 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11-Jun-2019 20:25:33 GMT
Server: QS
ETag: M0-e2b9884a
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Connection: keep-alive
Content-Length: 5456
Expires: Tue, 18 Jun 2019 20:25:33 GMT

GET
H/1.1 200
OK bxl.js Show response
hbx.media.net/ 16 KB
7 KB 1678ms
59ms Script
text/javascript 23.58.216.132
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=www.bleepingcomputer.com&version=&https=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.58.216.132 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-58-216-132.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: facc4ccb45837d7ff6da9405f3d8ceded8edaf685a1b5237a72135fbebb2d2c4

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 11 Jun 2019 20:25:34 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 6634
X-MNET-HL2: E
Expires: Wed, 12 Jun 2019 20:25:34 GMT

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 105ms
26ms Script
application/x-javascript 23.38.19.203
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.38.19.203 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-38-19-203.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 76c393f564f53c19e795307e622edc8657a603f7a816c2646385697286d11313

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 11 Jun 2019 20:25:33 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 902
Expires: Wed, 12 Jun 2019 20:25:33 GMT

GET
H/1.1 200
OK load.js Show response
s.ntv.io/serve/ 269 KB
78 KB 142ms
50ms Script
application/x-javascript 104.111.215.236
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/serve/load.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.236 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-236.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7b20afb8e1a432c8cee0b80f3c8cc63fa1be6bf972894d29f9b2c3218814d15a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 11 Jun 2019 20:25:33 GMT
Content-Encoding: gzip
x-amz-request-id: 29E48B3AA44C1DF5
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
x-amz-id-2: fLWEoWB28Wt4/C7skLkEkeSNgupz4DImsCPY/m+hAXRpcRz+sIQjLL3WTMk3Fu3iM84lft/DkgY=
Last-Modified: Tue, 11 Jun 2019 00:29:10 GMT
Server: AmazonS3
ETag: "8e95f26f4a7cfbe63405a2627032f1a5"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK c9338079-328f-4236-89f2-a6bb83723b3a Show response
d.pub.network/rfm/cookie/ 3 B
246 B 114ms
112ms XHR
application/json 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/rfm/cookie/c9338079-328f-4236-89f2-a6bb83723b3a
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 8eb95bcbc154530931e15fc418c8b1fe991095671409552099ea1aa596999ede

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 11 Jun 2019 20:25:33 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1 200
OK classification Show response
d.pub.network/ 3 B
246 B 211ms
119ms XHR
application/json 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/classification?siteId=535&pageUrl=https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 8eb95bcbc154530931e15fc418c8b1fe991095671409552099ea1aa596999ede

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 11 Jun 2019 20:25:33 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1560284733423&ns_c=UTF-8&cv=3.1e&c8=Fake%20Cryptocurrency%20Trading%20Site%20Pushes%20Crypto%20Stealing%20Malware&c7=https%3A%2F%...
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1560284733423&ns_c=UTF-8&cv=3.1e&c8=Fake%20Cryptocurrency%20Trading%20Site%20Pushes%20Crypto%20Stealing%20Malware&c7=https%3A%2F...

0
248 B

24ms
23ms

Image
text/plain

23.38.19.203
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1560284733423&ns_c=UTF-8&cv=3.1e&c8=Fake%20Cryptocurrency%20Trading%20Site%20Pushes%20Crypto%20Stealing%20Malware&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&c9=
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.38.19.203 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-38-19-203.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jun 2019 20:25:33 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1560284733423&ns_c=UTF-8&cv=3.1e&c8=Fake%20Cryptocurrency%20Trading%20Site%20Pushes%20Crypto%20Stealing%20Malware&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&c9=
Pragma: no-cache
Date: Tue, 11 Jun 2019 20:25:33 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 t Show response
jadserve.postrelease.com/ 97 B
505 B 126ms
31ms Script
text/javascript 52.19.153.98
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ntv_mvi
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.153.98 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-19-153-98.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 5de79bd33c164a62fe3389aeef0af2f54b82e7f8ba5fd7d0721f8080823babcb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:33 GMT
content-encoding: gzip
server: nginx/1.12.1
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/javascript;charset=UTF-8
content-length: 108
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 54 KB
17 KB 32ms
6ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

76ea9ffb498d4afa3e7499fe8663594985fbe902bab9d01db87e94e976738b4f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
x-fb-debug: WbMiKgKsZSSrMaM98/uM1cJIJAdqjekgDB9ypcrui66nNoSQUutETpuCfuWpRL7/qwxyh5XxNz7ebESKuJrKVA==
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 11 Jun 2019 20:25:33 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
strict-transport-security: max-age=31536000; preload; includeSubDomains
vary: Accept-Encoding
content-length: 16245
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 134240187179576 Show response
connect.facebook.net/signals/config/ 228 KB
60 KB 9ms
6ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/134240187179576?v=2.8.51&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

8d9c3e3cfba892b2954a9c28ec67162355632750aa8b45d55323b04bc29ae61b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 61414
x-xss-protection: 0
pragma: public
x-fb-debug: S3fG5llIAA6Lym6gLx4E805o3kaB/YfsaOTkzji8Mp/F2xCvffl+JSDNWlmpRgR5+DvPi4xTaXgtyIwL+H60FA==
date: Tue, 11 Jun 2019 20:25:33 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 inferredEvents.js Show response
connect.facebook.net/signals/plugins/ 1 KB
1 KB 11ms
10ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.8.51

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 772
x-xss-protection: 0
pragma: public
x-fb-debug: w4O7wThfTTH5B0RBoCBbNWjQl3acM8gK7bG/9/hepwFy1tPjhAwmoySRZD6C3eF2fM7XRTKdWw2b1P1j+r6Jjg==
date: Tue, 11 Jun 2019 20:25:33 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
322 B 31ms
11ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=134240187179576&ev=PageView&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&rl=&if=false&ts=1560284733664&sw=1600&sh=1200&v=2.8.51&r=stable&ec=0&o=30&fbp=fb.1.1560284733660.420655705&it=1560284733564&coo=false&rqm=GET

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:33 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Tue, 11 Jun 2019 20:25:33 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
199 B 31ms
12ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=134240187179576&ev=ViewContent&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&rl=&if=false&ts=1560284733671&cd[freestar]=c9338079-328f-4236-89f2-a6bb83723b3a&cd[client]=392&cd[site]=535&cd[page]=fae8a3e25c2867612d221b4e54edaeda&sw=1600&sh=1200&v=2.8.51&r=stable&ec=1&o=30&fbp=fb.1.1560284733660.420655705&it=1560284733564&coo=false&rqm=GET

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:33 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Tue, 11 Jun 2019 20:25:33 GMT

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/011906051812580/ 21 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0f3994a744491e236025844f348c0733743e532a39a11c4423473893fbc03eca

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 440268
status: 200
date: Thu, 06 Jun 2019 18:07:45 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 7440
x-xss-protection: 0
server: sffe
etag: "5027e182f59aeb55"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Fri, 05 Jun 2020 18:07:45 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011906051812580/ Frame 53F4 280 KB
75 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6d5bb20a6f644c06b9a7cf2df0004977d350f42cb63360f9f4c8592ca924f894

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 4398
status: 200
date: Tue, 11 Jun 2019 19:12:15 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 76830
x-xss-protection: 0
server: sffe
etag: "abb2dcb3bf515f95"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 10 Jun 2020 19:12:15 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 53F4 13 KB
5 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b717725eae0a62b46fc02b2c92318646957000c3bee0330a078939c14ff2b5ae

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 427237
status: 200
date: Thu, 06 Jun 2019 21:44:56 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 4948
x-xss-protection: 0
server: sffe
etag: "489c11a0de47b0f6"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Fri, 05 Jun 2020 21:44:56 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 53F4 141 KB
39 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

294fe28c69dda3f4c652312000db721a01194db9f42f563d0f7a77b3c99cd550

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 117194
status: 200
date: Mon, 10 Jun 2019 11:52:19 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 39479
x-xss-protection: 0
server: sffe
etag: "c5261b7b60d81ae6"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Tue, 09 Jun 2020 11:52:19 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 53F4 4 KB
2 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

18fa18c02f30738bdcee68d9cb87357e98c71c7a837b4a8c7e32de93165b7be8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 437805
status: 200
date: Thu, 06 Jun 2019 18:48:48 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 1470
x-xss-protection: 0
server: sffe
etag: "81973adba31797ab"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Fri, 05 Jun 2020 18:48:48 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 53F4 42 KB
13 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8151acb57bf73884924c192f4d1b5138612fa0b81df99273d330341daaec15ef

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 43808
status: 200
date: Tue, 11 Jun 2019 08:15:25 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 13481
x-xss-protection: 0
server: sffe
etag: "6c5a70affe41ca4d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 10 Jun 2020 08:15:25 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 53F4 4 KB
676 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:817::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

aed1d3e0e8565661020d1758525a829918ad55926910373ed5ad39c3e9b25ca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 11 Jun 2019 20:25:33 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 11 Jun 2019 20:25:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:25:33 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 53F4 4 KB
630 B 26ms
16ms Stylesheet
text/css 2a00:1450:4001:817::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

aed1d3e0e8565661020d1758525a829918ad55926910373ed5ad39c3e9b25ca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 11 Jun 2019 20:25:33 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 11 Jun 2019 20:25:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:25:33 GMT

GET
DATA 200
OK truncated
/ Frame 53F4 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 372d0ec8be18f6beef36c151c2b9817e0e3786ecad79ef3f9500fcc03b996a17

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-33/html/ Frame 592C 0
0 7ms
6ms Document
text/html 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-33/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-33/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 3444
date: Mon, 03 Jun 2019 07:45:52 GMT
expires: Tue, 02 Jun 2020 07:45:52 GMT
last-modified: Tue, 16 Apr 2019 19:37:56 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 736782
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-33/html/ Frame 1649 0
0 8ms
6ms Document
text/html 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-33/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-33/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 3444
date: Mon, 03 Jun 2019 07:45:52 GMT
expires: Tue, 02 Jun 2020 07:45:52 GMT
last-modified: Tue, 16 Apr 2019 19:37:56 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 736782
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011906051812580/ Frame 3ECD 280 KB
75 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6d5bb20a6f644c06b9a7cf2df0004977d350f42cb63360f9f4c8592ca924f894

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 4399
status: 200
date: Tue, 11 Jun 2019 19:12:15 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 76830
x-xss-protection: 0
server: sffe
etag: "abb2dcb3bf515f95"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 10 Jun 2020 19:12:15 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 3ECD 13 KB
5 KB 79ms
0ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b717725eae0a62b46fc02b2c92318646957000c3bee0330a078939c14ff2b5ae

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 427238
status: 200
date: Thu, 06 Jun 2019 21:44:56 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 4948
x-xss-protection: 0
server: sffe
etag: "489c11a0de47b0f6"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Fri, 05 Jun 2020 21:44:56 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 3ECD 141 KB
39 KB 110ms
0ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

294fe28c69dda3f4c652312000db721a01194db9f42f563d0f7a77b3c99cd550

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 117195
status: 200
date: Mon, 10 Jun 2019 11:52:19 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 39479
x-xss-protection: 0
server: sffe
etag: "c5261b7b60d81ae6"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Tue, 09 Jun 2020 11:52:19 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 3ECD 4 KB
2 KB 72ms
0ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

18fa18c02f30738bdcee68d9cb87357e98c71c7a837b4a8c7e32de93165b7be8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 437806
status: 200
date: Thu, 06 Jun 2019 18:48:48 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 1470
x-xss-protection: 0
server: sffe
etag: "81973adba31797ab"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Fri, 05 Jun 2020 18:48:48 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 3ECD 42 KB
13 KB 69ms
0ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8151acb57bf73884924c192f4d1b5138612fa0b81df99273d330341daaec15ef

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 43809
status: 200
date: Tue, 11 Jun 2019 08:15:25 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 13481
x-xss-protection: 0
server: sffe
etag: "6c5a70affe41ca4d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 10 Jun 2020 08:15:25 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3ECD 4 KB
676 B 91ms
0ms Stylesheet
text/css 2a00:1450:4001:817::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

aed1d3e0e8565661020d1758525a829918ad55926910373ed5ad39c3e9b25ca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 11 Jun 2019 20:25:34 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 11 Jun 2019 20:25:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:25:34 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3ECD 4 KB
630 B 91ms
0ms Stylesheet
text/css 2a00:1450:4001:817::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

aed1d3e0e8565661020d1758525a829918ad55926910373ed5ad39c3e9b25ca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 11 Jun 2019 20:25:34 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 11 Jun 2019 20:25:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:25:34 GMT

GET
DATA 200
OK truncated
/ Frame 3ECD 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9feac9b3ef773bc21a21d3392033f76f4d70dae7697662a6fc8a8fa714a24698

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view Show response
securepubads.g.doubleclick.net/pcs/ Frame 4D6F 0
57 B 84ms
37ms Fetch
image/gif 172.217.18.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvqX3r_TuHp_zzGvctypQ5PCKDs0jNOQkLAVIwlwUN7Bzm5ASQz2Lc26EZcjoGPZ6JxlLrZe72hIuBb-ZQNmL4ciMf-BP9d1CKjLbiitxcY51BjyvyJLhwTgUl5jsr6pULHu869ja1lXa_MkwC_FSsNX56ucWpERul8pVNdzgf2vcMPB114FA2hfZXNWEcC3_tOhv0WOpl1gxxO96PrUpD6-5YMOeUaK4CnUvK8rN3_IOyal2lXrZ15gFH_Mvp1zxjsCFgpg6N-zI9vQvkJTqo_0PQy&sig=Cg0ArKJSzN3psmsuGXHcEAE&urlfix=1&adurl=

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 11 Jun 2019 20:25:34 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 0
x-xss-protection: 0

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4D6F 74 KB
28 KB 88ms
44ms Script
text/javascript 2a00:1450:4001:808::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0aa0576748d78432a12ea7ee5e4ff2c6726831ff40a58876b50994621ed0710c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:25:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1560165176110314"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 28182
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:25:34 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011906051812580/ Frame 8EED 280 KB
75 KB 86ms
25ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6d5bb20a6f644c06b9a7cf2df0004977d350f42cb63360f9f4c8592ca924f894

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 4399
status: 200
date: Tue, 11 Jun 2019 19:12:15 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 76830
x-xss-protection: 0
server: sffe
etag: "abb2dcb3bf515f95"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 10 Jun 2020 19:12:15 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 8EED 13 KB
5 KB 136ms
76ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b717725eae0a62b46fc02b2c92318646957000c3bee0330a078939c14ff2b5ae

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 427238
status: 200
date: Thu, 06 Jun 2019 21:44:56 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 4948
x-xss-protection: 0
server: sffe
etag: "489c11a0de47b0f6"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Fri, 05 Jun 2020 21:44:56 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 8EED 141 KB
39 KB 111ms
51ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

294fe28c69dda3f4c652312000db721a01194db9f42f563d0f7a77b3c99cd550

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 117195
status: 200
date: Mon, 10 Jun 2019 11:52:19 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 39479
x-xss-protection: 0
server: sffe
etag: "c5261b7b60d81ae6"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Tue, 09 Jun 2020 11:52:19 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 8EED 4 KB
1 KB 103ms
49ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

18fa18c02f30738bdcee68d9cb87357e98c71c7a837b4a8c7e32de93165b7be8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 437806
status: 200
date: Thu, 06 Jun 2019 18:48:48 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 1470
x-xss-protection: 0
server: sffe
etag: "81973adba31797ab"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Fri, 05 Jun 2020 18:48:48 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 8EED 42 KB
13 KB 98ms
45ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8151acb57bf73884924c192f4d1b5138612fa0b81df99273d330341daaec15ef

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 43809
status: 200
date: Tue, 11 Jun 2019 08:15:25 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 13481
x-xss-protection: 0
server: sffe
etag: "6c5a70affe41ca4d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 10 Jun 2020 08:15:25 GMT

GET
DATA 200
OK truncated
/ Frame 8EED 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60393180edc5e4d377a89831cd53f5ba232f9577f479b5260139e58f02663203

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8405153449358839402/ Frame 53F4 21 KB
21 KB 86ms
0ms Image
image/jpeg 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8405153449358839402/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoI2gMQ-AEYASABLQAAAD8w2gM4-AFFAACAPw&rs=AOga4qnH0Z1-oPmUfnjj2NBJUqVvh9vW3w

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8160a581e7cad4d5485a9b30309aa235f3a00b14ee6e4043a78807dc973fcee8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 12:31:28 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Mar 2019 06:37:04 GMT
server: sffe
age: 719646
content-type: image/jpeg
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 21614
x-xss-protection: 0
expires: Tue, 02 Jun 2020 12:31:28 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13145213001612536042/ Frame 53F4 4 KB
4 KB 51ms
6ms Image
image/jpeg 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13145213001612536042/downsize_200k_v1?sqp=4sqPyQR5QncIABIUDc3MzD4VAAAAQB0AAAAAJQAAAAAYACIKDQAAgD8VAACAPypPCFoQAR0AALRCIAEoATAGOANAgMLXL0gAUABYAGBacAJ4AIABAIgBAJABAJ0BAACAP6ABAKgBALABgK3iBLgB____________AcUBLbKdPg&rs=AOga4ql1i-_pTAk_62Y6ZPENnuZrpi4WTQ

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8407b14392f5fb764b255fd3768c5e6ef651a19e1bd1816f8ca3f121175e531b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 31 May 2019 18:23:33 GMT
x-content-type-options: nosniff
last-modified: Wed, 14 Nov 2018 17:03:47 GMT
server: sffe
age: 957721
content-type: image/jpeg
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 4006
x-xss-protection: 0
expires: Sat, 30 May 2020 18:23:33 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 53F4 0
0 81ms
38ms Image
text/html 172.217.18.98
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C4pf5PQ4AXZ7VFMvj7gO2tYfwBNTyiLNWlvv4t5EJjJ2ExP4OEAEg2tfFOWCV-vCBjAegAcfp-qADyAEGqQJeJQrmqPuyPuACAKgDAcgDCqoEsAJP0DvRSbTIUq1muMLjItq6uKIospoD7DMtTmqc-J0cpdXa62S8R1Q6aCnwV0rl4_Z4TKbIPKDoCAbz_G0dUea0HRoCBDs2SgmDliBnMhcfWPbXXfrRJZQkzOYlTOQzPWI7LCtXPWQQwtGcRKLAmK_qVS8VZLgS_QdjW-kW860RY4FDxO1T8CwLFUhj9r_eqWWblorVK0LsQW2OOulobv5kG9Oo-TdgEslrtbfMyXg2FmNhfZWbrPEGH9GemSNFyPR6qhHhg17AospQF7pOW1etsR_T3wE0cFWGp5Mgh4dtsDLxiCplBE9R3TOCIA4ZzxDag8rNN4HE9XQWlqrzVCFcukbH2rkjylmntIWoFcLBa7LmtId-XluEc81rTce4hQC0NMhS2gQd3_qvyDMx5ZsEwATGp9LT-gHgBAGSBQQIBBgBkgUECAUYBKAGN4AHoZaFX6gHjs4bqAfVyRuoB8HTG6gHgdQbqAeC1BuoB-DTG6gHugaoB9nLG6gHz8wbqAemvhvYBwHyBwQQ2OkW0ggJCIDhgBAQARgN8ggbYWR4LXN1YnN5bi0xNzQyMjQ5NjAzMjg5MDgzgAoD2BMMiBQB&sigh=zexzuj600Gg&template_id=492&tpd=AGWhJmuqSVzgTZdLW1xRQW--i2FXEP4XkD2A9j8Yri-gRXo3AQ
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: zrh04s05-in-f98.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame 53F4 0
0 48ms
18ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR1S2zetTcDDjxG13-Ngi-SplUB-d8u3yWN4rXYdiufQlmrXEFTOboUOcfqJcX0i-l7OWcJz3wZ9mDsWts3lgrbOS8j6g
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 53F4 2 KB
3 KB 28ms
6ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 02:40:59 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 63875
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 2502
x-xss-protection: 0
expires: Wed, 12 Jun 2019 02:40:59 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 53F4 295 B
363 B 18ms
7ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 07:25:30 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 46804
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 295
x-xss-protection: 0
expires: Wed, 12 Jun 2019 07:25:30 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8405153449358839402/ Frame 3ECD 5 KB
5 KB 87ms
13ms Image
image/jpeg 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8405153449358839402/downsize_200k_v1?sqp=4sqPyQSUAUKRAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhgIrAEQWhgBIAEtAAAAPzCsAThaRQAAgD8&rs=AOga4qlBdmpgWzkSLMn34JQ7o5SyDmttmA

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

91725e8f7a4a42743d39c40a9f1b693c8b374ac7554fa307b0d735b37569f5b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 04 Jun 2019 02:05:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Mar 2019 06:37:04 GMT
server: sffe
age: 670802
content-type: image/jpeg
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 5236
x-xss-protection: 0
expires: Wed, 03 Jun 2020 02:05:32 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13145213001612536042/ Frame 3ECD 4 KB
4 KB 34ms
9ms Image
image/jpeg 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8407b14392f5fb764b255fd3768c5e6ef651a19e1bd1816f8ca3f121175e531b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 31 May 2019 18:23:33 GMT
x-content-type-options: nosniff
last-modified: Wed, 14 Nov 2018 17:03:47 GMT
server: sffe
age: 957721
content-type: image/jpeg
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 4006
x-xss-protection: 0
expires: Sat, 30 May 2020 18:23:33 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3ECD 0
0 52ms
33ms Image
text/html 172.217.18.98
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CcZnMPQ4AXYbcFMvj7gO2tYfwBNTyiLNWlvv4t5EJjJ2ExP4OEAEg2tfFOWCV-vCBjAegAcfp-qADyAEGqQJeJQrmqPuyPuACAKgDAcgDCqoEsAJP0Bbd4K9gSA-VBDR6fRjMkGSMYMMwjywwRawq42uy_Aa9n-djdywK9VZDnJYge2gqEYQ_hSusqQ64WuWetLRLllig9Gf5MFjuSY4T2aoY3C-csBhqKQmlu0nf8f3_ttMvX8cNsaFHp7Oe7CUAiUdzp4Nye_ZNFnNIJf9kfT9Nnyjtza6NJbLd7BjTDrJLKptR5D60hGWmttrK-xw_wmLXkU5aZVxuPQjSocM0s0Cb2rScYgdACyKn0zh246lbu7fMM9tXrWWtT1T2e2p9TT57q5z2YMtMguFRI3nihR5wY87i_JdYT2ya5alPPVIiSer0dDFBwxTCb0ajx1OsJ2YnKPSHNXNbhmya8e7xNrPhv3g4PCT_fg2y6kqQiN9f3q-vMEbgO3XipgkQNcfHrkqKwATGp9LT-gHgBAGSBQQIBBgBkgUECAUYBKAGN4AHoZaFX6gHjs4bqAfVyRuoB8HTG6gHgdQbqAeC1BuoB-DTG6gHugaoB9nLG6gHz8wbqAemvhvYBwHyBwQQ3JUN0ggJCIDhgBAQARgN8ggbYWR4LXN1YnN5bi0xNzQyMjQ5NjAzMjg5MDgzgAoD2BMMiBQB&sigh=tHQNv6ACVjs&template_id=492&tpd=AGWhJmvkXZP8KH5UYwLHeNFUYIVgweDNFmwJWx07gZkfndfnTA
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: zrh04s05-in-f98.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3ECD 0
0 38ms
29ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTs0nO8GJjJvsDYSKWbCH1dqrEL-1ycFzW3OZrXaxO9hA4Dzdd8Ls03iEcOhpR-XLpHSXWMnKG0UAZvJFXTndwcGfc0IA
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3ECD 2 KB
3 KB 19ms
12ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 02:40:59 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 63875
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 2502
x-xss-protection: 0
expires: Wed, 12 Jun 2019 02:40:59 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3ECD 295 B
363 B 14ms
7ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 07:25:30 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 46804
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 295
x-xss-protection: 0
expires: Wed, 12 Jun 2019 07:25:30 GMT

GET
H2 200 12315454941091187839
tpc.googlesyndication.com/simgad/ Frame 8EED 40 KB
41 KB 69ms
0ms Image
image/jpeg 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12315454941091187839?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmf5cxyD4zqSxZw5IYcse1CXVxEeA

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ad50142ef64cd10e3ca3d0df56c7ff80801927e8cd975dfb043f89c9740ec52e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 04 Jun 2019 00:25:05 GMT
x-content-type-options: nosniff
last-modified: Fri, 17 Nov 2017 18:02:16 GMT
server: sffe
age: 676829
content-type: image/jpeg
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 41442
x-xss-protection: 0
expires: Wed, 03 Jun 2020 00:25:05 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8EED 2 KB
3 KB 59ms
0ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 02:40:59 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 63875
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 2502
x-xss-protection: 0
expires: Wed, 12 Jun 2019 02:40:59 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8EED 295 B
409 B 60ms
0ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 07:25:30 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 46804
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 295
x-xss-protection: 0
expires: Wed, 12 Jun 2019 07:25:30 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 8EED 0
0 21ms
15ms Image
text/html 2a00:1450:4001:81c::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTb4faMS0DOPwrp9V5tPyhDvj1xv9VXa0Ym749uXKoCzyHIJLWa00a79iucCDTC8nzE6F6iHeY1jlOBIW0yBci41WjiEg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2

200

B21456284.229002654;dc_pre=CICFscuh4uICFUhB4AodjsIBGQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=1258258729;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/ Frame 8EED
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=1258258729;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_pre=CICFscuh4uICFUhB4AodjsIBGQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=1258258729;dc_lat=;dc_rdid=;tag...

42 B
120 B

37ms
36ms

Image
image/gif

172.217.21.198
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_pre=CICFscuh4uICFUhB4AodjsIBGQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=1258258729;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.198 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s12-in-f198.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:35 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_pre=CICFscuh4uICFUhB4AodjsIBGQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=1258258729;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8EED 0
0 26ms
24ms Image
text/html 172.217.18.98
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CyoNuPQ4AXa7eFMvj7gO2tYfwBM__w_pWrvjM-9oHt6ae9MwBEAEgx4P8AWCV-vCBjAegAe_1jtsDyAEC4AIAqAMByAMIqgSqAk_Q4ITVF5hjSb9v7NdRFRt51WHstBTY-ILOpd0UQncL0ThqckIiZlgepym8AApz6NEP0iAbVDU7L7_BmBEsU6cc-WeBZ9wGhQg6YOy-5UGNWkyeqGMd6fCitZizaCbc-XZY2lEvd9w_FcKR20ieyfwRijVP188KxIEcotBmzmIJkfl2o9dYqKXiVGj5xK7ksUF9wqOBZstXunZcBLQ6B1IRb7vpjWtcAtR9tyJP0R0pZ8ezAi58BJdp57ppdE2pJWjZxpf_EHkU8nPUjHamJXdWrEx470XEZHqevyuBEsdxApYYNS_HwdUfBWAWukk6b0bMeLTq4w62PFc6zmOiroCanLJUBjz3Ncj8EWHXLrkcIWbhu9Y3XkEQH6MsI6JJ9wU9rOCwM7eDXBbABLyY9sGCAeAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAeetpspqAeOzhuoB9XJG6gHwdMbqAeB1BuoB4LUG6gH4NMbqAe6BqgH2csbqAfPzBuoB6a-G9gHAfIHBBC4sVTSCAkIgOGAEBABGA2ACgHYEww&sigh=fvaHaK8wt_o&tpd=AGWhJmsN1Ylo-Neqvb8-82O5d65tu2Hrra0ektPLFhjYOCIubQ
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: zrh04s05-in-f98.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
269 B 142ms
129ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 05d2034f4da0434abcfb8a5f44f73b33a2a5d5df7c3777b8e82ed935ee3deca6

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 11 Jun 2019 20:25:34 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin
Content-Type: text/plain;charset=utf-8

POST
H2 200 /
www.facebook.com/tr/ Frame 72DA 0
0 37ms
6ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 5087
pragma: no-cache
cache-control: no-cache
origin: https://www.bleepingcomputer.com
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
cookie: fr=0GsJUYHmQJSu2oW49..BdAA49...1.0.BdAA49.
Origin: https://www.bleepingcomputer.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
content-type: text/plain
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 0
server: proxygen-bolt
date: Tue, 11 Jun 2019 20:25:34 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v19/ Frame 53F4 11 KB
11 KB 37ms
17ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 04:36:10 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:13:33 GMT
server: sffe
age: 834564
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Mon, 01 Jun 2020 04:36:10 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ Frame 53F4 11 KB
11 KB 32ms
14ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 07:50:18 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:12:38 GMT
server: sffe
age: 822916
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Mon, 01 Jun 2020 07:50:18 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v19/ Frame 3ECD 11 KB
11 KB 26ms
7ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 04:36:10 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:13:33 GMT
server: sffe
age: 834564
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Mon, 01 Jun 2020 04:36:10 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ Frame 3ECD 11 KB
11 KB 24ms
6ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 07:50:18 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:12:38 GMT
server: sffe
age: 822916
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Mon, 01 Jun 2020 07:50:18 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 57 KB
11 KB 398ms
398ms XHR
text/javascript 172.217.18.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

aeacee1fd26655f1f9030cf34d565aef8432e453b6e839ed49a6934a066cbdcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 11 Jun 2019 20:25:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 11631
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-UeXruRVtZz7w6.js Show response
rules.quantcount.com/ 2 KB
1 KB 93ms
6ms Script
application/x-javascript 2600:9000:20bb:9000:6:44e3:f8c0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:9000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 20:04:19 GMT
content-encoding: gzip
last-modified: Thu, 07 Dec 2017 17:06:25 GMT
server: AmazonS3
age: 2016
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA56
x-amz-cf-id: q1MFdTQ9Slbw5-o4A8C8BRDhB7w9slujthBVyaUFueBU8i7cM2E_Uw==
via: 1.1 2fe707f3cc1dc569687bcdf81697e284.cloudfront.net (CloudFront)

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 53F4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

42ms
41ms

Image
text/html

2a00:1450:4001:818::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Jun 2019 20:25:35 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 246
x-xss-protection: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
269 B 117ms
116ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 05d2034f4da0434abcfb8a5f44f73b33a2a5d5df7c3777b8e82ed935ee3deca6

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 11 Jun 2019 20:25:35 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin
Content-Type: text/plain;charset=utf-8

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011906051812580/ Frame 602A 280 KB
75 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6d5bb20a6f644c06b9a7cf2df0004977d350f42cb63360f9f4c8592ca924f894

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 4400
status: 200
date: Tue, 11 Jun 2019 19:12:15 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 76830
x-xss-protection: 0
server: sffe
etag: "abb2dcb3bf515f95"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 10 Jun 2020 19:12:15 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 602A 13 KB
5 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b717725eae0a62b46fc02b2c92318646957000c3bee0330a078939c14ff2b5ae

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 427239
status: 200
date: Thu, 06 Jun 2019 21:44:56 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 4948
x-xss-protection: 0
server: sffe
etag: "489c11a0de47b0f6"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Fri, 05 Jun 2020 21:44:56 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 602A 141 KB
39 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

294fe28c69dda3f4c652312000db721a01194db9f42f563d0f7a77b3c99cd550

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 117196
status: 200
date: Mon, 10 Jun 2019 11:52:19 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 39479
x-xss-protection: 0
server: sffe
etag: "c5261b7b60d81ae6"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Tue, 09 Jun 2020 11:52:19 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 602A 4 KB
2 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

18fa18c02f30738bdcee68d9cb87357e98c71c7a837b4a8c7e32de93165b7be8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 437807
status: 200
date: Thu, 06 Jun 2019 18:48:48 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 1470
x-xss-protection: 0
server: sffe
etag: "81973adba31797ab"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Fri, 05 Jun 2020 18:48:48 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011906051812580/v0/ Frame 602A 42 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81f::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906051812580/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8151acb57bf73884924c192f4d1b5138612fa0b81df99273d330341daaec15ef

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 43810
status: 200
date: Tue, 11 Jun 2019 08:15:25 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 13481
x-xss-protection: 0
server: sffe
etag: "6c5a70affe41ca4d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 10 Jun 2020 08:15:25 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 602A 7 KB
724 B 21ms
15ms Stylesheet
text/css 2a00:1450:4001:817::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

2450e4fd2687e1fe032d4931d6b21a25ef94c80b5bf6baa2ca6e903c861e72da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 11 Jun 2019 20:25:35 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 11 Jun 2019 20:25:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Tue, 11 Jun 2019 20:25:35 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 602A 2 KB
3 KB 11ms
8ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 02:40:59 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 63876
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 2502
x-xss-protection: 0
expires: Wed, 12 Jun 2019 02:40:59 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 602A 295 B
368 B 8ms
7ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019053001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 11 Jun 2019 07:25:30 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 46805
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 295
x-xss-protection: 0
expires: Wed, 12 Jun 2019 07:25:30 GMT

GET
DATA 200
OK truncated
/ Frame 602A 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 332cf4cc53a61ad450078c01772f57190764a785f76329649d3e68d756b43fc2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 602A 0
0 21ms
21ms Image
text/html 172.217.18.98
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CJIFmPg4AXa6ZMIrYgAek7bHAA-af6PxWnpbhnIsJ6I7IgtwIEAEg2tfFOWCV-vCBjAegAZf9hZADyAEB4AIAqAMByAMKqgSqAk_QdFmoIV_phzrMzhIpw9EzcsKGGW7Q2zGpnFrCURD-JfUmZwJyjNibnTRa2Y54YaW8JJJ0WXY3mi8MbLZJuwOsHR-dynarxiAV6TBGslFeg6OMTBgmuU4hQYVSOsqoncv4gMn0WTYpGkPjOkZTEYVsmmq4gpgwZLQqYizUHBbQ3l23aziLUSYTI6898hTS_DxF-mjoX0GoHF0EY-gHcuH0EvJfrgzjZFV7iINEnLyo5o8lofvsimusT2w5hP8X0WY8L0_het0lAw7yGJZ60fpBYISzn87vH67dVgcnYywA2RLZvMBIiatK53UTmdc-3TL2XRd0omBjksp11pwHBInML15MyhrED7bG5nIsia0cepSkv2K82OToDOEskrK5iU12aRh93IwyXnbABODal5uVAuAEAZIFBAgEGAGSBQQIBRgEgAfRgvpvqAeOzhuoB9XJG6gHwdMbqAeB1BuoB4LUG6gH4NMbqAe6BqgH2csbqAfPzBuoB6a-G9gHAfIHBBCljFfSCAkIgOGAEBABGA3yCBthZHgtc3Vic3luLTE3NDIyNDk2MDMyODkwODOACgPYEwI&sigh=APLlLZG8DdQ&tpd=AGWhJmsNWupaLvt4FdJchJGlrAftfBD4HVrR5uf8MylE-iET4A
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: zrh04s05-in-f98.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 3ECD
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

40ms
39ms

Image
text/html

2a00:1450:4001:818::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Jun 2019 20:25:35 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 246
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 8EED
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

46ms
45ms

Image
text/html

2a00:1450:4001:818::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Jun 2019 20:25:35 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 246
x-xss-protection: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
269 B 148ms
148ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 05d2034f4da0434abcfb8a5f44f73b33a2a5d5df7c3777b8e82ed935ee3deca6

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 11 Jun 2019 20:25:35 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin
Content-Type: text/plain;charset=utf-8

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ Frame 602A 11 KB
11 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 07:50:18 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:12:38 GMT
server: sffe
age: 822917
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Mon, 01 Jun 2020 07:50:18 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v19/ Frame 602A 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 04:36:10 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:13:33 GMT
server: sffe
age: 834565
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Mon, 01 Jun 2020 04:36:10 GMT

GET
H/1.1 200
OK Cookie set checksync.php
hbx.media.net/ Frame 2EEB 0
0 71ms
61ms Document
text/html 23.58.216.132
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://hbx.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C10000&https=1&gdpr=1&gdprconsent=2
Requested by: Host: hbx.media.net
URL: https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=www.bleepingcomputer.com&version=&https=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.58.216.132 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-58-216-132.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: hbx.media.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Accept-Encoding: gzip, deflate, br
Cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

Server: Apache
Content-Type: text/html; charset=UTF-8
Set-Cookie: gdpr_status=1; Expires=Fri, 13 Dec 2019 20:25:35 GMT; domain=.media.net; Path=/; visitor-id=2032863354336603000V10; Expires=Wed, 10 Jun 2020 20:25:35 GMT; domain=.media.net; Path=/;
X-MNET-HL2: E
P3P: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=28513
Expires: Wed, 12 Jun 2019 04:20:48 GMT
Date: Tue, 11 Jun 2019 20:25:35 GMT
Content-Length: 6509
Connection: keep-alive

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 602A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

40ms
39ms

Image
text/html

2a00:1450:4001:818::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Jun 2019 20:25:36 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 246
x-xss-protection: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
448 B 113ms
113ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 527bd943ccc9735f30f6d3215ad19a65f86e000e67ae2e3150d0d678a2aa8e28

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 11 Jun 2019 20:25:36 GMT
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 36
Vary: Origin
Content-Type: text/plain;charset=utf-8

POST
H2 200 r Show response
amp-error-reporting.appspot.com/ Frame 3ECD 2 B
64 B 115ms
114ms XHR
text/plain 2a00:1450:4001:81d::2014
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://amp-error-reporting.appspot.com/r
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81d::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 11 Jun 2019 20:25:36 GMT
via: 1.1 google
x-powered-by: Express
status: 200
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 2

POST
H2 200 r Show response
amp-error-reporting.appspot.com/ Frame 53F4 2 B
64 B 120ms
117ms XHR
text/plain 2a00:1450:4001:81d::2014
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://amp-error-reporting.appspot.com/r
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81d::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 11 Jun 2019 20:25:36 GMT
via: 1.1 google
x-powered-by: Express
status: 200
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 2

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
269 B 113ms
113ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 527bd943ccc9735f30f6d3215ad19a65f86e000e67ae2e3150d0d678a2aa8e28

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 11 Jun 2019 20:25:36 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin
Content-Type: text/plain;charset=utf-8

POST
H2 200 r Show response
amp-error-reporting.appspot.com/ Frame 8EED 2 B
64 B 114ms
114ms XHR
text/plain 2a00:1450:4001:81d::2014
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://amp-error-reporting.appspot.com/r
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81d::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 11 Jun 2019 20:25:36 GMT
via: 1.1 google
x-powered-by: Express
status: 200
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 2

POST
H2 200 r Show response
amp-error-reporting.appspot.com/ Frame 602A 2 B
64 B 118ms
117ms XHR
text/plain 2a00:1450:4001:81d::2014
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://amp-error-reporting.appspot.com/r
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81d::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 11 Jun 2019 20:25:36 GMT
via: 1.1 google
x-powered-by: Express
status: 200
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 2

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 602A 42 B
110 B 24ms
23ms Image
image/gif 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsupeOGhT-8KU03nnQQ7sUR64-Jw8cMiqT8ftM1lMZhCttVBmHoGwPl0lmcYtpwYDCMJCsbyZxOPNQQjPUNwixH67sTb1Z74Oi-giDbCRAKaR1NVEzmcuYQHQ8wafUYA8vFRIMKyT5_sd-Jp&sai=AMfl-YR9krdR6ek1QJKfFmly6reVrGc2nsT495UR1XauPPMmo9fxXLTjSCLi2IWNIzH2si7CTxu0vu96zoLuqIMOaub7DuyRsSEw374__SXqACw3WIWubhKldtc5kVs&sig=Cg0ArKJSzMdXlIhU-Pq8EAE&cid=CAASF-Ro-a-Ik1Z7Xxc6kMfTzaoiIXzDI0nG&id=ampim&o=436,1110&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=142&tls=1143&g=100&h=100&pt=632&tt=1143&rpt=632&rst=1560284735476&r=v&adk=3056404191&avms=ampa

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:37 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 572 B
763 B 281ms
22ms XHR
application/json 2a02:fa8:8806:16::1460
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:fa8:8806:16::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: fdda66647c92007f8188edf8194649d1ac5c00c6d7efe6e46d3b93d8ef742d99

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
server: nginx
status: 200
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache
access-control-allow-credentials: true
content-length: 572
expires: 0

OPTIONS v1
dmx.districtm.io/b/ 0
0

GET v1
btlr.sharethrough.com/header-bid/ 0
0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 839 B
1 KB 213ms
34ms XHR
application/json 185.33.223.215
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.215 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

315.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

433afb04589ca4f7185983183076a8785792078ab46074b0a6355512af477148

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 11 Jun 2019 20:25:42 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 83.143.245.70; 83.143.245.70; 315.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.48:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 63495913-a18d-44bb-a690-7681ec5ddc94
Server: nginx/1.13.4
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET arj
freestar-d.openx.net/w/1.0/ 0
0

POST auction
tlx.3lift.com/header/ 0
0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 55 B
481 B 345ms
71ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 55 B
481 B 342ms
68ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 55 B
481 B 347ms
74ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 55 B
481 B 271ms
51ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 101 B
523 B 263ms
48ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a6d903a283ccb28c4cafe99a305d2f52a1e5bfd6cfa1f0fef762715cc4af2246

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 55 B
481 B 267ms
67ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 101 B
522 B 237ms
37ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 310381c98ca870b08b8918013e6ff615083ac3ca3d2ceef0d378d845cf177789

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 55 B
481 B 252ms
52ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 55 B
481 B 310ms
111ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 101 B
524 B 246ms
47ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f55be6f759123f4146f60c9b42205dbbce4eb83b249c5bb1270494819e7e859c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 55 B
481 B 361ms
163ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 55 B
481 B 287ms
89ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 55 B
481 B 327ms
129ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

POST
H2 200 v2 Show response
i.connectad.io/api/ 234 B
715 B 604ms
497ms XHR
application/json 2606:4700:10::6814:8428
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://i.connectad.io/api/v2
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:8428 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0bab6d17d3072a8de2ede4c8785ed04a4bca50d56dae487eee458f8cd9c9e551

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 11 Jun 2019 20:25:40 GMT
content-encoding: gzip
content-type: application/json
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 4e5650ca896cd6b9-FRA
alt-svc: clear
via: 1.1 google

POST
H/1.1 200
OK prebid_display Show response
display.bfmio.com/ 136 B
570 B 667ms
105ms XHR
text/plain 3.82.30.32
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://display.bfmio.com/prebid_display

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.82.30.32 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-3-82-30-32.compute-1.amazonaws.com

Software

Resource Hash

72b034089870c9f927f1eb9b4eff9de3f21960488e8093ffc818a725e310fa38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding, User-Agent
Content-Type: text/plain;charset=iso-8859-1
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Expose-Headers: location
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 144

POST
H/1.1 200
OK HeaderBiddingService Show response
ssp.pub.network/ssp-server/ 3 KB
3 KB 200ms
154ms XHR
text/plain 35.202.179.74
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.pub.network/ssp-server/HeaderBiddingService
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.202.179.74 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 74.179.202.35.bc.googleusercontent.com
Software: Apache-Coyote/1.1 /
Resource Hash: b359f8b5b20dfbcb8631a5bf1ac1f48a2fba756117e791347b7b87e4b1867fb0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 11 Jun 2019 20:25:39 GMT
Server: Apache-Coyote/1.1
Vary: Origin
Access-Control-Allow-Methods: POST
Content-Type: Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Transfer-Encoding: chunked
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type

POST /
hb.emxdgt.com/ 0
0

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

POST hb
ssc.33across.com/api/v1/ 0
0

OPTIONS v1
dmx.districtm.io/b/ 0
0

POST prebid_display
display.bfmio.com/ 0
0

POST prebid
ib.adnxs.com/ut/v3/ 0
0

GET arj
freestar-d.openx.net/w/1.0/ 0
0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 55 B
358 B 103ms
101ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:41 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 55 B
358 B 61ms
59ms XHR
application/json 99.80.164.175
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-80-164-175.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:41 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

POST
H2 200 v2 Show response
i.connectad.io/api/ 96 B
446 B 358ms
343ms XHR
application/json 2606:4700:10::6814:8428
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://i.connectad.io/api/v2
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:8428 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eb69a34590efb468075baccd5a51da6258c2b15ec00fbc03206e74495c2f1c8

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 11 Jun 2019 20:25:41 GMT
content-encoding: gzip
content-type: application/json
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 4e5650d179b397cc-FRA
alt-svc: clear
via: 1.1 google

POST hb
ssc.33across.com/api/v1/ 0
0

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

POST
H2 200 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 194 B
385 B 69ms
25ms XHR
application/json 2a02:fa8:8806:16::1460
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:fa8:8806:16::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: 24712d1a48bb468bb087dc52364af6a8f2c689f808391b5bddc19ed26bce67e2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2019 20:25:41 GMT
server: nginx
status: 200
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache
access-control-allow-credentials: true
content-length: 194
expires: 0

POST HeaderBiddingService
ssp.pub.network/ssp-server/ 0
0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
448 B 1591ms
113ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 5ccea30bf9bf94721da8c1b277822949064eea2b280de79ec27877fb5aba3af7

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 11 Jun 2019 20:25:45 GMT
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 36
Vary: Origin
Content-Type: text/plain;charset=utf-8

GET
H2 200 v2
de.tynt.com/deb/ Frame 3F6C 0
0 408ms
121ms Document
text/html 208.100.17.190
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=bBb-SI6fGr6iocaKkv7mNO
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.190 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS: ip190.208-100-17.static.steadfastdns.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=bBb-SI6fGr6iocaKkv7mNO
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
cache-control: max-age=86400
expires: Wed, 12 Jun 2019 20:25:47 GMT
content-type: text/html
content-length: 75
date: Tue, 11 Jun 2019 20:25:47 GMT
p3p: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA

GET sync_iframe
sync.bfmio.com/ Frame DC2A 0
0

GET sync_iframe
sync.bfmio.com/ Frame 88B1 0
0

GET
H2 200 connectmyusers.php
cdn.connectad.io/ Frame 40A4 0
0 32ms
18ms Document
text/html 2606:4700:10::6814:8428
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connectad.io/connectmyusers.php
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:8428 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.connectad.io
:scheme: https
:path: /connectmyusers.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
date: Tue, 11 Jun 2019 20:25:47 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dbdbff5c62069f9416a809b36de8981f31560284747; expires=Wed, 10-Jun-20 20:25:47 GMT; path=/; domain=.connectad.io; HttpOnly
cf-cache-status: HIT
expires: Wed, 12 Jun 2019 04:25:47 GMT
cache-control: public, max-age=28800
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 4e5650f6188f97cc-FRA
content-encoding: gzip

GET sync
ib.3lift.com/ Frame D2FB 0
0

GET
H2 200 v2
de.tynt.com/deb/ Frame 40AF 0
0 355ms
119ms Document
text/html 208.100.17.190
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=ddRMkSZxSr6lrlaKkv7mNO
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.190 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS: ip190.208-100-17.static.steadfastdns.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=ddRMkSZxSr6lrlaKkv7mNO
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
cache-control: max-age=86400
expires: Wed, 12 Jun 2019 20:25:47 GMT
content-type: text/html
content-length: 75
date: Tue, 11 Jun 2019 20:25:47 GMT
p3p: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA

GET
H2 200 v2
de.tynt.com/deb/ Frame 2819 0
0 325ms
115ms Document
text/html 208.100.17.190
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=ddRMkSZxSr6lrlaKkv7mNO
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.190 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS: ip190.208-100-17.static.steadfastdns.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=ddRMkSZxSr6lrlaKkv7mNO
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
cache-control: max-age=86400
expires: Wed, 12 Jun 2019 20:25:47 GMT
content-type: text/html
content-length: 75
date: Tue, 11 Jun 2019 20:25:46 GMT
p3p: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 929D 0
0 116ms
30ms Document
text/html 104.111.230.142
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 30 May 2019 17:53:28 GMT
Content-Encoding: gzip
Content-Length: 7540
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=26060
Expires: Wed, 12 Jun 2019 03:40:07 GMT
Date: Tue, 11 Jun 2019 20:25:47 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

pd
u.openx.net/w/1.0/ Frame A206
Redirect Chain

https://u.openx.net/w/1.0/pd
https://u.openx.net/w/1.0/pd?cc=1

0
0

27ms
26ms

Document
text/html

173.241.240.143
OPENX TECHNOLOGIES

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?cc=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.241.240.143 Amsterdam, Netherlands, ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US),
Reverse DNS: ox-173-241-240-143.xa.dc.openx.org
Software: OXGW/16.146.0 /
Resource Hash

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
cookie: i=5f332770-3024-46e4-9d17-7c01f8f03ba3|1560284747
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
vary: Accept
set-cookie: i=5f332770-3024-46e4-9d17-7c01f8f03ba3|1560284747; Version=1; Expires=Wed, 10-Jun-2020 20:25:47 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1560284747|mOgikimWiygu; Version=1; Expires=Wed, 26-Jun-2019 20:25:47 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server: OXGW/16.146.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 11 Jun 2019 20:25:47 GMT
content-type: text/html
content-encoding: gzip

Redirect headers

status: 302
set-cookie: i=8ff60f10-daa2-40e3-8c8f-de1c4a7170f5|1560284747; Version=1; Expires=Wed, 10-Jun-2020 20:25:47 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server: OXGW/16.146.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u.openx.net/w/1.0/pd?cc=1
date: Tue, 11 Jun 2019 20:25:47 GMT
content-length: 0

GET async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 26BD 0
0

GET
H/1.1 200
OK Cookie set check.html
biddr.brealtime.com/ Frame F4A9 0
0 9601ms
33ms Document
text/html 104.17.119.107
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.119.107 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Host: biddr.brealtime.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

Date: Tue, 11 Jun 2019 20:25:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d1a3fba9a0c6819a78e950db93c7a52eb1560284756; expires=Wed, 10-Jun-20 20:25:56 GMT; path=/; domain=.brealtime.com; HttpOnly
x-amz-id-2: n+uJR7+xlS8fQ4Mye3FgAG3bPIxtd8crLsAEm+yKDeLvaF6cjRYgsBxgY/NzINKPkksQOkN2uNg=
x-amz-request-id: 69A78BC281D16B53
x-amz-meta-origin-date-iso8601: 2019-05-30T19:14:20.000Z
Last-Modified: Thu, 30 May 2019 19:21:30 GMT
CF-Cache-Status: HIT
Expires: Tue, 11 Jun 2019 20:26:56 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4e565132bc6ace7b-LHR
Content-Encoding: gzip

GET async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame D554 0
0

GET
H2 200 connectmyusers.php
cdn.connectad.io/ Frame 608F 0
0 45ms
44ms Document
text/html 2606:4700:10::6814:8428
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connectad.io/connectmyusers.php
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:8428 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.connectad.io
:scheme: https
:path: /connectmyusers.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
cookie: __cfduid=dbdbff5c62069f9416a809b36de8981f31560284747
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
date: Tue, 11 Jun 2019 20:25:47 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: HIT
expires: Wed, 12 Jun 2019 04:25:47 GMT
cache-control: public, max-age=28800
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 4e5650f6ea3597cc-FRA
content-encoding: gzip

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 6B5E 0
0 169ms
102ms Document
text/html 2606:4700::6812:1aef
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1aef , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
date: Tue, 11 Jun 2019 20:25:47 GMT
content-type: text/html
set-cookie: __cfduid=dbdef31261fb5624ac0de21fa37b96ca91560284747; expires=Wed, 10-Jun-20 20:25:47 GMT; path=/; domain=.districtm.io; HttpOnly
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
cache-control: s-maxage=1209600, max-age=14400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4e5650f75bdb96f8-FRA
content-encoding: br

GET
H2 200 v2
de.tynt.com/deb/ Frame 9FAA 0
0 210ms
116ms Document
text/html 208.100.17.190
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=bBb-SI6fGr6iocaKkv7mNO
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.190 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS: ip190.208-100-17.static.steadfastdns.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=bBb-SI6fGr6iocaKkv7mNO
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
cache-control: max-age=86400
expires: Wed, 12 Jun 2019 20:25:47 GMT
content-type: text/html
content-length: 75
date: Tue, 11 Jun 2019 20:25:47 GMT
p3p: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 5F2E 0
0 125ms
99ms Document
text/html 2606:4700::6812:1aef
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1aef , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
date: Tue, 11 Jun 2019 20:25:47 GMT
content-type: text/html
set-cookie: __cfduid=dbdef31261fb5624ac0de21fa37b96ca91560284747; expires=Wed, 10-Jun-20 20:25:47 GMT; path=/; domain=.districtm.io; HttpOnly
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
cache-control: s-maxage=1209600, max-age=14400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4e5650f75bdc96f8-FRA
content-encoding: br

GET
H2

200

pd
u.openx.net/w/1.0/ Frame 5B8F
Redirect Chain

https://u.openx.net/w/1.0/pd
https://u.openx.net/w/1.0/pd?cc=1

0
0

29ms
28ms

Document
text/html

173.241.240.143
OPENX TECHNOLOGIES

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?cc=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.241.240.143 Amsterdam, Netherlands, ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US),
Reverse DNS: ox-173-241-240-143.xa.dc.openx.org
Software: OXGW/16.146.0 /
Resource Hash

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
accept-encoding: gzip, deflate, br
cookie: i=5f332770-3024-46e4-9d17-7c01f8f03ba3|1560284747
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/

Response headers

status: 200
vary: Accept
set-cookie: i=5f332770-3024-46e4-9d17-7c01f8f03ba3|1560284747; Version=1; Expires=Wed, 10-Jun-2020 20:25:47 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1560284747|mOgikimWiygu; Version=1; Expires=Wed, 26-Jun-2019 20:25:47 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server: OXGW/16.146.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 11 Jun 2019 20:25:47 GMT
content-type: text/html
content-encoding: gzip

Redirect headers

status: 302
set-cookie: i=5f332770-3024-46e4-9d17-7c01f8f03ba3|1560284747; Version=1; Expires=Wed, 10-Jun-2020 20:25:47 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server: OXGW/16.146.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u.openx.net/w/1.0/pd?cc=1
date: Tue, 11 Jun 2019 20:25:47 GMT
content-length: 0

GET
H/1.1

200
OK

1x1.gif
s3.amazonaws.com/brt-appnexus-cookie-sync/
Redirect Chain

https://edba.brealtime.com/
https://s3.amazonaws.com/brt-appnexus-cookie-sync/1x1.gif

42 B
397 B

4148ms
843ms

Image
image/gif

52.216.107.62
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/brt-appnexus-cookie-sync/1x1.gif
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.107.62 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 11 Jun 2019 20:25:53 GMT
Last-Modified: Fri, 10 Nov 2017 21:53:47 GMT
Server: AmazonS3
x-amz-request-id: 80710B15A7705D47
ETag: "d89746888da2d9510b64a9f031eaecd5"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 42
x-amz-id-2: lXPbbVdmkl/Rjtln8OO6Do752DW6+PjFhuirT0jKkm9FC6diQ71sgJr1kPe5yMjgg2BEy9Ly7Ts=

Redirect headers

Date: Tue, 11 Jun 2019 20:25:48 GMT
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Location: https://s3.amazonaws.com/brt-appnexus-cookie-sync/1x1.gif
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 4e5650fdbb47360c-LHR
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: core.connatix.com
URL: https://core.connatix.com/pls?callback=jQuery3210509171880280231_1560284731098&token=83c6e833-8c07-474c-b10f-079d46320a80&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&c_v=1510_0_0_0_0&page_guid=dc5a0b82f179152f79b11560284731662&spp=1&_=1560284731099

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/safeframe/1-0-33/html/container.html

Domain: dmx.districtm.io
URL: https://dmx.districtm.io/b/v1

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=183ab185254b76b&placement_key=GrVComq83JzCSLK1pi9waoyR&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=1948b0c5d6f7502&placement_key=wDH8n844o8J5LF7qDwHQ7sj5&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=205e4b4a5894677&placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=219068cf0d2697d&placement_key=GrVComq83JzCSLK1pi9waoyR&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=222db5dbc72c734&placement_key=wDH8n844o8J5LF7qDwHQ7sj5&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=23c92e08e9e6858&placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=24583e4f794bdc5&placement_key=DSthphoQqH66AkQXPDoXn74b&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=254260a9a6e14d5&placement_key=Y2PwNBba8FyKXESSc72DFF25&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=2638d50e4517cb4&placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=27a23a15b11f1e&placement_key=DSthphoQqH66AkQXPDoXn74b&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=28a06814750e85b&placement_key=Y2PwNBba8FyKXESSc72DFF25&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=296ae1bed1677c2&placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=30be1c8d277676d&placement_key=GrVComq83JzCSLK1pi9waoyR&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=31bd5eda0557c3d&placement_key=Ggh1aXSgpQAvBpkxoyAsBJPd&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=323d7e7c7c7855a&placement_key=DSthphoQqH66AkQXPDoXn74b&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=332bd0fb57e03a6&placement_key=Y2PwNBba8FyKXESSc72DFF25&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=34ad6bf9778aea&placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: freestar-d.openx.net
URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_2.1.5&dddid=ca6b1a72-dddf-4ef0-baa1-f1ce8225d308%2C6ff7333f-46e1-4d44-8c4f-dc6bc5be357b%2Cdfe0980d-5d36-45b6-bc6f-d77b4b5b40a9%2C343c9494-c3bc-4b03-845f-fd12916832e5%2C62ba33bd-158b-471d-b4e3-61b58b14a4d5%2C1fd1e5da-eabf-419e-9ed7-10ebcbca4047%2C27c6a616-0dcf-4fb2-88cf-cb133466d802&nocache=1560284739995&x_gdpr_f=1&pubcid=0f574598-93d0-4527-b512-7c53ce5bf87c&aus=728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C300x250%2C300x600%7C300x250%2C300x600%7C728x90%7C300x250%2C300x600%7C728x90%2C970x90&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3%2Cbleepingcomputer_970x90_728x90_320x50_sticky&auid=539181725%2C539181725%2C539181725%2C539181725%2C539181725%2C539181725%2C539181725&

Domain: tlx.3lift.com
URL: https://tlx.3lift.com/header/auction?lib=prebid&v=1.32.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&tmax=1200

Domain: hb.emxdgt.com
URL: https://hb.emxdgt.com/?t=1200&ts=1560284740120

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=ca6b1a72-dddf-4ef0-baa1-f1ce8225d308&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9133180820452489

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=6ff7333f-46e1-4d44-8c4f-dc6bc5be357b&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.013394591416334256

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=dfe0980d-5d36-45b6-bc6f-d77b4b5b40a9&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.3092773731593561

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=343c9494-c3bc-4b03-845f-fd12916832e5&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.630761614638113

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=62ba33bd-158b-471d-b4e3-61b58b14a4d5&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.17306956746941227

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=1fd1e5da-eabf-419e-9ed7-10ebcbca4047&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.007475441726354948

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=27c6a616-0dcf-4fb2-88cf-cb133466d802&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.4844946028281474

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: dmx.districtm.io
URL: https://dmx.districtm.io/b/v1

Domain: display.bfmio.com
URL: https://display.bfmio.com/prebid_display

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: freestar-d.openx.net
URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_2.1.5&dddid=6b2639ab-f201-4829-83a0-62171965f0ef&nocache=1560284741335&x_gdpr_f=1&pubcid=a4b943cb-fa08-4911-a6d8-5fec1d3d24c5&aus=728x90%2C970x90&divIds=bleepingcomputer_970x90_728x90_320x50_sticky&auid=539181725&

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-cryptocurrency-trading-site-pushes-crypto-stealing-malware%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=6b2639ab-f201-4829-83a0-62171965f0ef&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5989561332312199

Domain: ssp.pub.network
URL: https://ssp.pub.network/ssp-server/HeaderBiddingService

Domain: sync.bfmio.com
URL: https://sync.bfmio.com/sync_iframe?ifg=1&id=92fd6b68-fe21-44c5-bce8-6f519808339c&gdpr=0&gc=&gce=1

Domain: sync.bfmio.com
URL: https://sync.bfmio.com/sync_iframe?ifpl=5&ifg=1&id=Freestar+-+Header+Bidding+-+Display&gdpr=0&gc=&gce=1&cb=1560284740750

Domain: ib.3lift.com
URL: https://ib.3lift.com/sync?

Domain: acdn.adnxs.com
URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

Domain: acdn.adnxs.com
URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

Verdicts & Comments Add Verdict or Comment

171 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://quantcast.mgr.consensu.org/cmp.js(Line 1) Message: Dependency check failed for Publisher Purpose Legitimate Interest IDs: Publisher Purpose Legitimate Interest IDs must be an array containing only purpose IDs contained in the Publisher Purpose IDs array, the following purpose IDs will be ignored: 1, 4, 5
console-api	log	URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 5) Message: Video gallery initializing
console-api	error	URL: https://static.quantcast.mgr.consensu.org/v18/cmpui-popup.js(Line 1) Message: Unable to get NonIab Vendor list.
console-api	info	URL: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js(Line 580) Message: Powered by AMP ⚡ HTML – Version 1906051812580
console-api	error	URL: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js(Line 161) Message: localStorage not supported.
console-api	info	URL: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js(Line 580) Message: Powered by AMP ⚡ HTML – Version 1906051812580
console-api	error	URL: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js(Line 161) Message: localStorage not supported.
console-api	info	URL: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js(Line 580) Message: Powered by AMP ⚡ HTML – Version 1906051812580
console-api	error	URL: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js(Line 161) Message: localStorage not supported.
console-api	info	URL: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js(Line 580) Message: Powered by AMP ⚡ HTML – Version 1906051812580
console-api	error	URL: https://cdn.ampproject.org/rtv/011906051812580/amp4ads-v0.js(Line 161) Message: localStorage not supported.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
adservice.google.com
adservice.google.de
amp-error-reporting.appspot.com
api.quantcast.mgr.consensu.org
audit.quantcast.mgr.consensu.org
biddr.brealtime.com
btlr.sharethrough.com
c.pub.network
cdn.ampproject.org
cdn.connatix.com
cdn.connectad.io
cdn.districtm.io
cdns.connatix.com
ck.connatix.com
cluster-na.cdnjquery.com
connect.facebook.net
core.connatix.com
cse.google.com
d.pub.network
de.tynt.com
display.bfmio.com
dmx.districtm.io
edba.brealtime.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
g2.gumgum.com
googleads.g.doubleclick.net
graph.facebook.com
hb.emxdgt.com
hbx.media.net
i.connectad.io
ib.3lift.com
ib.adnxs.com
jadserve.postrelease.com
pagead2.googlesyndication.com
quantcast.mgr.consensu.org
rules.quantcount.com
s.adtelligent.com
s.ntv.io
s3.amazonaws.com
s7.addthis.com
s9.addthis.com
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
ssc.33across.com
ssp.pub.network
static.quantcast.mgr.consensu.org
sync.bfmio.com
tlx.3lift.com
tpc.googlesyndication.com
u.openx.net
v1.addthisedge.com
vendorlist.consensu.org
web.hb.ad.cpe.dotomi.com
www.bleepingcomputer.com
www.bleepstatic.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
www.reddit.com
acdn.adnxs.com
btlr.sharethrough.com
core.connatix.com
display.bfmio.com
dmx.districtm.io
fastlane.rubiconproject.com
freestar-d.openx.net
hb.emxdgt.com
ib.3lift.com
ib.adnxs.com
ssc.33across.com
ssp.pub.network
sync.bfmio.com
tlx.3lift.com
tpc.googlesyndication.com
104.111.215.236
104.111.230.142
104.17.119.107
104.17.120.107
104.20.59.209
104.24.1.61
13.35.253.108
13.35.253.19
13.35.253.52
13.35.253.67
151.101.1.140
172.217.18.98
172.217.21.198
173.241.240.143
185.33.223.215
208.100.17.190
23.210.248.44
23.227.137.178
23.38.19.203
23.58.216.132
2600:9000:2043:2a00:1:af78:4c0:93a1
2600:9000:20bb:6400:9:46dc:4700:93a1
2600:9000:20bb:9000:6:44e3:f8c0:93a1
2600:9000:20bb:ee00:9:46dc:4700:93a1
2606:4700:10::6814:8428
2606:4700:20::6819:c072
2606:4700::6812:1aef
2a00:1450:4001:808::2002
2a00:1450:4001:808::200e
2a00:1450:4001:80b::200e
2a00:1450:4001:817::2002
2a00:1450:4001:817::200a
2a00:1450:4001:818::2002
2a00:1450:4001:81b::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:81c::2004
2a00:1450:4001:81d::2003
2a00:1450:4001:81d::2014
2a00:1450:4001:81e::2002
2a00:1450:4001:81f::2001
2a00:1450:4001:825::2008
2a02:fa8:8806:16::1460
2a03:2880:f01c:20e:face:b00c:0:2
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42::645
2a05:f500:10:101::b93f:9101
3.82.30.32
35.188.71.214
35.202.179.74
35.226.36.58
50.19.38.129
52.19.153.98
52.216.107.62
91.228.74.147
99.80.164.175
03efc9c2735a855fd4bdd57a5781d2ac4799ea2a0cf57ab1b5101f7ee3bac772
045ec3eaa91bf688089e6086f14e8f0a09b980c0d5b0a3622e3f3124b5dfcc98
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05d2034f4da0434abcfb8a5f44f73b33a2a5d5df7c3777b8e82ed935ee3deca6
0aa0576748d78432a12ea7ee5e4ff2c6726831ff40a58876b50994621ed0710c
0bab6d17d3072a8de2ede4c8785ed04a4bca50d56dae487eee458f8cd9c9e551
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0f3994a744491e236025844f348c0733743e532a39a11c4423473893fbc03eca
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
18fa18c02f30738bdcee68d9cb87357e98c71c7a837b4a8c7e32de93165b7be8
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019
19e1dbba639ba68ceb71cdada9621e11d0aec6edba410971f1937d6cc4935b32
2189c74de68935fc4094fd615682d1b61449f2b6588ad7c7812015d5de3e843d
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b
2450e4fd2687e1fe032d4931d6b21a25ef94c80b5bf6baa2ca6e903c861e72da
24712d1a48bb468bb087dc52364af6a8f2c689f808391b5bddc19ed26bce67e2
294fe28c69dda3f4c652312000db721a01194db9f42f563d0f7a77b3c99cd550
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
310381c98ca870b08b8918013e6ff615083ac3ca3d2ceef0d378d845cf177789
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd
332cf4cc53a61ad450078c01772f57190764a785f76329649d3e68d756b43fc2
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590
3543db05c16fd9acfa8bed6d11d90c6633f88898f83409338c405d49723498ab
357017568ad102cf853bced7d960ecd7fcc8854ab807a9958dff7c2106b35d27
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
371e60eaea3df0bf53403a81ca0d49fad4e0c08dca679cf6a85300da15bf3208
372d0ec8be18f6beef36c151c2b9817e0e3786ecad79ef3f9500fcc03b996a17
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382
3c7f3873e71720fd77e2f876858a57548aa478e8d96d551d74af0c3ff589a84f
404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176
433afb04589ca4f7185983183076a8785792078ab46074b0a6355512af477148
46f054a5c98b253c46ff84547ce118625668349700a0730724df4bb25bcf5f78
48566f0a223d2592f114915cdd4a5c3b1de37437dfebf80b45948db446416014
487623344843550f6b30fd21fe613563803ce9da29c1438b1daceb082e2a4410
4a6ac1e8519aa132772c1f732514d4a2cbcd2143a90710b7656bc23024b4c85c
4bb3aaeb6bd2ba6d6c88f1497a5b86b2dba5ed0a39dcdbe82ee94dd06990e146
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
527bd943ccc9735f30f6d3215ad19a65f86e000e67ae2e3150d0d678a2aa8e28
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6
5a650faeaf8cae499fedf3c6fb974a89d6bb40c830b0bf040adecbd145b7be06
5aaf688e01a991bd9d796ca1adc8b66d432d477efdad550b7e991b692c6dbc5b
5ccea30bf9bf94721da8c1b277822949064eea2b280de79ec27877fb5aba3af7
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5de79bd33c164a62fe3389aeef0af2f54b82e7f8ba5fd7d0721f8080823babcb
5e9ea707a3d475708008836f6202aed222ee8ea7399770c2a7c0b189fd6d3543
5fe405e64b42b49a5813c2c7b8e48ccf290310c5eb351d2b15966856d1a2f06e
60393180edc5e4d377a89831cd53f5ba232f9577f479b5260139e58f02663203
608ce66fc43803d7d9aec32609ad1f4bd211289c93e6340f4b3581f0fe43cd55
617229202229089622770a111fef4f514877475b89056525185a70e0cbc5bc95
61cb7a1fefe87904c7b02aa16c88d4b42805526d63f9d20f2f797380713e4577
66e0f9a747bdd042fb9d01000d611034c4bdd2351cadb25fda445defec19c603
6d5bb20a6f644c06b9a7cf2df0004977d350f42cb63360f9f4c8592ca924f894
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144
72b034089870c9f927f1eb9b4eff9de3f21960488e8093ffc818a725e310fa38
742273719a18a176d36882e7e067a192b48df21455243666315910d3c7c53e84
76c393f564f53c19e795307e622edc8657a603f7a816c2646385697286d11313
76ea9ffb498d4afa3e7499fe8663594985fbe902bab9d01db87e94e976738b4f
78f96c973c9c1d563d5870a1f7debdb2c0967256fb0c508bb5b3d8b8c695622a
7972161a38af4774f022b6d248977895660ccea99afd794dd15832e3e33cfaa5
7afd1e931fc5bb2211f4f89e204c9e5d349e7bff9088ab84c97c3e5c50c6f8b6
7b20afb8e1a432c8cee0b80f3c8cc63fa1be6bf972894d29f9b2c3218814d15a
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8151acb57bf73884924c192f4d1b5138612fa0b81df99273d330341daaec15ef
8160a581e7cad4d5485a9b30309aa235f3a00b14ee6e4043a78807dc973fcee8
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8407b14392f5fb764b255fd3768c5e6ef651a19e1bd1816f8ca3f121175e531b
852bb00e2975ab3cd9c7ff4788109a0cee8238d20a3818067d2f2ecb557be604
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e
8bd06a157f6234495a2a93e0ad4166ebe82bf9d69a20831eadd196aad3f152b6
8d9c3e3cfba892b2954a9c28ec67162355632750aa8b45d55323b04bc29ae61b
8eb95bcbc154530931e15fc418c8b1fe991095671409552099ea1aa596999ede
8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
91725e8f7a4a42743d39c40a9f1b693c8b374ac7554fa307b0d735b37569f5b0
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
97de0956d11edf44483d9461cb7bac1e20465659368ea7321940ecc75ed5f2da
9afd00df4ef8e483eae86ac97fbd54c5a85309ab2d0f6cbbe7d331b5741221b9
9d8264b3a6e6a89bcc6e014635af5ea6a5a33815a2ad68fe34d15dc540a4f48a
9eb69a34590efb468075baccd5a51da6258c2b15ec00fbc03206e74495c2f1c8
9feac9b3ef773bc21a21d3392033f76f4d70dae7697662a6fc8a8fa714a24698
a60d6002897ec965c44830190b62f69b8b2d27aa9719a7f2bc424588d7111f01
a6d4ea4e2f95dcd77bc3acb8408f8ed9c2d9453aeafef8af9387b04e6c9a8ff9
a6d903a283ccb28c4cafe99a305d2f52a1e5bfd6cfa1f0fef762715cc4af2246
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
ad50142ef64cd10e3ca3d0df56c7ff80801927e8cd975dfb043f89c9740ec52e
aeacee1fd26655f1f9030cf34d565aef8432e453b6e839ed49a6934a066cbdcf
aed1d3e0e8565661020d1758525a829918ad55926910373ed5ad39c3e9b25ca3
af2642091af62d35efeac190f019c6c4fc8006c19c7f6d41dd1f8139219a6bd7
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad
b359f8b5b20dfbcb8631a5bf1ac1f48a2fba756117e791347b7b87e4b1867fb0
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b717725eae0a62b46fc02b2c92318646957000c3bee0330a078939c14ff2b5ae
b939fa63031678d425cd2b90813ef9b665d3ba73324360598a1052d30fec13fd
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e
c57ba139d8cfdf3809784609f81c6956dab1c2ddd3be5001434fdf1bcb3e2129
c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb
ca63a5bf8f9e3e8f87bc6966bd6865309df0ec43339334769f31b42b7dd5bed2
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d54113d5d99914636c06db627ef72342a4cfe764fae03e886d878d68589b58f3
d6d408ceb31cfae3d3d87971b82e522a331aa2eb042a793223b7ec19e419c564
e145cdc0be27e233cd342ccc4b4da1d5c5b7e87e6629c028d8a51f339dba90d0
e1ed25f4abd181e54349b19a94bd563692385ef339df2540abbee5638ccb3765
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2d7850debd42b20e2d9c9c48cf45599c226a43c14b379d7fa28eaefcb00ce33
f55be6f759123f4146f60c9b42205dbbce4eb83b249c5bb1270494819e7e859c
f5c0ed3fba3bb6d1328481babefe2b39126f228bb45b5aafbc09fb81b1a9892a
f9278e008fc4edcd157a9a7b3f5dfbd75c167f405d11296e19c313dc5d052cc2
facc4ccb45837d7ff6da9405f3d8ceded8edaf685a1b5237a72135fbebb2d2c4
fdda66647c92007f8188edf8194649d1ac5c00c6d7efe6e46d3b93d8ef742d99

www.bleepingcomputer.com Open in urlscan Pro 104.20.59.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

263 Requests

79 %HTTPS

48 %IPv6

47 Domains

72 Subdomains

56 IPs

7 Countries

2921 kBTransfer

7769 kBSize

0 Cookies

14 Outgoing links

Redirected requests

263 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209 Public Scan

Screenshot
Live screenshot

Full Image

263
Requests

79 %
HTTPS

48 %
IPv6

47
Domains

72
Subdomains

56
IPs

7
Countries

2921 kB
Transfer

7769 kB
Size

0
Cookies

263 HTTP transactions
7 data transactions