www.informationweek.com Open in urlscan Pro
2606:4700::6811:549a Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://informationweek.com/story/showArticle.jhtml?articleID=60407745
Effective URL:
https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918
Submission: On August 22 via api (August 22nd 2020, 7:07:55 am UTC) from GB

Summary HTTP 247 Redirects Links 61 Behaviour Indicators

Summary

This website contacted 55 IPs in 9 countries across 42 domains to perform 247 HTTP transactions. The main IP is 2606:4700::6811:549a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.informationweek.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 5th 2020. Valid for: a year.

This is the only time www.informationweek.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 11	2606:4700::68... 2606:4700::6811:549a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700::68... 2606:4700::6811:539a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1b	20446 (HIGHWINDS3) (HIGHWINDS3)
42	2606:4700:303... 2606:4700:3031::ac43:83be	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
15	2606:4700:303... 2606:4700:3032::681b:93f7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:303... 2606:4700:3031::ac43:c629	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.193.131 151.101.193.131	54113 (FASTLY) (FASTLY)
3	2606:4700:303... 2606:4700:3033::6818:7975	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:820::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	52.48.66.74 52.48.66.74	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE)
1	13.226.155.53 13.226.155.53	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE)
18	216.58.207.66 216.58.207.66	15169 (GOOGLE) (GOOGLE)
2	15.188.154.177 15.188.154.177	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
9	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1	2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff13	201011 (NETZBETRI...) (NETZBETRIEB-GMBH)
24	13.224.193.146 13.224.193.146	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:303... 2606:4700:3033::ac43:ae3d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	87.236.16.24 87.236.16.24	198610 (BEGET-AS) (BEGET-AS)
1 3	104.108.64.33 104.108.64.33	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.248.37.251 3.248.37.251	16509 (AMAZON-02) (AMAZON-02)
1	143.204.94.121 143.204.94.121	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:819::2002	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81a::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:218... 2600:9000:2182:9400:18:1fcd:34e:d2a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE)
2 2	185.33.220.243 185.33.220.243	29990 (ASN-APPNEX) (ASN-APPNEX)
2	3.229.100.58 3.229.100.58	14618 (AMAZON-AES) (AMAZON-AES)
2	192.102.6.38 192.102.6.38	57682 (HVDS-AS) (HVDS-AS)
1	54.93.101.66 54.93.101.66	16509 (AMAZON-02) (AMAZON-02)
1 1	2a03:2880:f02... 2a03:2880:f02d:e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	95.100.78.166 95.100.78.166	16625 (AKAMAI-AS) (AKAMAI-AS)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	2620:103::192... 2620:103::192:155:48:119	19994 (RACKSPACE) (RACKSPACE)
1	23.20.2.75 23.20.2.75	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:400c:c04::9a	15169 (GOOGLE) (GOOGLE)
35	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
1 2	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1 2	142.0.160.13 142.0.160.13	7160 (NETDYNAMICS) (NETDYNAMICS)
1 2	209.167.231.17 209.167.231.17	7160 (NETDYNAMICS) (NETDYNAMICS)
1	142.0.173.134 142.0.173.134	7160 (NETDYNAMICS) (NETDYNAMICS)
2	2606:2800:233... 2606:2800:233:7ee2:97c:ab4c:6c70:be36	15133 (EDGECAST) (EDGECAST)
2	52.204.202.55 52.204.202.55	14618 (AMAZON-AES) (AMAZON-AES)
1 5	23.210.248.216 23.210.248.216	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	52.16.181.3 52.16.181.3	16509 (AMAZON-02) (AMAZON-02)
1	35.175.20.97 35.175.20.97	14618 (AMAZON-AES) (AMAZON-AES)
247	55

11 2606:4700::6811:549a (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

informationweek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.informationweek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:539a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.informationweek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2606:4700:3031::ac43:83be (United States)

ASN13335 (CLOUDFLARENET, US)

twimgs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:3032::681b:93f7 (United States)

ASN13335 (CLOUDFLARENET, US)

img.deusm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3031::ac43:c629 (United States)

ASN13335 (CLOUDFLARENET, US)

i.ubm-us.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.131 (United States)

ASN54113 (FASTLY, US)

6600d6d98e534115970f9529a45f3195.js.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3033::6818:7975 (United States)

ASN13335 (CLOUDFLARENET, US)

dsimg.ubm-us.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.48.66.74 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-66-74.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.155.53 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-53.dus51.r.cloudfront.net

assets.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.98 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f98.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 216.58.207.66 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s25-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.188.154.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-154-177.eu-west-3.compute.amazonaws.com

ubmtech.d3.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4a0:1338:28::c38a:ff13 (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 13.224.193.146 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-146.fra2.r.cloudfront.net

cf-images.us-east-1.prod.boltdns.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3033::ac43:ae3d (United States)

ASN13335 (CLOUDFLARENET, US)

ins.techweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.236.16.24 (Russian Federation)

ASN198610 (BEGET-AS, RU)
PTR: ssl.kryton.beget.com

content.dl-rms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.108.64.33 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-64-33.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.37.251 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-37-251.eu-west-1.compute.amazonaws.com

ubm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.94.121 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-94-121.fra50.r.cloudfront.net

s.dpmsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

32e617b7b4cdcddd40fa5c086542f316.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:9400:18:1fcd:34e:d2a1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.220.243 (Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.229.100.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-100-58.compute-1.amazonaws.com

a.dpmsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.102.6.38 (Kyiv, Ukraine)

ASN57682 (HVDS-AS, UA)
PTR: 100widgets.com

100widgets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.93.101.66 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-101-66.eu-central-1.compute.amazonaws.com

6600d6d98e534115970f9529a45f3195.pages.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:e:face:b00c:0:2 (Ireland) 1 redirects

ASN32934 (FACEBOOK, US)

web.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.78.166 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-78-166.deploy.static.akamaitechnologies.com

img.en25.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:103::192:155:48:119 (United States)

ASN19994 (RACKSPACE, US)

ng.techweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.20.2.75 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-20-2-75.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.200 (United States) 1 redirects

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.0.160.13 (Ashburn, United States) 1 redirects

ASN7160 (NETDYNAMICS, US)

s657486201.t.eloqua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.167.231.17 (United States) 1 redirects

ASN7160 (NETDYNAMICS, US)
PTR: e017.en25.com

s2150.t.eloqua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.0.173.134 (United States)

ASN7160 (NETDYNAMICS, US)

trk.informationweek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:233:7ee2:97c:ab4c:6c70:be36 (United States)

ASN15133 (EDGECAST, US)

ton.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.204.202.55 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-202-55.compute-1.amazonaws.com

6600d6d98e534115970f9529a45f3195.events.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.248.216 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-216.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.16.181.3 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.175.20.97 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-175-20-97.compute-1.amazonaws.com

nextroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	twimgs.com twimgs.com	203 KB
37	twimg.com cdn.syndication.twimg.com pbs.twimg.com ton.twimg.com	470 KB
24	boltdns.net cf-images.us-east-1.prod.boltdns.net	95 KB
21	doubleclick.net 1 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net	114 KB
15	deusm.com img.deusm.com	209 KB
14	googlesyndication.com 32e617b7b4cdcddd40fa5c086542f316.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	236 KB
13	informationweek.com 3 redirects informationweek.com www.informationweek.com trk.informationweek.com	46 KB
11	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	110 KB
8	ubm-us.net i.ubm-us.net dsimg.ubm-us.net	93 KB
6	adroll.com 1 redirects s.adroll.com d.adroll.com	68 KB
6	ampproject.org cdn.ampproject.org	255 KB
5	facebook.com 1 redirects www.facebook.com web.facebook.com	945 B
5	ubembed.com 6600d6d98e534115970f9529a45f3195.js.ubembed.com assets.ubembed.com 6600d6d98e534115970f9529a45f3195.pages.ubembed.com 6600d6d98e534115970f9529a45f3195.events.ubembed.com	48 KB
4	eloqua.com 2 redirects s657486201.t.eloqua.com s2150.t.eloqua.com	2 KB
4	google.com www.google.com adservice.google.com	1 KB
4	facebook.net connect.facebook.net	226 KB
3	dpmsrv.com s.dpmsrv.com a.dpmsrv.com	87 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
3	techweb.com ins.techweb.com ng.techweb.com	2 KB
3	googletagservices.com www.googletagservices.com	74 KB
3	demdex.net dpm.demdex.net ubm.demdex.net	2 KB
2	google-analytics.com 1 redirects www.google-analytics.com	19 KB
2	100widgets.com 100widgets.com	915 B
2	adnxs.com 2 redirects ib.adnxs.com	2 KB
2	google.de adservice.google.de www.google.de	982 B
2	bing.com bat.bing.com	8 KB
2	omtrdc.net ubmtech.d3.sc.omtrdc.net	568 B
2	gstatic.com www.gstatic.com fonts.gstatic.com	146 KB
1	nextroll.com nextroll.com	2 KB
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	137 B
1	chartbeat.net ping.chartbeat.net	168 B
1	rlcdn.com idsync.rlcdn.com	66 B
1	en25.com img.en25.com	3 KB
1	chartbeat.com static.chartbeat.com	14 KB
1	dl-rms.com content.dl-rms.com	430 B
1	linkedin.com platform.linkedin.com	55 KB
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	googleadservices.com www.googleadservices.com	12 KB
1	googletagmanager.com www.googletagmanager.com	33 KB
1	googleapis.com fonts.googleapis.com	669 B
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	7 KB
0	adsnative.com Failed static.adsnative.com Failed
247	42

	Domain	Requested by
42	twimgs.com	www.informationweek.com img.deusm.com
34	pbs.twimg.com	www.informationweek.com platform.twitter.com
24	cf-images.us-east-1.prod.boltdns.net	www.informationweek.com
18	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.informationweek.com
15	img.deusm.com	www.informationweek.com
11	www.informationweek.com	2 redirects www.informationweek.com img.deusm.com
9	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.informationweek.com cdn.ampproject.org tpc.googlesyndication.com
9	platform.twitter.com	www.informationweek.com platform.twitter.com
6	cdn.ampproject.org	securepubads.g.doubleclick.net
5	s.adroll.com	1 redirects www.informationweek.com s.adroll.com
5	i.ubm-us.net	www.informationweek.com
4	pagead2.googlesyndication.com	www.informationweek.com securepubads.g.doubleclick.net
4	www.facebook.com	www.informationweek.com connect.facebook.net
4	connect.facebook.net	www.informationweek.com connect.facebook.net
3	sb.scorecardresearch.com	1 redirects www.informationweek.com
3	www.googletagservices.com	www.informationweek.com securepubads.g.doubleclick.net
3	www.google.com	dsimg.ubm-us.net www.informationweek.com
3	dsimg.ubm-us.net	www.informationweek.com
2	6600d6d98e534115970f9529a45f3195.events.ubembed.com	assets.ubembed.com
2	ton.twimg.com	platform.twitter.com
2	s2150.t.eloqua.com	1 redirects img.en25.com
2	s657486201.t.eloqua.com	1 redirects www.informationweek.com
2	syndication.twitter.com	1 redirects www.informationweek.com
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	100widgets.com	content.dl-rms.com 100widgets.com
2	a.dpmsrv.com	www.informationweek.com
2	ib.adnxs.com	2 redirects
2	bat.bing.com	www.informationweek.com
2	ins.techweb.com	www.informationweek.com ins.techweb.com
2	ubmtech.d3.sc.omtrdc.net	twimgs.com www.informationweek.com
2	dpm.demdex.net	twimgs.com www.informationweek.com
1	nextroll.com
1	d.adroll.com
1	d.adroll.mgr.consensu.org	1 redirects
1	trk.informationweek.com	www.informationweek.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	stats.g.doubleclick.net	www.informationweek.com
1	ping.chartbeat.net	www.informationweek.com
1	ng.techweb.com	img.deusm.com
1	idsync.rlcdn.com	www.informationweek.com
1	cm.g.doubleclick.net	1 redirects
1	img.en25.com	www.informationweek.com
1	web.facebook.com	1 redirects
1	6600d6d98e534115970f9529a45f3195.pages.ubembed.com	assets.ubembed.com
1	www.google.de	www.informationweek.com
1	static.chartbeat.com	www.informationweek.com
1	fonts.gstatic.com	fonts.googleapis.com
1	32e617b7b4cdcddd40fa5c086542f316.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	googleads.g.doubleclick.net	www.googleadservices.com
1	s.dpmsrv.com	www.informationweek.com
1	ubm.demdex.net	twimgs.com
1	content.dl-rms.com	www.informationweek.com
1	platform.linkedin.com	www.informationweek.com
1	cm.everesttech.net	1 redirects
1	www.googleadservices.com	www.informationweek.com
1	www.gstatic.com	www.google.com
1	assets.ubembed.com	6600d6d98e534115970f9529a45f3195.js.ubembed.com
1	www.googletagmanager.com	www.informationweek.com
1	6600d6d98e534115970f9529a45f3195.js.ubembed.com	www.informationweek.com
1	fonts.googleapis.com	www.informationweek.com
1	maxcdn.bootstrapcdn.com	www.informationweek.com
1	informationweek.com	1 redirects
0	static.adsnative.com Failed	www.informationweek.com
247	65

This site contains links to these domains. Also see Links.

Domain
tech.informa.com
informa.com
www.drdobbs.com
www.networkcomputing.com
www.darkreading.com
www.wallstreetandtech.com
www.banktech.com
www.insurancetech.com
ng.techweb.com
www.facebook.com
twitter.com
www.linkedin.com
www.techweb.com
www.barclays.co.uk
adclick.g.doubleclick.net
securityresponse.symantec.com
toolbar.netcraft.com
webinar.informationweek.com
webinar.darkreading.com
informa.co1.qualtrics.com
tmt.knect365.com
www.interop.com
informationweek.com
www.itprotoday.com
www.datacenterknowledge.com
info.wrightsmedia.com
privacyportal-eu-cdn.onetrust.com

Subject Issuer	Validity	Valid
informationweek.com Cloudflare Inc ECC CA-3	`2020-07-05` - `2021-07-05`	a year	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-29` - `2021-07-29`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
z.ssl.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-08-18` - `2021-04-23`	8 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
www.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
assets.ubembed.com Amazon	`2020-04-04` - `2021-05-04`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.d3.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2020-02-28` - `2022-03-04`	2 years	crt.sh
platform.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-13` - `2021-08-18`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2020-07-03` - `2022-07-08`	2 years	crt.sh
*.prod.boltdns.net Amazon	`2019-12-19` - `2021-01-19`	a year	crt.sh
techweb.com Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
dl-rms.com Let's Encrypt Authority X3	`2020-06-29` - `2020-09-27`	3 months	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh
*.dpmsrv.com Amazon	`2020-06-15` - `2021-07-15`	a year	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
*.google.de GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2020-06-01` - `2021-06-02`	a year	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
100widgets.com COMODO RSA Domain Validation Secure Server CA	`2017-10-19` - `2020-10-18`	3 years	crt.sh
*.pages.ubembed.com Sectigo RSA Domain Validation Secure Server CA	`2020-03-09` - `2022-03-22`	2 years	crt.sh
*.en25.com DigiCert SHA2 Secure Server CA	`2020-08-13` - `2021-11-12`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
ng.techweb.com Let's Encrypt Authority X3	`2020-07-28` - `2020-10-26`	3 months	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2019-12-16` - `2020-12-30`	a year	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.t.eloqua.com DigiCert SHA2 Secure Server CA	`2020-03-09` - `2022-04-08`	2 years	crt.sh
trk.informationweek.com RapidSSL RSA CA 2018	`2020-03-03` - `2021-03-03`	a year	crt.sh
*.events.ubembed.com Amazon	`2020-07-10` - `2021-08-10`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
nextroll.com Let's Encrypt Authority X3	`2020-07-04` - `2020-10-02`	3 months	crt.sh

This page contains 15 frames:

Primary Page: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918
Frame ID: F95F70734C7A4D05328BACC95643EA65
Requests: 179 HTTP requests in this frame

Frame: https://ubm.demdex.net/dest5.html?d_nsid=0
Frame ID: 32CFA434090172552A2CC7731B3FE6F1
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js
Frame ID: 63D528CE313D3C17BBB30C03588E3CD0
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstiDL_PKKo2f0OPe5ijJoakefgVRHvr2BmWgh9nHxDb-IKWR-8iKGP_xH_u6I9WEK6fa9o1zxbzqeDS4cS-rSt7DYWh4fdxEJz1rqaySdzVhvHcTDBaSX9_Sq1FU39QW_qwqSMjKKreX8VbpQk0QWz-mvDEEKfbEg1OlzIR7yY3ml_LeRmHT8nAi289mx2ZNMOBJa3Mo1gCrXyMWVY1AZ-oFv8_yt1jfFnfh6oaW9Bl1YVrdC0-_JLMbabKqHVofw09aKrQQ2whHAwoPhVkzlw&sai=AMfl-YRuVMOjGmobANN23ZWxFQXpaZTNxUDT6obesFcF_QU4KRn2dv9_ocfk67sim97OG3YJOXlIUvn0ImS_F2Z0QXml4kEDAVi-yS0xkf9vLssKhuTZ4mAlROZoFv2IjB8&sig=Cg0ArKJSzJ1my2YPcYY6EAE&urlfix=1&adurl=
Frame ID: 6D8C249E96ECFD019D2549616F87AFD7
Requests: 4 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js
Frame ID: 0A30015C13D8E97208CBAD39531819E5
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js
Frame ID: D410268E61D372804AD5432AB6BDB3C9
Requests: 8 HTTP requests in this frame

Frame: https://6600d6d98e534115970f9529a45f3195.pages.ubembed.com/0227c2e1-854e-491f-9e8b-1a56e903809d/a.html?closedAt=0
Frame ID: FB7DDAF260B31F92C2B038C62E52D770
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.3c5aa8e2a38bbbee4b6d88e6846fc657.html?origin=https%3A%2F%2Fwww.informationweek.com
Frame ID: F514D5D07DC1A83F8F7826DC7BC42E4A
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?app_id=640989409269461&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2afa92191a105%26domain%3Dwww.informationweek.com%26origin%3Dhttps%253A%252F%252Fwww.informationweek.com%252Ff3865668b1d3aec%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poi%2F60407745&layout=button&locale=en_US&sdk=joey&send=false&show_faces=false&width=87&_rdc=1&_rdr
Frame ID: E4FD21CD4223EDE37546CF55393890FF
Requests: 1 HTTP requests in this frame

Frame: https://ins.techweb.com/beacon/record.do?a=bfb712d4d19ed922a019f653ef0d27df3e8dac70570cb4ba0be8b5d8c49e00ac&u=https%253A%252F%252Fwww.informationweek.com%252Fphishers-turn-to-dns-wildcards-cache-poisoning%252Fd%252Fd-id%252F1030918%253F&t=P
Frame ID: A9C680FD0D6E36E6BF24BCAC33DA735B
Requests: 1 HTTP requests in this frame

Frame: https://ng.techweb.com/authds/login/login.jsp?type=iframe&cdsocket_client=https://www.informationweek.com/cdsocket_proxy.html
Frame ID: D26F882CA41DFD86B0318915790E4253
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.3c5aa8e2a38bbbee4b6d88e6846fc657.en.html
Frame ID: FE95FA33DA0611F4CA14F8CB4111FE6E
Requests: 1 HTTP requests in this frame

Frame: https://pbs.twimg.com/card_img/1296070210252877825/a0hBKla_?format=jpg&name=144x144_2
Frame ID: EF9C9F1B06F2B1095C33F88B52F07CAD
Requests: 40 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 85B3D4D3431F31DA08E55ABAFAFB3734
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: 446E789F3D1953FC7C6BB29F4CC58373
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://informationweek.com/story/showArticle.jhtml?articleID=60407745 HTTP 301
http://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918 HTTP 302
https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918 Page URL

Detected technologies

Unbounce (Editors) Expand

Overall confidence: 100%
Detected patterns

script /ubembed\.com/i

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /chartbeat\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

script /\/recaptcha\/api\.js/i

Page Statistics

247
Requests

100 %
HTTPS

52 %
IPv6

42
Domains

65
Subdomains

55
IPs

9
Countries

2639 kB
Transfer

7148 kB
Size

1
Cookies

61 Outgoing links

These are links going to different origins than the main page.

URL: https://tech.informa.com/cookie-policy
Title: our use of cookies.

Search URL Search Domain Scan URL

URL: https://informa.com/
Title: Informa PLC

Search URL Search Domain Scan URL

URL: https://informa.com/About-Us/
Title: About us

Search URL Search Domain Scan URL

URL: https://informa.com/Investors/
Title: Investor relations

Search URL Search Domain Scan URL

URL: https://informa.com/Talent/
Title: Talent

Search URL Search Domain Scan URL

URL: https://www.drdobbs.com/
Title: Dr. Dobb's

Search URL Search Domain Scan URL

URL: https://www.networkcomputing.com/topic/network-security
Title: Network Security

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/careers-and-people.asp
Title: Careers & People

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/threat-intelligence.asp
Title: Threat Intelligence

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/IoT.asp
Title: IoT

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/attacks-breaches.asp
Title: Attacks & Breaches

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/application-security.asp
Title: Application Security

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/cloud-security.asp
Title: Cloud Security

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/endpoint-security.asp
Title: Endpoint Security

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/mobile-security.asp
Title: Mobile Security

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/network-perimeter-security.asp
Title: Perimeter Security

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/risk-management.asp
Title: Risk Management

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/operations.asp
Title: Operations Security

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/security-analytics.asp
Title: Analytics

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/vulnerabilities-threats.asp
Title: Vulnerabilities & Threats

Search URL Search Domain Scan URL

URL: https://www.networkcomputing.com/topic/networking
Title: Networking

Search URL Search Domain Scan URL

URL: https://www.networkcomputing.com/topic/wireless-infrastructure
Title: Wireless Infrastructure

Search URL Search Domain Scan URL

URL: https://www.networkcomputing.com/topic/data-centers
Title: Data Centers

Search URL Search Domain Scan URL

URL: https://www.networkcomputing.com/topic/cloud-infrastructure
Title: Cloud Infrastructure

Search URL Search Domain Scan URL

URL: https://www.networkcomputing.com/topic/careers-and-certifications
Title: Careers and Certifications

Search URL Search Domain Scan URL

URL: https://www.wallstreetandtech.com/
Title: Wall Street & Technology

Search URL Search Domain Scan URL

URL: https://www.banktech.com/
Title: Bank Systems & Technology

Search URL Search Domain Scan URL

URL: https://www.insurancetech.com/
Title: Insurance & Technology

Search URL Search Domain Scan URL

URL: https://www.networkcomputing.com/
Title: Network Computing

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/
Title: Dark Reading

Search URL Search Domain Scan URL

URL: https://ng.techweb.com/authds/gateway?gateway=true&return=https%3A%2F%2Fwww%2Einformationweek%2Ecom%2Fphishers%2Dturn%2Dto%2Ddns%2Dwildcards%2Dcache%2Dpoisoning%2Fd%2Fd%2Did%2F1030918%3FngAction%3Dregister
Title: Register

Search URL Search Domain Scan URL

URL: https://www.facebook.com/informationweek
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/InformationWeek
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/informationweek
Title: LinkedIn

Search URL Search Domain Scan URL

URL: http://www.techweb.com/encyclopedia/defineterm.jhtml?term=DNS&x=14&y=11
Title: DNS

Search URL Search Domain Scan URL

URL: http://www.techweb.com/encyclopedia/defineterm.jhtml?term=phishing
Title: Phishing

Search URL Search Domain Scan URL

URL: http://www.barclays.co.uk/
Title: banking site

Search URL Search Domain Scan URL

URL: https://adclick.g.doubleclick.net/pcs/click%253Fxai%253DAKAOjst-sXI1O5n7DuboAOvHAYhsjFoLZnN-arFBM8xd0lcWDBo3tdl2c913y8d9Bw2zqKbaxGdnJ6naVqgitXGM7qpjNSkLJC971ggz-Rh3B2b2rq-nT7pDgNsABuIbg4jLQawiVjFriMHXo-FFqedpTJV14X6RmxBOt9ht4QaFCKrSXQnRk9dQ0BAMsVAEpVXzId3wSTvSknHhVWHJx_1Qs3hiCSgmeT9Qij-zk79JbcHa9IG-QUqnqBUFEIuI5cHXbrEv0ASmKHgoOw%2526sai%253DAMfl-YSej298JUPx5kgMQqzZ_DkS7UnN6dKowTgXRfYOy3VQU8ude6mMk3k3-fImFd8Z0cwWfiRIRpQqeMg98Ek8RVahc9PKNw3YbDwew2-IlL1p02I1p2WYlvTUAh4c8hs%2526sig%253DCg0ArKJSzC45-NUkqa4YEAE%2526urlfix%253D1%2526adurl%253Dhttps://www.darkreading.com/climbing-the--pain-pyramid--with-artificial-intelligence-/d/d-id/1338631

Search URL Search Domain Scan URL

URL: http://www.techweb.com/wire/security/60405913
Title: DNS cache poisoning

Search URL Search Domain Scan URL

URL: http://securityresponse.symantec.com/avcenter/security/Content/2004.06.21.html
Title: bug was disclosed

Search URL Search Domain Scan URL

URL: http://toolbar.netcraft.com/
Title: free toolbar

Search URL Search Domain Scan URL

URL: https://webinar.informationweek.com/6069?keycode=sbx&cid=smartbox_techweb_webcast_8.500000978
Title: Edge Computing: An IT Platform for the New Enterprise

Search URL Search Domain Scan URL

URL: https://webinar.darkreading.com/5702?keycode=sbx&cid=smartbox_techweb_webcast_8.500000975
Title: Implementing an Effective Defense Against Ransomware

Search URL Search Domain Scan URL

URL: https://informa.co1.qualtrics.com/jfe/form/SV_6m06r7xPrvKsnSB?kc=utm_source=SBX&utm_medium=web&utm_content=curationtool&cid=smartbox_techweb_analytics_7.300005825
Title: We Want to Know Your Thoughts on RPA - Get a Chance to Win a $100 Amazon.com Gift Card

Search URL Search Domain Scan URL

URL: https://tmt.knect365.com/data-center-world/?_mc=sbx&cid=smartbox_techweb_session_16.500223
Title: Expert led sessions and real networking - Join us at Data Center World 2020: A Virtual Experience

Search URL Search Domain Scan URL

URL: https://www.interop.com/?_mc=sbx_x_intplv_edt_aud_allan_x_x-IWKSB&cid=smartbox_techweb_session_16.500222
Title: Collaborate With IT Industry Leaders at Interop Digital, Oct. 5-8

Search URL Search Domain Scan URL

URL: https://webinar.informationweek.com/5957?keycode=sbx&cid=smartbox_techweb_webcast_8.500000977
Title: Network Security: The Attacker's Point of View

Search URL Search Domain Scan URL

URL: https://webinar.informationweek.com/6032?keycode=sbx&cid=smartbox_techweb_webcast_8.500000972
Title: Enterprise Database Strategies for 2020

Search URL Search Domain Scan URL

URL: https://informationweek.com/whitepaper/network-and-perimeter-security/cybersecurity/enough-with-the-data-already/420073?cid=smartbox_techweb_whitepaper_14.500004133
Title: Enough with the Data Already

Search URL Search Domain Scan URL

URL: https://www.interop.com/
Title: Interop

Search URL Search Domain Scan URL

URL: https://www.itprotoday.com/
Title: IT Pro Today

Search URL Search Domain Scan URL

URL: https://www.datacenterknowledge.com/
Title: Data Center Knowledge

Search URL Search Domain Scan URL

URL: https://tmt.knect365.com/data-center-world/
Title: Data Center World

Search URL Search Domain Scan URL

URL: https://info.wrightsmedia.com/licensing-reprints-request
Title: Reprints

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/informationweek/
Title:

Search URL Search Domain Scan URL

URL: https://informationweek.com/rss_feeds.asp?s

Search URL Search Domain Scan URL

URL: https://tech.informa.com/
Title: Home

Search URL Search Domain Scan URL

URL: https://privacyportal-eu-cdn.onetrust.com/dsarwebform/c1f53e84-9f05-4169-a854-85052b63c50b/5f26b553-52cc-4973-a761-295d5634a6b6.html
Title: CCPA: Do not sell my personal info

Search URL Search Domain Scan URL

URL: https://tech.informa.com/privacy-policy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://tech.informa.com/terms-and-conditions
Title: Terms

Search URL Search Domain Scan URL

URL: http://twitter.com/share/?text=&url=%3Ff%5Fsrc%3Dthissite%5Ftweetlink
Title: Tweet This

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://informationweek.com/story/showArticle.jhtml?articleID=60407745 HTTP 301
http://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918 HTTP 302
https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

https://cm.everesttech.net/cm/dd?d_uuid=39523769727693784231204558934765455863 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=X0DENwAABJOULS3-

Request Chain 102

https://www.informationweek.com/client_pathlog.asp?p=%2Finformationweek%2Fsection%2F277&f=%2Finformationweek%2Fsection%2F277%2F1030918&rndserial=11254 HTTP 302
https://twimgs.com/nojitter/informationweek/resources/images/spacer.gif

Request Chain 163

https://sb.scorecardresearch.com/b?c1=2&c2=3005435&ns__t=1598080056162&ns_c=windows-1252&cv=3.5&c8=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning%20-%20InformationWeek&c7=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=3005435&ns__t=1598080056162&ns_c=windows-1252&cv=3.5&c8=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning%20-%20InformationWeek&c7=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&c9=&cs_ak_ss=1

Request Chain 166

https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&q%3DxImp%26v%3D1.x%26cl%3D55%26pixelIndex%3D0%26r%3D639676%26tzOffset%3D-120%26url%3Dhttps%253A%252F%252Fwww.informationweek.com%252Fphishers-turn-to-dns-wildcards-cache-poisoning%252Fd%252Fd-id%252F1030918%253F&_=1598080056239 HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26q%253DxImp%2526v%253D1.x%2526cl%253D55%2526pixelIndex%253D0%2526r%253D639676%2526tzOffset%253D-120%2526url%253Dhttps%25253A%25252F%25252Fwww.informationweek.com%25252Fphishers-turn-to-dns-wildcards-cache-poisoning%25252Fd%25252Fd-id%25252F1030918%25253F%26_%3D1598080056239 HTTP 302
https://a.dpmsrv.com/dpmpxl/index.php?id=2676142873037730215&q=xImp&v=1.x&cl=55&pixelIndex=0&r=639676&tzOffset=-120&url=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&_=1598080056239

Request Chain 180

https://web.facebook.com/plugins/like.php?app_id=640989409269461&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2afa92191a105%26domain%3Dwww.informationweek.com%26origin%3Dhttps%253A%252F%252Fwww.informationweek.com%252Ff3865668b1d3aec%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poi%2F60407745&layout=button&locale=en_US&sdk=joey&send=false&show_faces=false&width=87 HTTP 302
https://www.facebook.com/plugins/like.php?app_id=640989409269461&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2afa92191a105%26domain%3Dwww.informationweek.com%26origin%3Dhttps%253A%252F%252Fwww.informationweek.com%252Ff3865668b1d3aec%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poi%2F60407745&layout=button&locale=en_US&sdk=joey&send=false&show_faces=false&width=87&_rdc=1&_rdr

Request Chain 183

https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=2676142873037730215&pixelIndex=0&_=1598080056240 HTTP 302
https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=2676142873037730215&pixelIndex=0&_=1598080056240&google_gid=CAESEL_H2H2o6eYthc995XsAKnk&google_cver=1

Request Chain 191

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=178359078&t=pageview&_s=1&dl=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918&dp=%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918&ul=en-us&de=windows-1252&dt=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning%20-%20InformationWeek&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEAB~&jid=1492742733&gjid=1000272739&cid=1182060867.1598080056&tid=UA-135180592-1&_gid=1492810266.1598080058&_r=1&gtm=2wg8c058C29PT&cd1=news%20analysis&cd2=gregg%20keizer&cd3=1&cd4=null&cd5=20050308&cd6=&cd10=0&z=1615636481 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-135180592-1&cid=1182060867.1598080056&jid=1492742733&_gid=1492810266.1598080058&gjid=1000272739&_v=j83&z=1615636481

Request Chain 194

https://s657486201.t.eloqua.com/visitor/v200/svrGP?pps=50&siteid=657486201&DLKey=7435f16d0b5c4189a89d0d109d2517f5&DLLookup=&ms=378&firstPartyCookieDomain=trk.informationweek.com HTTP 302
https://s657486201.t.eloqua.com/visitor/v200/svrGP.aspx?pps=50&siteid=657486201&DLKey=7435f16d0b5c4189a89d0d109d2517f5&DLLookup=&ms=378&firstPartyCookieDomain=trk.informationweek.com&elqCookie=1

Request Chain 195

https://s2150.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=2150&ref2=elqNone&tzo=-60&ms=378&optin=disabled&firstPartyCookieDomain=trk.informationweek.com HTTP 302
https://trk.informationweek.com/visitor/v200/svrGP.aspx?pps=3&siteid=2150&ref2=elqNone&tzo=-60&ms=378&optin=disabled&elq1pcGUID=00E3CBF729B6475CB26CF2ED8AA6F95C

Request Chain 241

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

Request Chain 246

https://s.adroll.com/j/exp/TQSV74R4GVCSJITSZC2MCP/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 248

https://d.adroll.mgr.consensu.org/consent/iabcheck/TQSV74R4GVCSJITSZC2MCP?_s=15f9038e827edd39108bcbd05f6b776e&_b=2 HTTP 302
https://d.adroll.com/consent/check/TQSV74R4GVCSJITSZC2MCP/?_s=15f9038e827edd39108bcbd05f6b776e&_b=2

247 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request 1030918 Show response
www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/
Redirect Chain

https://informationweek.com/story/showArticle.jhtml?articleID=60407745
http://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

184 KB
28 KB

1673ms
1673ms

Document
text/html

2606:4700::6811:549a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:549a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

64374c8277a8d1459650ba3d7e4b985f039d9edb9662739ee8044609098f11df

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

:method: GET
:authority: www.informationweek.com
:scheme: https
:path: /phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d0e2f3e71cda3d3637763cd443556079e1598080051
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Sat, 22 Aug 2020 07:07:34 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: private
set-cookie: informationweek_lastvisit=8/22/2020 3:07:34 AM; expires=Wed, 22-Aug-2035 07:07:34 GMT; path=/; HttpOnly informationweek_lastvisit=8/22/2020 3:07:34 AM; expires=Wed, 22-Aug-2035 07:07:34 GMT; path=/; HttpOnly piddlPermUserIDEnc=; path=/; secure piddlNGUsername=; path=/; secure cplChannelTagID=; path=/; secure informationweek%2Dmeter=1030918; expires=Sun, 23-Aug-2020 04:00:00 GMT; path=/ informationweek%5Fvisits=2; expires=Wed, 22-Aug-2035 04:00:00 GMT; path=/
x-pingback: http://www.staging.new.informationweek.com/xmlrpc.asp
x-powered-by: ASP.NET
strict-transport-security: max-age=63072000
cf-cache-status: DYNAMIC
cf-request-id: 04b6978788000096bc80082200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5c6ac1ec0cf696bc-FRA
content-encoding: br

Redirect headers

Date: Sat, 22 Aug 2020 07:07:33 GMT
Content-Length: 0
Connection: keep-alive
Location: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
CF-Cache-Status: DYNAMIC
cf-request-id: 04b6978580000006143b388200000001
Server: cloudflare
CF-RAY: 5c6ac1e8cb980614-FRA

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 13ms
7ms Stylesheet
text/css 2001:4de0:ac19::1:b:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:35:20 GMT
status: 200
etag: "1544639720"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 7050

GET
H2 200 common-footer.css
twimgs.com/nojitter/css/ 9 KB
2 KB 53ms
20ms Stylesheet
text/css 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twimgs.com/nojitter/css/common-footer.css?
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eea91bd1f33507891a2909689d21be3a6e0fb1b688037c2a7d59c042503d910

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 09 Jan 2020 06:37:35 GMT
server: cloudflare
age: 963
etag: W/"23cf-59baf3e93a9c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5c6ac1f6b8b205b7-FRA
cf-request-id: 04b6978e36000005b749b84200000001

GET
H2 200 css
fonts.googleapis.com/ 2 KB
669 B 21ms
15ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Slab:700

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

95ef5b080ecf0e2726835bafef2613d3fd328832e84f81da38c5f4f26dab8755

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 22 Aug 2020 05:31:49 GMT
server: ESF
date: Sat, 22 Aug 2020 07:07:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 22 Aug 2020 07:07:34 GMT

GET
H2 200 informationweek.css
twimgs.com/nojitter/css/ 18 KB
3 KB 51ms
19ms Stylesheet
text/css 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twimgs.com/nojitter/css/informationweek.css
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5061b7c20588d2e6ea633ee5aada32152938bdcc83157b8c9cdb6159f10cb066

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 May 2017 08:51:14 GMT
server: cloudflare
age: 2718
etag: W/"471b-54ec2fde7c480"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5c6ac1f6b8b605b7-FRA
cf-request-id: 04b6978e36000005b749b85200000001

GET
H2 200 pano-framework.css
www.informationweek.com/styles/ 76 KB
6 KB 25ms
19ms Stylesheet
text/css 2606:4700::6811:549a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.informationweek.com/styles/pano-framework.css?v=1.47

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:549a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

708687b9149aa486f01692402dd8c7a66bf34f1ce7fdc3d059a77b7937a7ccdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 2792
x-powered-by: ASP.NET
status: 200
cf-request-id: 04b6978e1c000096bc80156200000001
last-modified: Mon, 06 Jan 2020 04:38:34 GMT
server: cloudflare
etag: W/"6bc0bd274bc4d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000
content-type: text/css
expires: Sat, 22 Aug 2020 11:07:34 GMT
cache-control: public, max-age=14400
cf-polished: origSize=111268
cf-ray: 5c6ac1f69b8496bc-FRA
cf-bgj: minify

GET
H2 200 styles.css
www.informationweek.com/styles/ 260 B
457 B 21ms
16ms Stylesheet
text/css 2606:4700::6811:549a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.informationweek.com/styles/styles.css?v=1.2

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:549a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

10a6e0f0427a05104050292e8d62b3d01062f9422701e267df74958d0cc2eef7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 2792
x-powered-by: ASP.NET
status: 200
cf-request-id: 04b6978e1c000096bc80157200000001
last-modified: Mon, 03 Apr 2017 13:51:54 GMT
server: cloudflare
etag: W/"e8f3cd7381acd21:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000
content-type: text/css
expires: Sat, 22 Aug 2020 11:07:34 GMT
cache-control: public, max-age=14400
cf-polished: origSize=292
cf-ray: 5c6ac1f69b8596bc-FRA
cf-bgj: minify

GET
H2 200 iwk_nativead.css
img.deusm.com/informationweek/css/ 2 KB
950 B 48ms
15ms Stylesheet
text/css 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.deusm.com/informationweek/css/iwk_nativead.css
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13943a8cdc412f8769bb2c8f92651e7d0261f95b733838b60dff9b7ed5bb8ee5

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Mar 2018 07:05:14 GMT
server: cloudflare
age: 962
etag: W/"856-566e14c19fe80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cf-polished: origSize=2134
cf-ray: 5c6ac1f6bd8505c4-FRA
cf-request-id: 04b6978e37000005c4fe9ba200000001
cf-bgj: minify

GET
H2 200 Jquery_3.4.1.js Show response
img.deusm.com/darkreading/JQuery_Library/ 140 KB
39 KB 55ms
22ms Script
application/javascript 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.deusm.com/darkreading/JQuery_Library/Jquery_3.4.1.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d50d436889f46d5b9455690493e877e02ad30ea4dca963ffcaa3024c45c1d58c

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 16 Mar 2020 04:36:27 GMT
server: cloudflare
age: 3556
etag: W/"47090-5a0f15cbce8c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cf-polished: origSize=290960
cf-ray: 5c6ac1f6bd8805c4-FRA
cf-request-id: 04b6978e37000005c4fe9bc200000001
cf-bgj: minify

GET
H2 200 nativead.js Show response
i.ubm-us.net/oas/nativead/js/ 1 KB
494 B 49ms
14ms Script
application/javascript 2606:4700:3031::ac43:c629
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ubm-us.net/oas/nativead/js/nativead.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c629 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 984cd1fa5dd20c2b1b8fd77b6bb876a3a211cdf14aaaed6bc1481e3c98027544

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 30 Jul 2015 14:31:41 GMT
server: cloudflare
age: 60061
cf-polished: origSize=1373
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
cf-ray: 5c6ac1f6cb300610-FRA
cf-request-id: 04b6978e39000006106295e200000001
cf-bgj: minify

GET
H2 200 iwk_nativead.js Show response
i.ubm-us.net/oas/nativead/js/ 8 KB
2 KB 48ms
14ms Script
application/javascript 2606:4700:3031::ac43:c629
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ubm-us.net/oas/nativead/js/iwk_nativead.js?v3
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c629 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f0e5150f9076d04d0ecd6acdef1ce9e06e0c373b94c257adcb3807d9f07c821

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 04 Oct 2017 17:48:52 GMT
server: cloudflare
age: 963
cf-polished: origSize=8455
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
cf-ray: 5c6ac1f6cb310610-FRA
cf-request-id: 04b6978e39000006106295f200000001
cf-bgj: minify

GET
H2 200 respond.min.js Show response
www.informationweek.com/script/ 4 KB
2 KB 24ms
20ms Script
application/x-javascript 2606:4700::6811:549a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.informationweek.com/script/respond.min.js

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:549a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

cf7bdb0487590885c13a3cc0a2a1450b3ac649a465de267af12f552be8bcb5fe

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
age: 2792
x-powered-by: ASP.NET
status: 200
cf-request-id: 04b6978e1c000096bc80158200000001
last-modified: Thu, 10 Apr 2014 16:43:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"0c6c26dc54cf1:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 5c6ac1f69b8796bc-FRA
expires: Sat, 22 Aug 2020 11:07:34 GMT

GET
H2 200 pano-framework.js Show response
twimgs.com/nojitter/js/ 7 KB
1 KB 51ms
20ms Script
application/javascript 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twimgs.com/nojitter/js/pano-framework.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c076feeb4f531a346cbd00b3dd87200e96afc835a0a70661eefb6ac3efbf3e9

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 May 2017 07:24:38 GMT
server: cloudflare
age: 79182
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
cf-ray: 5c6ac1f6b8be05b7-FRA
cf-request-id: 04b6978e36000005b749b89200000001

GET
H2 200 complete.js Show response
twimgs.com/nojitter/js/ 45 KB
9 KB 46ms
15ms Script
application/javascript 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twimgs.com/nojitter/js/complete.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8420f59cd348cf0e10e05482724523ad6b83f88467bbfacf6826eaadd3a03985

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 May 2017 06:04:53 GMT
server: cloudflare
age: 13011
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
cf-ray: 5c6ac1f6b8c405b7-FRA
cf-request-id: 04b6978e36000005b749b8d200000001

GET
H2 200 jquery.mobile-1.4.5.js Show response
img.deusm.com/darkreading/JQuery_Library/ 256 KB
62 KB 58ms
27ms Script
application/javascript 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.deusm.com/darkreading/JQuery_Library/jquery.mobile-1.4.5.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a456c328bbb88fc991a5ddb80db492ec9e179a3ef443d50bf80b3fbbb5e8a7f7

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 17 Mar 2020 04:33:16 GMT
server: cloudflare
age: 3556
etag: W/"71b34-5a1056f31db00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cf-polished: origSize=465716
cf-ray: 5c6ac1f6bd8b05c4-FRA
cf-request-id: 04b6978e37000005c4fe9be200000001
cf-bgj: minify

GET
H2 200 informationweek.js Show response
twimgs.com/nojitter/js/ 11 KB
2 KB 50ms
19ms Script
application/javascript 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twimgs.com/nojitter/js/informationweek.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90ff91338e1002331c0f0db9a428a3411793d36e25213cd87e60986345a29b6b

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 May 2017 07:25:59 GMT
server: cloudflare
age: 79182
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
cf-ray: 5c6ac1f6b8bf05b7-FRA
cf-request-id: 04b6978e36000005b749b8a200000001

GET
H2 200 VisitorAPI.js Show response
twimgs.com/custom/library.gtecevent.com/assets/ 45 KB
14 KB 46ms
15ms Script
application/javascript 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twimgs.com/custom/library.gtecevent.com/assets/VisitorAPI.js?ormzkk
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed2c6c0fb3151dc9d40120a17446f07d8873a8b6e08b071bbed82cd6de9b78ba

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 16 Jan 2020 23:35:09 GMT
server: cloudflare
age: 80538
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
cf-ray: 5c6ac1f6b8c205b7-FRA
cf-request-id: 04b6978e36000005b749b8b200000001

GET
H2 200 at.js Show response
twimgs.com/custom/library.gtecevent.com/assets/ 106 KB
32 KB 50ms
20ms Script
application/javascript 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twimgs.com/custom/library.gtecevent.com/assets/at.js?ormzkk
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd8ddec509daf284f644926ce4a94e2cf5a3cefa41c7c18f2358b6cca80a4a3f

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 16 Jan 2020 23:34:58 GMT
server: cloudflare
age: 80541
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
cf-ray: 5c6ac1f6b8c305b7-FRA
cf-request-id: 04b6978e36000005b749b8c200000001

GET
H2 200 informa-iribbon.css
img.deusm.com/darkreading/ 2 KB
867 B 52ms
21ms Stylesheet
text/css 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.deusm.com/darkreading/informa-iribbon.css
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae4b8548f250831a2443bd449af625f6331b7c72e1f408789642a3050596d45

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 25 Apr 2019 07:05:41 GMT
server: cloudflare
age: 3556
etag: W/"cea-58755722bdb40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cf-polished: origSize=3306
cf-ray: 5c6ac1f6bd8605c4-FRA
cf-request-id: 04b6978e37000005c4fe9bb200000001
cf-bgj: minify

GET
H2 200 informa-iribbon.js Show response
img.deusm.com/darkreading/ 489 B
316 B 46ms
15ms Script
application/javascript 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.deusm.com/darkreading/informa-iribbon.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb295c2a72d39784b18a1d2d5b0c9976807f7cf010fe730b86d43bc55b0ae251

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 25 Apr 2019 07:05:52 GMT
server: cloudflare
age: 3556
etag: W/"229-5875572d3b400"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cf-polished: origSize=553
cf-ray: 5c6ac1f6bd8a05c4-FRA
cf-request-id: 04b6978e37000005c4fe9bd200000001
cf-bgj: minify

GET
H2 200 cookie_banner.js Show response
www.informationweek.com/script/ 1 KB
587 B 23ms
20ms Script
application/x-javascript 2606:4700::6811:549a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.informationweek.com/script/cookie_banner.js

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:549a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

4a33088fd0c405d0f3406714ba250932f0c892d32dda39a181e6cf6abe26843f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1234
x-powered-by: ASP.NET
status: 200
cf-request-id: 04b6978e1c000096bc80159200000001
last-modified: Tue, 24 Dec 2019 10:49:43 GMT
server: cloudflare
etag: W/"ab9871d947bad51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000
content-type: application/x-javascript
expires: Sat, 22 Aug 2020 11:07:34 GMT
cache-control: public, max-age=14400
cf-polished: origSize=1686
cf-ray: 5c6ac1f69b8896bc-FRA
cf-bgj: minify

GET
H2 200 / Show response
6600d6d98e534115970f9529a45f3195.js.ubembed.com/ 2 KB
1 KB 122ms
36ms Script
application/json 151.101.193.131
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://6600d6d98e534115970f9529a45f3195.js.ubembed.com/
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.131 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f1173677f89192f7127a9eaaeb8c5e191edb4952b602cf59b646a2fd72d344ce

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
x-backend-region: eu_west_1
age: 5870
x-amz-apigw-id: RqADbHdIjoEFvDw=
etag: 6290598d5a9f462ce2a527f07e3b0693-v0.178.1
vary: Accept-Encoding, Referer
x-cache: Miss from cloudfront, HIT
content-type: application/json
status: 200
cache-control: max-age=0, must-revalidate
x-amz-cf-pop: ARN1-C1
accept-ranges: none
access-control-allow-origin: *

GET
H2 200 jplayer.blue.monday.css
twimgs.com/nojitter/css/ 12 KB
3 KB 43ms
14ms Stylesheet
text/css 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twimgs.com/nojitter/css/jplayer.blue.monday.css
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a4f12795a11d0957a7e476cdd2516967e3e00f54841456fbd8c0dd607984d92

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 May 2017 07:28:28 GMT
server: cloudflare
age: 3557
etag: W/"2f89-54ec1d5e89f00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5c6ac1f6b8b905b7-FRA
cf-request-id: 04b6978e36000005b749b86200000001

GET
H2 200 style.css
twimgs.com/nojitter/css/ 912 B
418 B 44ms
14ms Stylesheet
text/css 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twimgs.com/nojitter/css/style.css
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a08be5766c0e198ba8171f7decd09065c08a5c850276325cc1792f25e7b356e

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 May 2017 07:30:36 GMT
server: cloudflare
age: 3557
etag: W/"390-54ec1dd89bf00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5c6ac1f6b8bb05b7-FRA
cf-request-id: 04b6978e36000005b749b87200000001

GET
H2 200 ubm-widget-style.css
dsimg.ubm-us.net/ubm-widget/css/ 29 KB
5 KB 42ms
12ms Stylesheet
text/css 2606:4700:3033::6818:7975
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dsimg.ubm-us.net/ubm-widget/css/ubm-widget-style.css
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6818:7975 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6414656f939f73a463499bd2c5a8f75793658adf6e05d0e4cd61d1ba36636b94

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
age: 3556
cf-polished: origSize=29587
status: 200
cf-request-id: 04b6978e3700001f35b89b0200000001
last-modified: Wed, 11 Apr 2018 16:31:21 GMT
server: cloudflare
etag: W/"7393-569952b4c0840"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 5c6ac1f6bd1e1f35-FRA
cf-bgj: minify

GET
H2 200 ubm-widget-min.js Show response
dsimg.ubm-us.net/ubm-widget/js/ 192 KB
49 KB 51ms
21ms Script
application/javascript 2606:4700:3033::6818:7975
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dsimg.ubm-us.net/ubm-widget/js/ubm-widget-min.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6818:7975 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffcaeef328a1e67717f714997426aaf936e4b9d378a5fbe1bd2a063dfeb50750

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Apr 2018 17:29:33 GMT
server: cloudflare
age: 3556
etag: W/"2fe99-56995fb6fbbe3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5c6ac1f6bd201f35-FRA
cf-request-id: 04b6978e3700001f35b89b1200000001

GET
H2 200 ng_forms.js Show response
www.informationweek.com/script/ 20 KB
5 KB 20ms
18ms Script
application/x-javascript 2606:4700::6811:549a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.informationweek.com/script/ng_forms.js?v5.14

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:549a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

f9b177e239ced67e117e6bb69189820081e586b09df40822bfa7b24e6b1ef883

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1234
x-powered-by: ASP.NET
status: 200
cf-request-id: 04b6978e1c000096bc8015a200000001
last-modified: Thu, 03 Oct 2019 08:41:09 GMT
server: cloudflare
etag: W/"a2d9bc4dc679d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000
content-type: application/x-javascript
expires: Sat, 22 Aug 2020 11:07:34 GMT
cache-control: public, max-age=14400
cf-polished: origSize=27201
cf-ray: 5c6ac1f69b8a96bc-FRA
cf-bgj: minify

GET
H2 200 widget-extra.css
twimgs.com/nojitter/css/ 443 B
598 B 42ms
13ms Stylesheet
text/css 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twimgs.com/nojitter/css/widget-extra.css?v1
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61494fd1b573b217034bef7e22044bda91962797d68efada6726910d32bb995b

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 13 Sep 2017 07:28:37 GMT
server: cloudflare
age: 963
etag: W/"1bb-5590d1ba81340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5c6ac1f6b8bc05b7-FRA
cf-request-id: 04b6978e36000005b749b88200000001

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 94 KB
33 KB 22ms
22ms Script
application/javascript 2a00:1450:4001:820::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-58C29PT

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8ef0d7d41c2380c12a83b586ed1ef4d036a951e922d0cc711405000f83a42713

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:34 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33365
x-xss-protection: 0
last-modified: Sat, 22 Aug 2020 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 22 Aug 2020 07:07:34 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 134 KB
34 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34269
x-xss-protection: 0
pragma: public
x-fb-debug: HJkwUPleVLvdEG6muIDcD7t65hdV4OE6lLu9VKaT76y5ax0BvB2XM+1dtc3eqyS7vlswpuxE5CUYYNN3/onbeg==
x-fb-trip-id: 1781455057
x-frame-options: DENY
date: Sat, 22 Aug 2020 07:07:34 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 362 B
1 KB 299ms
76ms XHR
application/json 52.48.66.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=77FB1CFE532B22840A490D45%40AdobeOrg&d_nsid=0&ts=1598080054915

Requested by

Host: twimgs.com
URL: https://twimgs.com/custom/library.gtecevent.com/assets/VisitorAPI.js?ormzkk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.66.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-48-66-74.eu-west-1.compute.amazonaws.com

Software

Resource Hash

6c28d6dab997425ea050f40c1941fb40c2d95601898bda10809bcc0c47b6e142

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v079-0ae7faa73.edge-irl1.demdex.com 5.77.1.20200812153735 2ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: dQ/YUwNDRyA=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.informationweek.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 301
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 729 B
680 B 56ms
56ms Script
text/javascript 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=rcCallback&render=explicit

Requested by

Host: dsimg.ubm-us.net
URL: https://dsimg.ubm-us.net/ubm-widget/js/ubm-widget-min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

35d38a74743f046056657cb86a71afb58dcad1e4d8e070b2d6f4b9a64bd701f4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 468
x-xss-protection: 1; mode=block
expires: Sat, 22 Aug 2020 07:07:35 GMT

GET
H2 200 832000476880185 Show response
connect.facebook.net/signals/config/ 524 KB
132 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/832000476880185?v=2.9.23&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

eeb0c449f78961c0d700e250d120b47b5f7a014823c4a270528de1ba5c28261f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 134891
x-xss-protection: 0
pragma: public
x-fb-debug: 2RB5zv8Vbm0YKydbFY4BbgCrV8JWGMK2GMZCgcWn4r3aktB4mtHVjiMmgFNMAIN7fosqGf1JtcYqxW2s+EhnLw==
x-fb-trip-id: 1781455057
x-frame-options: DENY
date: Sat, 22 Aug 2020 07:07:35 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bundle.js Show response
assets.ubembed.com/universalscript/releases/v0.178.1/ 162 KB
46 KB 230ms
98ms Script
application/javascript 13.226.155.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ubembed.com/universalscript/releases/v0.178.1/bundle.js
Requested by: Host: 6600d6d98e534115970f9529a45f3195.js.ubembed.com
URL: https://6600d6d98e534115970f9529a45f3195.js.ubembed.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.53 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-53.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: df25786bc3951d78d0f763a2a75a1f33b01b8ae2a5157831d2cf4d0348c2ede7

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 22:45:39 GMT
content-encoding: gzip
last-modified: Wed, 11 Dec 2019 22:14:50 GMT
server: AmazonS3
age: 21975717
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: Wgc3uPJSMyoRwp809-0Hb0hBjMxHWMJ2SIT_Z9SPrhHYBZMxsz5LGA==
via: 1.1 dfeaf865724e57eaac72220929416926.cloudfront.net (CloudFront)

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/aUMtGvKgJZfNs4PdY842Qp03/ 331 KB
131 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/aUMtGvKgJZfNs4PdY842Qp03/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=rcCallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c43d949c01ab753c52aa5aed169a56a1a36457bb447577625553624dfa2994eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 16:43:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 17 Aug 2020 04:08:03 GMT
server: sffe
age: 397422
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133391
x-xss-protection: 0
expires: Tue, 17 Aug 2021 16:43:53 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
259 B 25ms
5ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=832000476880185&ev=PageView&dl=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&rl=&if=false&ts=1598080055046&sw=1600&sh=1200&v=2.9.23&r=stable&ec=0&o=30&fbp=fb.1.1598080055045.497912429&it=1598080054967&coo=false&rqm=GET

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Sat, 22 Aug 2020 07:07:35 GMT

GET render.v1.js
static.adsnative.com/static/js/ 0
0

GET
H2 200 nativeclp.js Show response
i.ubm-us.net/oas/native_clp/js/ 2 KB
859 B 11ms
10ms Script
application/javascript 2606:4700:3031::ac43:c629
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ubm-us.net/oas/native_clp/js/nativeclp.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c629 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0bdd15fb5f1a4a05e480452d6f39b88e6be6b14b3074043512274c0c1f80aa56

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 27 Sep 2016 19:34:34 GMT
server: cloudflare
age: 49949
cf-polished: origSize=2270
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
cf-ray: 5c6ac1f97aa40610-FRA
cf-request-id: 04b6978fe60000061062984200000001
cf-bgj: minify

GET
H2 200 iwk_nativeclp.js Show response
i.ubm-us.net/oas/native_clp/js/ 85 B
177 B 13ms
13ms Script
application/javascript 2606:4700:3031::ac43:c629
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ubm-us.net/oas/native_clp/js/iwk_nativeclp.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c629 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e12df2cbf33151bdbd3fb86e63b4f01fc1d3eac7796cf82238ef8ef379ed49bb

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 27 Sep 2016 19:34:23 GMT
server: cloudflare
age: 49950
cf-polished: origSize=97
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
cf-ray: 5c6ac1f98ae40610-FRA
cf-request-id: 04b6978ff50000061062985200000001
cf-bgj: minify

GET
H2 200 iwk_nativeclp.css
i.ubm-us.net/oas/native_clp/css/ 117 B
235 B 11ms
10ms Stylesheet
text/css 2606:4700:3031::ac43:c629
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ubm-us.net/oas/native_clp/css/iwk_nativeclp.css
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c629 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb10ee4bb01244ef454b18ff3eeffa52e1f4579970be5a531f865a098c7fb58c

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
cf-cache-status: HIT
age: 2716
cf-polished: origSize=134
status: 200
cf-request-id: 04b69790030000061062986200000001
last-modified: Tue, 27 Sep 2016 19:35:30 GMT
server: cloudflare
etag: W/"86-53d8258e50480"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 5c6ac1f99b150610-FRA
cf-bgj: minify

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 29 KB
12 KB 226ms
82ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

92aea71f51b3b84ec301dd5df6ff9d46b006ae31f0408e9a612eecbaaac3f1c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11425
x-xss-protection: 0
server: cafe
etag: 4248986722328126383
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 22 Aug 2020 07:07:35 GMT

GET
H2 200 adblockDetector.js Show response
www.informationweek.com/prestitial/ 110 B
263 B 16ms
16ms Script
application/x-javascript 2606:4700::6811:549a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.informationweek.com/prestitial/adblockDetector.js

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:549a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

1399c38bd120b5ec5548085f61949d402a8bbf05a3831e0ff11a5f1345269046

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 2793
x-powered-by: ASP.NET
status: 200
cf-request-id: 04b6979069000096bc80170200000001
last-modified: Wed, 22 May 2019 10:29:40 GMT
server: cloudflare
etag: W/"986d2f438910d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000
content-type: application/x-javascript
expires: Sat, 22 Aug 2020 11:07:35 GMT
cache-control: public, max-age=14400
cf-polished: origSize=116
cf-ray: 5c6ac1fa4dfb96bc-FRA
cf-bgj: minify

GET
H2 200 IWK_mobile_user_nav.png
twimgs.com/nojitter/informationweek/resources/images/new/ 2 KB
2 KB 32ms
13ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/new/IWK_mobile_user_nav.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 232244b0ba946bbc8008bbda646852d28ea3e3bbb85abf13ab613606da9680e1

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 10:51:47 GMT
server: cloudflare
age: 79183
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa8b4405b7-FRA
content-length: 1922
cf-request-id: 04b6979099000005b749bc5200000001

GET
H2 200 spacer.gif
twimgs.com/nojitter/informationweek/resources/images/ 49 B
166 B 46ms
27ms Image
image/gif 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/spacer.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c5b83e390d046c3623c4b8e35b58aaf64a7481bb2372fb51ae2e0e7818f7407

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Mon, 10 Jul 2017 11:24:19 GMT
server: cloudflare
age: 65382
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa8b4505b7-FRA
content-length: 49
cf-request-id: 04b6979099000005b749bc6200000001

GET
H2 200 IWK_mobile_search_icon.png
twimgs.com/nojitter/informationweek/resources/images/new/ 2 KB
2 KB 28ms
10ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/new/IWK_mobile_search_icon.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2a9e752212b4609f979fcae11a4f768506cd4acb90339b66da256f0610858f6

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 10:51:58 GMT
server: cloudflare
age: 65382
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa8b4605b7-FRA
content-length: 2039
cf-request-id: 04b6979099000005b749bc7200000001

GET
H2 200 IWK_mobile_sm.png
twimgs.com/nojitter/informationweek/resources/images/new/ 3 KB
3 KB 28ms
10ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/new/IWK_mobile_sm.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29af1220687198b36d0de9a9a2e50f2a9ef6f756b08b9ebdf72022b924e73151

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 10:59:12 GMT
server: cloudflare
age: 79183
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa8b4805b7-FRA
content-length: 2571
cf-request-id: 04b6979099000005b749bc8200000001

GET
H2 200 IWK-sections-nav.png
twimgs.com/nojitter/informationweek/resources/images/new/ 3 KB
3 KB 27ms
9ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/new/IWK-sections-nav.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46eff3985410535501e8c70e41d0c029dfbcb80a30556d6e898879cd3617948f

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 10:51:37 GMT
server: cloudflare
age: 79183
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa8b4905b7-FRA
content-length: 2744
cf-request-id: 04b6979099000005b749bc9200000001

GET
H2 200 mobile_close.jpg
twimgs.com/nojitter/informationweek/resources/images/ 2 KB
2 KB 29ms
11ms Image
image/jpeg 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/mobile_close.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5c543f59d71e1e4f6b51c896febf86975206dcf9e34757f475b125d64d16ea6

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 10:58:04 GMT
server: cloudflare
age: 13006
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b4e05b7-FRA
content-length: 1592
cf-request-id: 04b697909a000005b749bca200000001

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 54 KB
19 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3643a4281550f1e770b0e731d318636ad8529507812515751dfef4b6b1fa142f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "609 / 280 of 1000 / last-modified: 1598051301"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 18609
x-xss-protection: 0
expires: Sat, 22 Aug 2020 07:07:35 GMT

GET
H2 200 pubads_impl_2020081801.js Show response
securepubads.g.doubleclick.net/gpt/ 257 KB
91 KB 195ms
68ms Script
text/javascript 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

sffe /

Resource Hash

ec21aac4031dc5c23e1d40e2ed211253ba70f67dce54bf03850ad5dd7b9d4e42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 Aug 2020 08:44:29 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92464
x-xss-protection: 0
expires: Sat, 22 Aug 2020 07:07:35 GMT

GET
H2 200 id Show response
ubmtech.d3.sc.omtrdc.net/ 2 B
324 B 215ms
68ms XHR
application/x-javascript 15.188.154.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ubmtech.d3.sc.omtrdc.net/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=77FB1CFE532B22840A490D45%40AdobeOrg&mid=40471250935683150122181040497703319300&ts=1598080055222

Requested by

Host: twimgs.com
URL: https://twimgs.com/custom/library.gtecevent.com/assets/VisitorAPI.js?ormzkk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.154.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-154-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Sat, 22 Aug 2020 07:07:35 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7b958987b-5mxfw
vary: Origin
x-c: master-1337.If22631.M0-435
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.informationweek.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=X0DENwAABJOULS3-
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=39523769727693784231204558934765455863
https://dpm.demdex.net/ibs:dpid=411&dpuuid=X0DENwAABJOULS3-

42 B
915 B

75ms
75ms

Image
image/gif

52.48.66.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=X0DENwAABJOULS3-

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.66.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-48-66-74.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v079-00ca1391d.edge-irl1.demdex.com 5.77.1.20200812153735 0ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: aYGIWi/7T1E=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Sat, 22 Aug 2020 07:07:35 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=X0DENwAABJOULS3-
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2 200 informationweek-logo2.png
twimgs.com/nojitter/informationweek/resources/images/ 5 KB
6 KB 37ms
20ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/informationweek-logo2.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfedf5fb1843c21f4b93a6e2faf269cdd27028596e3a204b1b6574f422615bb3

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 10:41:47 GMT
server: cloudflare
age: 79183
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b4f05b7-FRA
content-length: 5545
cf-request-id: 04b697909a000005b749bcb200000001

GET
H2 200 IWK_Newsletters.png
img.deusm.com/informationweek/ 4 KB
4 KB 40ms
23ms Image
image/png 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.deusm.com/informationweek/IWK_Newsletters.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38116605b056c8f0f094437590317f596d76dcfcc8976cc5032f2121eb44c6c1

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Wed, 18 Sep 2019 13:20:05 GMT
server: cloudflare
age: 2708
etag: "10a7-592d3b1f60eb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes
cf-ray: 5c6ac1fa8f9005c4-FRA
content-length: 4263
cf-request-id: 04b6979099000005c4fea0a200000001

GET
H2 200 news.png
twimgs.com/nojitter/informationweek/resources/images/ 2 KB
2 KB 28ms
11ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/news.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a97d612637d9a12c88fbcb92dbc3527c8b70874933ff814fe0615c7bdb1a0bc

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 10:57:31 GMT
server: cloudflare
age: 961
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5105b7-FRA
content-length: 2129
cf-request-id: 04b697909a000005b749bcc200000001

GET
H2 200 IW_default-icon.png
img.deusm.com/informationweek/ 2 KB
3 KB 40ms
23ms Image
image/png 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.deusm.com/informationweek/IW_default-icon.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39a82595bfd507ef8aec04be403a40df0522c7274d3d142015b2355cea460c54

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Mon, 21 Oct 2013 16:35:31 GMT
server: cloudflare
age: 961
etag: "9e7-4e942df575ac0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes
cf-ray: 5c6ac1fa9f9305c4-FRA
content-length: 2535
cf-request-id: 04b697909a000005c4fea0b200000001

GET
H2 200 comment.png
twimgs.com/nojitter/informationweek/resources/images/ 1 KB
1 KB 37ms
20ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/comment.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f65ccd30d1c95588b51035a804dd49090d7fbe6c2829a576a31d1b6a3e0f86b

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Mon, 10 Jul 2017 11:22:54 GMT
server: cloudflare
age: 79183
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5205b7-FRA
content-length: 1094
cf-request-id: 04b697909a000005b749bcd200000001

GET
H2 200 thumbs-up.png
twimgs.com/nojitter/informationweek/resources/images/ 2 KB
2 KB 27ms
11ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/thumbs-up.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f52201eedecf963a705285f5b5dd70410ac74125d92924da13004fa162b074da

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 09:07:12 GMT
server: cloudflare
age: 24606
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5305b7-FRA
content-length: 1542
cf-request-id: 04b697909a000005b749bce200000001

GET
H2 200 thumbs-down.png
twimgs.com/nojitter/informationweek/resources/images/ 2 KB
2 KB 28ms
12ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/thumbs-down.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b19f14d674857362b6e10d0dcb1703b149d9dda6f350d1737562fc36e4e67a81

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 09:07:01 GMT
server: cloudflare
age: 65382
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5405b7-FRA
content-length: 1572
cf-request-id: 04b697909a000005b749bcf200000001

GET
H2 200 widgets.js Show response
platform.twitter.com/ 95 KB
28 KB 207ms
63ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6adaf62612623c674af2f597baf83ffa56f157a9ab69346be7c11a9569fdebbc

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 28825
x-served-by: cache-bwi5146-BWI, cache-hhn4058-HHN
last-modified: Thu, 30 Jul 2020 22:04:50 GMT
etag: "1dc37899f984d453c1d3d8179829f041+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1800
accept-ranges: bytes
tw-cdn: FT

GET
H/1.1 200
OK in.js Show response
platform.linkedin.com/ 181 KB
55 KB 62ms
4ms Script
text/javascript 2a01:4a0:1338:28::c38a:ff13
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:4a0:1338:28::c38a:ff13 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software: Play /
Resource Hash: 1b8ba60049f9217af2ed437717a244b2287237e86c2b3e1ff10e140d44d0d82c

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-LI-UUID: J9yrSTqFLRaAoYkfoCsAAA==
Date: Sat, 22 Aug 2020 07:07:35 GMT
Content-Encoding: gzip
X-CDN-CLIENT-IP-VERSION: IPV6
Server: Play
X-Li-Pop: prod-ela1
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=3600
Connection: keep-alive
X-LI-Proto: http/1.1
Content-Length: 55598
X-CDN: AKAM
X-Li-Fabric: prod-lor1
Expires: Sat, 22 Aug 2020 08:05:28 GMT

GET
H2 200 solarwinds_IW-2020-state-of-devops.JPG
dsimg.ubm-us.net/asset/419533/659723/ 34 KB
34 KB 31ms
16ms Image
image/jpeg 2606:4700:3033::6818:7975
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsimg.ubm-us.net/asset/419533/659723/solarwinds_IW-2020-state-of-devops.JPG
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6818:7975 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 684fbe6c53a7a0596e11fdd68c8b9d8c17689c9b96a636b3e94079c1a9947e0e

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Thu, 30 Jul 2020 17:11:32 GMT
server: cloudflare
age: 961
etag: "8897-5ababc38b5917"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5c6ac1fa9dba1f35-FRA
content-length: 34967
cf-request-id: 04b697909a00001f35b89df200000001

GET
H2 200 Cynthia_Harvey.jpg
twimgs.com/nojitter/informationweek/resources/images/ 4 KB
5 KB 27ms
12ms Image
image/jpeg 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/Cynthia_Harvey.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d50a73b1885b7af67191fb0289bc82b723e42c53adaa3dd1777c6643a605fcba

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Wed, 12 Jul 2017 11:57:47 GMT
server: cloudflare
age: 65382
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5505b7-FRA
content-length: 4572
cf-request-id: 04b697909a000005b749bd0200000001

GET
H2 200 Mary-Shacklett-125x125.gif
img.deusm.com/internetevolution/ 15 KB
15 KB 34ms
18ms Image
image/gif 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.deusm.com/internetevolution/Mary-Shacklett-125x125.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf4be57d63e8a5ebd117622ae04e15b9a8e24a286f27021e8eb1ca5c2e0b6166

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Mon, 21 May 2012 20:17:38 GMT
server: cloudflare
age: 2707
etag: "3d39-4c09197e4fc80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
accept-ranges: bytes
cf-ray: 5c6ac1fa9f9605c4-FRA
content-length: 15673
cf-request-id: 04b697909a000005c4fea0c200000001

GET
H2 200 lisamorgan.jpg
twimgs.com/nojitter/informationweek/resources/images/ 26 KB
26 KB 33ms
18ms Image
image/jpeg 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/lisamorgan.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9c4fdf016dada0c097669d8b99933affafe6156ff5dfd952f83b9bfc66bda60

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Thu, 13 Jul 2017 06:26:00 GMT
server: cloudflare
age: 24598
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5605b7-FRA
content-length: 26782
cf-request-id: 04b697909a000005b749bd1200000001

GET
H2 200 NL-icon.png
twimgs.com/nojitter/informationweek/resources/images/ 3 KB
3 KB 36ms
21ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/NL-icon.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8b7ea5cc75abc79d502a95c5ccac8f97aa82fd8c13acc74c84c754eb86cc4c3

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 09:06:39 GMT
server: cloudflare
age: 79183
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5705b7-FRA
content-length: 2599
cf-request-id: 04b697909a000005b749bd2200000001

GET
H2 200 spacer.gif
img.deusm.com/images/ 49 B
173 B 39ms
24ms Image
image/gif 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.deusm.com/images/spacer.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c5b83e390d046c3623c4b8e35b58aaf64a7481bb2372fb51ae2e0e7818f7407

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Fri, 13 Oct 2000 01:54:07 GMT
server: cloudflare
age: 961
etag: "31-3737c29f20dc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
accept-ranges: bytes
cf-ray: 5c6ac1fa9f9805c4-FRA
content-length: 49
cf-request-id: 04b697909a000005c4fea0d200000001

GET
H2 200 video-arrow_left_off.gif
twimgs.com/nojitter/informationweek/resources/images/ 1 KB
1 KB 32ms
17ms Image
image/gif 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/video-arrow_left_off.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f61400081191bf755c967c186a8fd356b02010fac3412f84cf83d5dfe10dd5d

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 10:11:51 GMT
server: cloudflare
age: 79183
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5905b7-FRA
content-length: 1342
cf-request-id: 04b697909a000005b749bd3200000001

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/150c71e1-2466-41ac-a2d5-f7e900b07082/5e94f1b3-208e-42cd-8099-d9e632c94876/160x90/match/ 4 KB
4 KB 223ms
64ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/150c71e1-2466-41ac-a2d5-f7e900b07082/5e94f1b3-208e-42cd-8099-d9e632c94876/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: fc2cb9a1836be188b24c46e1ba1cdcd6d19e0b0b79049a1d84701eece65af07d

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 05:08:03 GMT
Via: 1.1 3df1d6f6e1999cb29078ddff1a62bd1d.cloudfront.net (CloudFront)
Age: 7172
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 3683
X-Amz-Cf-Id: BSqh3qBpXijAd-0Clw22mhI3dBh9dRnJviPoUUnuXQHqBsGjUrrn_A==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/ddf2ef47-312d-42c8-93ef-23ad723a5529/44fb1964-22f4-4b47-ac5b-b180bbfb09a0/160x90/match/ 3 KB
4 KB 224ms
64ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/ddf2ef47-312d-42c8-93ef-23ad723a5529/44fb1964-22f4-4b47-ac5b-b180bbfb09a0/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 81b61e3963d6c2dc555d7c73d6147a7c6b2d45395567524d55954e311812d6ec

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 03:25:04 GMT
Via: 1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront)
Age: 13351
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 3572
X-Amz-Cf-Id: V5uRQLuA_qwn9f7PMU-dmrIVugZmwO41V8QjhknXBF7HghMlHVy73A==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/a7b54fd5-dc9b-436d-b541-21427503eaad/f731f59a-1738-48d0-8938-5840254298b2/160x90/match/ 3 KB
4 KB 202ms
63ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/a7b54fd5-dc9b-436d-b541-21427503eaad/f731f59a-1738-48d0-8938-5840254298b2/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 733a16c402b466ef7c9143bd596e9e850da193b1b7650201a172c09154e23e83

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 17:59:58 GMT
Via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
Age: 47257
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 3499
X-Amz-Cf-Id: Pgx-cKPVcDXJY-JMKB5cbA-9scwaefuXkTQRjKcd1kmzmH3u8YKDdw==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/4de4dc10-02ff-419e-a173-cb6994e41234/5c12db3e-83fb-4f24-8fbb-5bf1400df339/129x90/match/ 2 KB
3 KB 203ms
64ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/4de4dc10-02ff-419e-a173-cb6994e41234/5c12db3e-83fb-4f24-8fbb-5bf1400df339/129x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: c1a4ed872e58773e8a8cc9bf0647da0ce3b1003735517fb9ca815c8e4f0b4bc0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 06:02:56 GMT
Via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
Age: 3879
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 2450
X-Amz-Cf-Id: uhfRQKIm4vSXvk-JCmCCaobsbt9pnbzG5q30pObz2R9qTQ_SfJ5xeA==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/7245112a-c377-41b7-bf49-6fad0ccd769f/de99645e-c499-4835-96d2-ac79c36ea937/149x90/match/ 2 KB
3 KB 191ms
64ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/7245112a-c377-41b7-bf49-6fad0ccd769f/de99645e-c499-4835-96d2-ac79c36ea937/149x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 64d729936559c85caa7ecaab1b97edf1f7f240cc5b876a32902670958775e984

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 17:20:15 GMT
Via: 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
Age: 49640
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 2406
X-Amz-Cf-Id: -dGg6JoxGBVno86soiaW-9Sp5tYHzJeSYhLkO5UVTu4F2eIL-2Nlkw==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/19557d36-86cd-4cd4-a26d-754c1e957501/f5d9262a-d261-4f83-9fab-53179b745950/135x90/match/ 2 KB
3 KB 192ms
63ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/19557d36-86cd-4cd4-a26d-754c1e957501/f5d9262a-d261-4f83-9fab-53179b745950/135x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 0330ecdc5489a4f1a7121f4e04e000cdbb8c18d3784b6becef688f2faee66e93

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 03:25:04 GMT
Via: 1.1 cdcb559c2f25d8ad2ccf0419bee33b03.cloudfront.net (CloudFront)
Age: 13351
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 2326
X-Amz-Cf-Id: pEdl6xYEVFRuMxGJF86Ai30fKSpbbOV1ztbzHd3jpkJjN6XWa7GYpQ==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/0c6f2a79-0367-478c-af1a-08d777685d90/b6f96684-e70b-4dc8-a945-fbe3e554aa49/160x90/match/ 2 KB
2 KB 65ms
64ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/0c6f2a79-0367-478c-af1a-08d777685d90/b6f96684-e70b-4dc8-a945-fbe3e554aa49/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 9e5308b7bcf92c85593c8235f82b5db720b2e7134ad12341d119a808232f0b43

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 04:12:44 GMT
Via: 1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront)
Age: 10491
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 1841
X-Amz-Cf-Id: Ht3FEAeAHIT5AakYPVK7RSjxp5btwjRrAU0alwI3U7SEe6aYqicA3A==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/142cdc47-1712-40b1-883e-6ce5b121413f/04b1c8ee-2d62-4284-ba94-04d02feaaf39/160x90/match/ 4 KB
4 KB 65ms
64ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/142cdc47-1712-40b1-883e-6ce5b121413f/04b1c8ee-2d62-4284-ba94-04d02feaaf39/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 6c39d5732a1fef74d96bc05dab1cf62833b21dab721b75c5412b62ce0d8fa4ea

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 10:58:45 GMT
Via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
Age: 72530
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 3844
X-Amz-Cf-Id: xTKksTlHEzq3vy7qJ-iXyyh0-shb5v9d0DSj1FFUSAfBqaNjhNFLMg==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/319e12d5-af78-40ef-8683-4afe67b0b668/749c19c2-bebe-4d48-ad4a-29655bd56330/142x90/match/ 3 KB
3 KB 64ms
63ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/319e12d5-af78-40ef-8683-4afe67b0b668/749c19c2-bebe-4d48-ad4a-29655bd56330/142x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: ab58578dfe33b0474b3a1b181ee076b54f3f2d7ef562cd96b94b2ce1b437f3d0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 10:58:45 GMT
Via: 1.1 3df1d6f6e1999cb29078ddff1a62bd1d.cloudfront.net (CloudFront)
Age: 72530
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 2758
X-Amz-Cf-Id: Y5e24_L2Oww0emxCaFnh0NogetnesrZeKDNv_b7dF0HqncZ9V8A55w==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/9f13a5af-5378-4f5a-ab38-99c860692856/7c78b83d-6c6d-4b65-b294-ca499cb72476/160x90/match/ 4 KB
4 KB 64ms
64ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/9f13a5af-5378-4f5a-ab38-99c860692856/7c78b83d-6c6d-4b65-b294-ca499cb72476/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: d4c44c0c4d00553d81a0185026a1260c93ceca5b6e2a7e17c98c1a60322a7e7d

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 06:21:09 GMT
Via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
Age: 2786
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 4058
X-Amz-Cf-Id: q0GDb9TMSII4QcSm25qc7gSU8qmfplsN4VnRKoFhnXpvS1ZzBIs1kw==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/20379810-bc4a-41cd-86b3-cab94d901ad1/5a02ec55-a54d-4d2f-91f9-d56d19cbd15a/160x90/match/ 4 KB
5 KB 64ms
63ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/20379810-bc4a-41cd-86b3-cab94d901ad1/5a02ec55-a54d-4d2f-91f9-d56d19cbd15a/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 6ada88201e93fa3be8d519419bded2f5c5e53936084ae8456dd38a4e86df13f3

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 08:34:29 GMT
Via: 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
Age: 81186
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 4286
X-Amz-Cf-Id: t5U4ldTpBwc0FtIvoyskvDRSVWA9Q6UaBudJFOepJB1EFbM5EsXvNw==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/0799c4f7-b51f-48fe-908b-efde7267f68b/44905aee-73b4-4071-9c37-94ba60278acc/160x90/match/ 4 KB
5 KB 63ms
63ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/0799c4f7-b51f-48fe-908b-efde7267f68b/44905aee-73b4-4071-9c37-94ba60278acc/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 6f4c9015be52b8c813425545f39d2e8c95dbd6660c1943c9117199b4cffdfb79

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 10:58:45 GMT
Via: 1.1 cdcb559c2f25d8ad2ccf0419bee33b03.cloudfront.net (CloudFront)
Age: 72530
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 4419
X-Amz-Cf-Id: z3vDTo-wYUqlfNoVMvnXb5dPhqNQpMav0nVu_du5q2zVIwm2Egqv8A==

GET
H2 200 video-arrow_right_on.gif
twimgs.com/nojitter/informationweek/resources/images/ 1 KB
1 KB 34ms
22ms Image
image/gif 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/video-arrow_right_on.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dde94ba3b6521bd5bbc5e3505539e99465267b78829e80bebe30b6ac0b7f546c

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 10:13:28 GMT
server: cloudflare
age: 65382
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5b05b7-FRA
content-length: 1341
cf-request-id: 04b697909a000005b749bd4200000001

GET
H2 200 IT_IT-Trend-coverpage-081720.gif
twimgs.com/custom_content/DigitalIssue/ 29 KB
29 KB 25ms
13ms Image
image/gif 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/custom_content/DigitalIssue/IT_IT-Trend-coverpage-081720.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc9e2736d89634c048131e8120ffa3186d2d86af1993e4a92f1c499e254fb07a

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Fri, 14 Aug 2020 15:44:35 GMT
server: cloudflare
age: 24597
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5c05b7-FRA
content-length: 29736
cf-request-id: 04b697909a000005b749bd5200000001

GET
H2 200 camera-24x16.png
twimgs.com/nojitter/informationweek/resources/images/ 1 KB
2 KB 33ms
22ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/camera-24x16.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8ef6f1f868d3e95a0f21e57ce98f2d8ea7c54ac0459f8a35a9abe44913e7c9b

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Mon, 10 Jul 2017 11:22:21 GMT
server: cloudflare
age: 65382
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5d05b7-FRA
content-length: 1481
cf-request-id: 04b697909a000005b749bd6200000001

GET
H2 200 00CloudStartupsIntro-pixabay-cp.jpg
img.deusm.com/informationweek/January20/ 70 KB
70 KB 26ms
15ms Image
image/jpeg 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.deusm.com/informationweek/January20/00CloudStartupsIntro-pixabay-cp.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68186da8217c1d4ad410860716ee0614e21ec23a60da354cbb03dd3dce2f89e1

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Wed, 29 Jul 2020 12:45:56 GMT
server: cloudflare
age: 2705
etag: "118ea-5ab93efd7e900"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
accept-ranges: bytes
cf-ray: 5c6ac1fa9f9905c4-FRA
content-length: 71914
cf-request-id: 04b697909a000005c4fea0e200000001

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/0b0d3d2d-ce1c-46a8-b977-814a415aafc1/6e798fbd-1dd2-4f3e-b13f-fb3cf49dfa72/160x90/match/ 4 KB
4 KB 67ms
65ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/0b0d3d2d-ce1c-46a8-b977-814a415aafc1/6e798fbd-1dd2-4f3e-b13f-fb3cf49dfa72/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 493f9736eeceeaf425d99f7e8d0ae636bd0994206b7a94083875b0d7839eb359

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 08:10:07 GMT
Via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
Age: 82648
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 3768
X-Amz-Cf-Id: YGXy1yDMG49TUQbo2vQ7CxhVKme8fFembg04ObQaMjLlp9fkXcvDOA==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/2f453c4e-a672-46d9-98ac-9aa5db05bf44/0e7f3371-9cea-4bcb-a560-5c568a9e0383/160x90/match/ 4 KB
4 KB 69ms
68ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/2f453c4e-a672-46d9-98ac-9aa5db05bf44/0e7f3371-9cea-4bcb-a560-5c568a9e0383/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 3112d0d18e4c95c40a30d294d3da7de3445dd07da19d1a2d737bd85386559ac9

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 03:37:19 GMT
Via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
Age: 12616
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 4100
X-Amz-Cf-Id: TTrKngjVJtH4-BKac6_8mT81C3I4MchhLW2f1ZlH-3n5cDRCfqQqdg==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/6db57daa-b183-4273-8d05-97b5ade1be14/06511232-44f3-452a-8164-3d7a4741d0f6/160x90/match/ 4 KB
4 KB 67ms
66ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/6db57daa-b183-4273-8d05-97b5ade1be14/06511232-44f3-452a-8164-3d7a4741d0f6/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 9b27e70f7985c9752417d5f3cd21b812e6703253b72af7cd6f64a8a0d1c71978

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 07:07:28 GMT
Via: 1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront)
Age: 7
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 3914
X-Amz-Cf-Id: h1d6dTJbSogEadHjJGlakxEawsPhVMyh0vrIsuu_A1Nc8hjl1VHf9Q==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/2099a222-9e15-43a9-b11d-38ea586f0f8a/21b9ef57-9ced-4b06-b356-c06e1a265eb8/160x90/match/ 4 KB
4 KB 79ms
79ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/2099a222-9e15-43a9-b11d-38ea586f0f8a/21b9ef57-9ced-4b06-b356-c06e1a265eb8/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: a09e7df78a2388e1ddd07dae352916763346e1fd4aad01c592f04c11027fb108

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 05:02:20 GMT
Via: 1.1 3df1d6f6e1999cb29078ddff1a62bd1d.cloudfront.net (CloudFront)
Age: 7515
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 3939
X-Amz-Cf-Id: t_L95QhCgB7mfkSILrkOR5Wc1WldalMuh87Z6cvkY0JOlomtEmXiSw==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/9a2fcb93-cde0-48eb-8076-dde3c92b3e5a/2a185c97-ef93-45e0-a056-468e62faf94e/160x90/match/ 4 KB
4 KB 67ms
67ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/9a2fcb93-cde0-48eb-8076-dde3c92b3e5a/2a185c97-ef93-45e0-a056-468e62faf94e/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 58fa7844a72e7769ccb2b91a10b1148b469846e9e3ca7f151a5e8e66c223fa07

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 07:07:28 GMT
Via: 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
Age: 7
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 3753
X-Amz-Cf-Id: LboUKy-hs2qfem97WWwU7hwUYoMTa_pT2mv-b2HqDn6ArWILJ6q_zw==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/17ae151d-b60f-4cbe-bb20-6cc87ab65389/be1193e8-8012-458d-9257-6f9e4b208930/160x90/match/ 4 KB
5 KB 69ms
68ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/17ae151d-b60f-4cbe-bb20-6cc87ab65389/be1193e8-8012-458d-9257-6f9e4b208930/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: cdd3ea23c31f2648f41910d222e1afdfc9604af17240b567a09220cd28f246c5

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 07:35:32 GMT
Via: 1.1 cdcb559c2f25d8ad2ccf0419bee33b03.cloudfront.net (CloudFront)
Age: 84723
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 4316
X-Amz-Cf-Id: sdXshOnuCCvn58aJV3_2XZnxDdvboiXx3gDCBLcToUPd-hX9KHFwQQ==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/a845d6fd-726c-452c-82c1-62a2bf148d4c/427cfa90-ce37-47ba-a517-2d28cd2fe578/160x90/match/ 4 KB
5 KB 66ms
65ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/a845d6fd-726c-452c-82c1-62a2bf148d4c/427cfa90-ce37-47ba-a517-2d28cd2fe578/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 97413884e185bdc121c29f7d19c9b3f5eb42700124853936d570b5459097979e

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 21:44:58 GMT
Via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
Age: 33757
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 4446
X-Amz-Cf-Id: aBJnAToXAFyG4ODdZ0Dekfcp5xq0nx6k15Gn9c367VMPGMuHeR8eEw==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/35b3e09c-bf90-422e-998c-d63b8121f699/b4915152-dbd2-4289-bee4-282d74a746ea/160x90/match/ 4 KB
4 KB 69ms
68ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/35b3e09c-bf90-422e-998c-d63b8121f699/b4915152-dbd2-4289-bee4-282d74a746ea/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 26686a44567bbe0157ec4131abd18639fed3e9d24bad7b3cf9f7d923ce5c770b

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 05:16:44 GMT
Via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
Age: 6651
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 3813
X-Amz-Cf-Id: m-lowAKvaxrXlvd0RNRfctqrJ293gRZg4VsudPJg_LjSKnalx4dHwQ==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/10a2f2b3-1122-42b6-8a14-8fa5082bef02/27759aad-9676-4492-9d86-382762f38df3/160x90/match/ 4 KB
4 KB 64ms
63ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/10a2f2b3-1122-42b6-8a14-8fa5082bef02/27759aad-9676-4492-9d86-382762f38df3/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: e8f4da17f1949f0eb535522706c59331302c0e890836fc2ba6aba921e81f85fd

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 14:26:26 GMT
Via: 1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront)
Age: 60069
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 3818
X-Amz-Cf-Id: o5XL0KvwyOdZC9xiWJmS8LqiWnBfsN6Pq443GLAv__yPBURkohA9tQ==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/fd358d06-5a15-4302-87fb-2a68dfd4d0a4/8bbd1562-9af2-4675-a47a-e9ca2ae23d87/160x90/match/ 4 KB
4 KB 67ms
67ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/fd358d06-5a15-4302-87fb-2a68dfd4d0a4/8bbd1562-9af2-4675-a47a-e9ca2ae23d87/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: a6dd6de9a83d88bf8d041d61b94800684c6eb447c6f959ff1b2038945c6eb364

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 03:37:21 GMT
Via: 1.1 3df1d6f6e1999cb29078ddff1a62bd1d.cloudfront.net (CloudFront)
Age: 12614
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 3952
X-Amz-Cf-Id: WGxg6UPSx1xT8HhqTjFfnKlBuPqyPYUIlUrxass2cqS6VWnqR8ivdw==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/8c1b9e51-e2ae-4dd0-b50f-badd3a9300ad/bffb44ca-9e18-4e3f-bb8c-5dc1e2dc6bfc/160x90/match/ 4 KB
4 KB 67ms
66ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/8c1b9e51-e2ae-4dd0-b50f-badd3a9300ad/bffb44ca-9e18-4e3f-bb8c-5dc1e2dc6bfc/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: 9f9eca957a036ecac5e8e85264759b27337db88626e96ad825658b8e065df0f5

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 21 Aug 2020 11:52:01 GMT
Via: 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
Age: 69334
X-Powered-From: gantry
X-Powered-By: BC
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
X-Amz-Cf-Id: raj_H7fFRKl3rK0CljBPOwqhGEmYpTXl1UKs_4Bvq8mEzGTJ7wV9NA==

GET
H/1.1 200
OK image.jpg
cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/79fb7489-c546-4224-933a-8e01851d906f/9812c616-a27a-448f-b0c1-6cf2f86b362b/160x90/match/ 4 KB
4 KB 70ms
69ms Image
image/jpeg 13.224.193.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf-images.us-east-1.prod.boltdns.net/v1/static/1568176135/79fb7489-c546-4224-933a-8e01851d906f/9812c616-a27a-448f-b0c1-6cf2f86b362b/160x90/match/image.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.146 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-146.fra2.r.cloudfront.net
Software: / BC
Resource Hash: bc32b2e41f4a19b75fa4aac4c47ab6d0011a26634436ada908bd29217e6ac47a

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 05:29:49 GMT
Via: 1.1 cdcb559c2f25d8ad2ccf0419bee33b03.cloudfront.net (CloudFront)
Age: 5866
X-Powered-From: gantry
X-Powered-By: BC
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Content-Length: 4189
X-Amz-Cf-Id: UJHYSdZnO6GzO_CR9vyrzlfnGJMGLIz-vtE1NWWXRXdVTQRgpBEh4Q==

GET
H2 200 survey_jspage.asp Show response
www.informationweek.com/ 5 KB
950 B 1299ms
1278ms Script
text/html 2606:4700::6811:549a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.informationweek.com/survey_jspage.asp?survey_id=154&cbust=64407

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:549a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

1a20c982ab1c4ed2cfc46d83cb7845b444585615fbd31228ff295635206a22bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:36 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: private
strict-transport-security: max-age=63072000
cf-ray: 5c6ac1fa8e2e96bc-FRA
cf-request-id: 04b6979099000096bc80174200000001

GET
H2 200 Social-FB.png
img.deusm.com/darkreading/ 2 KB
3 KB 23ms
14ms Image
image/png 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.deusm.com/darkreading/Social-FB.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbb475f48d03815474a554d3c16599917c2fabf811e3fe2772aeabeee474aa8f

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Fri, 11 Oct 2019 04:28:57 GMT
server: cloudflare
age: 3538
etag: "9a2-5949af4d49440"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes
cf-ray: 5c6ac1fa9f9a05c4-FRA
content-length: 2466
cf-request-id: 04b697909a000005c4fea0f200000001

GET
H2 200 Social-Twitter.png
img.deusm.com/darkreading/ 3 KB
3 KB 22ms
14ms Image
image/png 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.deusm.com/darkreading/Social-Twitter.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f762bf1a58c917c1ad50006bfcd192ab55b2d01a857b7c08b6c40e3af878695

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Fri, 11 Oct 2019 12:05:31 GMT
server: cloudflare
age: 3538
etag: "a2c-594a155a3d8c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes
cf-ray: 5c6ac1fa9f9c05c4-FRA
content-length: 2604
cf-request-id: 04b697909a000005c4fea10200000001

GET
H2 200 Social-LI.png
img.deusm.com/darkreading/ 3 KB
3 KB 32ms
24ms Image
image/png 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.deusm.com/darkreading/Social-LI.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4bbed2de83df27dc8130644101bce3dd9ddd1c178815e42bcb49118b4a73593c

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Fri, 11 Oct 2019 12:05:08 GMT
server: cloudflare
age: 3538
etag: "a0b-594a15444e500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes
cf-ray: 5c6ac1fa9f9d05c4-FRA
content-length: 2571
cf-request-id: 04b697909a000005c4fea11200000001

GET
H2 200 Social-RSS.png
img.deusm.com/darkreading/ 3 KB
3 KB 32ms
25ms Image
image/png 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.deusm.com/darkreading/Social-RSS.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0761aa1289035f3d20430d55e475043a8fa40deff221715e31068905d561753

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Fri, 11 Oct 2019 12:05:19 GMT
server: cloudflare
age: 3538
etag: "a73-594a154ecbdc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes
cf-ray: 5c6ac1fa9f9e05c4-FRA
content-length: 2675
cf-request-id: 04b697909a000005c4fea12200000001

GET
H2 200 Whitelogo.png
twimgs.com/nojitter/img/ 7 KB
7 KB 29ms
21ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/img/Whitelogo.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8041ba3d02102bd99dcead4dcc9882c484902362927cfd598e389e930f68ceb

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Thu, 09 Jan 2020 05:04:54 GMT
server: cloudflare
age: 59941
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5e05b7-FRA
content-length: 7304
cf-request-id: 04b697909a000005b749bd7200000001

GET
H2 200 ubm-tech-global-app-measurement.js Show response
twimgs.com/custom/library.gtecevent.com/assets/ 55 KB
20 KB 43ms
22ms Script
application/javascript 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twimgs.com/custom/library.gtecevent.com/assets/ubm-tech-global-app-measurement.js?ormzkk
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37a0bbeac143b190eb553c9e8ebf42b7f85b1acba06883855eda085fdf155c4b

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 16 Jan 2020 23:35:21 GMT
server: cloudflare
age: 80754
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
cf-ray: 5c6ac1fa8b4205b7-FRA
cf-request-id: 04b6979099000005b749bc4200000001

GET
H2

200

spacer.gif
twimgs.com/nojitter/informationweek/resources/images/
Redirect Chain

https://www.informationweek.com/client_pathlog.asp?p=%2Finformationweek%2Fsection%2F277&f=%2Finformationweek%2Fsection%2F277%2F1030918&rndserial=11254
https://twimgs.com/nojitter/informationweek/resources/images/spacer.gif

49 B
288 B

9ms
9ms

Image
image/gif

2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/spacer.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c5b83e390d046c3623c4b8e35b58aaf64a7481bb2372fb51ae2e0e7818f7407

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:36 GMT
cf-cache-status: HIT
last-modified: Mon, 10 Jul 2017 11:24:19 GMT
server: cloudflare
age: 65383
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fe5e8d05b7-FRA
content-length: 49
cf-request-id: 04b69792f6000005b749833200000001

Redirect headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 302
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000
content-type: text/html
location: https://twimgs.com/nojitter/informationweek/resources/images/spacer.gif
cache-control: private
cf-ray: 5c6ac1fbff3696bc-FRA
cf-request-id: 04b697917f000096bc80183200000001

GET
H2 200 lightreading_rating_dot_10x7.gif
twimgs.com/nojitter/informationweek/resources/images/ 49 B
160 B 35ms
28ms Image
image/gif 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/lightreading_rating_dot_10x7.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c5b83e390d046c3623c4b8e35b58aaf64a7481bb2372fb51ae2e0e7818f7407

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 09:26:51 GMT
server: cloudflare
age: 78788
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b5f05b7-FRA
content-length: 49
cf-request-id: 04b697909a000005b749bd8200000001

GET
H2 200 twitter_intevol_18x18.gif
twimgs.com/nojitter/informationweek/resources/images/ 619 B
729 B 34ms
27ms Image
image/gif 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/twitter_intevol_18x18.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebe3a0272a317857bf566a0deec42181bf0e89d280bb3143bba14da1ae1ddb10

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 11:22:03 GMT
server: cloudflare
age: 65382
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b6505b7-FRA
content-length: 619
cf-request-id: 04b697909a000005b749bda200000001

GET
H2 200 beacon-min.js Show response
ins.techweb.com/beacon/js/ 6 KB
2 KB 74ms
18ms Script
application/javascript 2606:4700:3033::ac43:ae3d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ins.techweb.com/beacon/js/beacon-min.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ae3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a290ede885635a3f7bb2b8e630bf795f15dde146fea32520b775bee1b2926ff3

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 5c6ac1fac8a2beec-FRA
date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 23 Mar 2017 17:04:42 GMT
server: cloudflare
age: 5030
etag: W/"6108-1490288682000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
status: 200
cache-control: max-age=14400
content-type: application/javascript
cf-request-id: 04b69790be0000beecd63f6200000001

GET
H2 200 nodetag.js Show response
content.dl-rms.com/rms/mother/564/ 315 B
430 B 357ms
153ms Script
application/javascript 87.236.16.24
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://content.dl-rms.com/rms/mother/564/nodetag.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.236.16.24 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.kryton.beget.com
Software: nginx-reuseport/1.13.4 / PHP/5.6.40
Resource Hash: d0cf3346854d4bf99c980c924eb9d5b769b3804063d35af1fea9fb942288325c

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Sat, 22 Aug 2020 07:07:35 GMT
server: nginx-reuseport/1.13.4
x-powered-by: PHP/5.6.40
content-length: 315
content-type: application/javascript; charset=UTF-8

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 198ms
63ms Script
application/x-javascript 104.108.64.33
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.64.33 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-64-33.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 07:07:35 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Sun, 23 Aug 2020 07:07:35 GMT

GET
H2 200 iribbon-logo.gif
twimgs.com/nojitter/gama/ 2 KB
2 KB 27ms
20ms Image
image/gif 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/gama/iribbon-logo.gif
Requested by: Host: img.deusm.com
URL: https://img.deusm.com/darkreading/informa-iribbon.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3bd482cd3ec17583f25ad0819d1ccbcd0cdcb0fe26f8d87b7f30fd61b3dc640

Request headers

Referer: https://img.deusm.com/darkreading/informa-iribbon.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Fri, 19 Apr 2019 06:59:19 GMT
server: cloudflare
age: 63263
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fa9b6205b7-FRA
content-length: 1931
cf-request-id: 04b697909a000005b749bd9200000001

GET
H/1.1 200
OK Cookie set dest5.html
ubm.demdex.net/ Frame 32CF 0
0 319ms
72ms Document
text/html 3.248.37.251
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ubm.demdex.net/dest5.html?d_nsid=0

Requested by

Host: twimgs.com
URL: https://twimgs.com/custom/library.gtecevent.com/assets/VisitorAPI.js?ormzkk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.248.37.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-37-251.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: ubm.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=39523769727693784231204558934765455863
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Thu, 13 Aug 2020 10:45:06 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=39523769727693784231204558934765455863;Path=/;Domain=.demdex.net;Expires=Thu, 18-Feb-2021 07:07:35 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: 0Xk2Q5ErR04=
Content-Length: 2785
Connection: keep-alive

POST
H2 200 /
www.facebook.com/tr/ 0
63 B 8ms
6ms Other
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryRYFyErdpcE44C4J2

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Sat, 22 Aug 2020 07:07:35 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.informationweek.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H/1.1 200
OK dpm_8effee409c625e1a2d8f5033631840e6ce1dcb64.min.js Show response
s.dpmsrv.com/ 761 KB
86 KB 277ms
73ms Script
application/x-javascript 143.204.94.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.dpmsrv.com/dpm_8effee409c625e1a2d8f5033631840e6ce1dcb64.min.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.94.121 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-121.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6df4eb3783bf684715535e6c0af536b3f6888050e95b724b676643cbbb801ea9

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 00:49:53 GMT
Content-Encoding: gzip
Last-Modified: Mon, 17 Aug 2020 16:00:26 GMT
Server: AmazonS3
Age: 22664
ETag: "e2cae120efd144e30e3cef02e6036f36"
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 87354
X-Amz-Cf-Id: jYCyDYDsXzGnoquEf4w9_AolGDp0B6r2CgD8scAxpJ6b2ebkSEiGmw==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1007530244/ 2 KB
1 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1007530244/?random=1598080055571&cv=9&fst=1598080055571&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&tiba=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning%20-%20InformationWeek&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d12f738e7bb79d4425da1cbf46ea7d00d214960e0618123068110d77bf0e6280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1060
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 26 KB
8 KB 55ms
28ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 20:00:00 GMT
x-msedge-ref: Ref A: 406F0EFD0ECE455BB80A47544406E457 Ref B: FRAEDGE1410 Ref C: 2020-08-22T07:07:35Z
status: 200
etag: "0e0bdafab5bd61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8022

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

809b4c95dcd6831b7d62d53a90e167a9f4ddd6ec8df85a7bd55f0bf5cbc1042d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: ZCq1ZHKlTOgS6/5qaHMAkw==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
etag: "c22b3ad0b2f4c696301a545f3b211345"
x-fb-debug: HDHQfDgf0M93gpHc3hf/aJHtTu8w+mIIFUtGiOncvMW7/+XlL1dlpmxavb7PzAUqUkUxQMdzTOOnPdE5MGSyfQ==
x-fb-trip-id: 1781455057
x-fb-content-md5: 0d55423332214c731a90d901aadfea33
x-frame-options: DENY
date: Sat, 22 Aug 2020 07:07:35 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 22 Aug 2020 07:16:30 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
829 B 33ms
14ms Script
application/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.informationweek.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
320 B 14ms
14ms Script
application/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.informationweek.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 iwk-it-network-iwk.gif
img.deusm.com/informationweek/ 3 KB
3 KB 11ms
11ms Image
image/gif 2606:4700:3032::681b:93f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.deusm.com/informationweek/iwk-it-network-iwk.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/styles/pano-framework.css?v=1.47
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681b:93f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 478b041f721d9154dc425be10f37f8cdcaab5656422099071b5a08f76c2fff9e

Request headers

Referer: https://www.informationweek.com/styles/pano-framework.css?v=1.47
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Thu, 03 Nov 2016 09:13:23 GMT
server: cloudflare
age: 961
etag: "abe-54061f82912c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
accept-ranges: bytes
cf-ray: 5c6ac1fb7a3505c4-FRA
content-length: 2750
cf-request-id: 04b697912f000005c4fea1e200000001

GET
H/2+Q/46 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
5 KB 187ms
119ms XHR
text/plain 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3183890926353766&correlator=3420636871648380&output=ldjh&impl=fif&eid=21066392&vrg=2020081801&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200822&iu_parts=2441%2CInformationWeek&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x250&prev_scp=pos%3Dtop%26testAd%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1598080055&dt=1598080055610&dlt=1598080054802&idt=609&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=96&adks=3560195062&ucis=1&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&dssz=58&icsg=844438018982563&std=0&csl=93&vis=1&dmc=8&scr_x=0&scr_y=0&psz=999x90&msz=999x90&ga_vid=1182060867.1598080056&ga_sid=1598080056&ga_hid=178359078&fws=4&ohw=999&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

d50b7e268e8eb1e2c1cad19c29cb0b6f9e5fa30aeea126766032b57cad36c606

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5193
x-xss-protection: 0
google-lineitem-id: 5451638842
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138320704429
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.informationweek.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
32e617b7b4cdcddd40fa5c086542f316.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 50ms
14ms Other
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://32e617b7b4cdcddd40fa5c086542f316.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 10ms
10ms Other
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 seach.png
twimgs.com/nojitter/informationweek/resources/images/new/ 1 KB
1 KB 10ms
9ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/new/seach.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26938b04b64ab630827adf5bc06f44a02562bcb1ff21377e4c8ffb3fdaa42425

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 10:52:54 GMT
server: cloudflare
age: 2702
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fbaf8805b7-FRA
content-length: 1349
cf-request-id: 04b697914c000005b749811200000001

GET
H2 200 facebook_icon.gif
twimgs.com/nojitter/informationweek/resources/images/ 1 KB
2 KB 11ms
10ms Image
image/gif 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/facebook_icon.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 333ebceb9aa9504dea89c8cf5c931d95c30c231b1eae8d3bdcc81fd33a37dd84

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 09:11:51 GMT
server: cloudflare
age: 65380
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fbaf8b05b7-FRA
content-length: 1511
cf-request-id: 04b697914d000005b749812200000001

GET
H2 200 twitter_icon.gif
twimgs.com/nojitter/informationweek/resources/images/ 1 KB
1 KB 12ms
10ms Image
image/gif 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/twitter_icon.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d00864408cbdc222c15d1121399de866b51a877be0b60f82e693ee8f5236401f

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 09:13:13 GMT
server: cloudflare
age: 24592
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fbaf8d05b7-FRA
content-length: 1249
cf-request-id: 04b697914d000005b749813200000001

GET
H2 200 linkedin_icon.gif
twimgs.com/nojitter/informationweek/resources/images/ 2 KB
2 KB 12ms
11ms Image
image/gif 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/linkedin_icon.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6516436c472b6188d35206dcdfecbee1900d191031112d348de7a04c405ff47c

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 09:11:41 GMT
server: cloudflare
age: 24592
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fbaf8f05b7-FRA
content-length: 1797
cf-request-id: 04b697914d000005b749814200000001

GET
H2 200 rss_icon.gif
twimgs.com/nojitter/informationweek/resources/images/ 2 KB
2 KB 11ms
10ms Image
image/gif 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/rss_icon.gif
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ee770b0e3baad401f79f09df651e6f4d5735bd799c62d2d7b58bf38478a76dd

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 09:10:44 GMT
server: cloudflare
age: 65380
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fbaf9005b7-FRA
content-length: 1830
cf-request-id: 04b697914d000005b749815200000001

GET
H2 200 menutripgradient.jpg
twimgs.com/nojitter/informationweek/resources/images/new/ 1 KB
2 KB 12ms
11ms Image
image/jpeg 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/new/menutripgradient.jpg
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecc7f0b3a6673ea2207e2b63ab29b2755d653faab413a35887e9d63ac5f404fa

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 10:56:56 GMT
server: cloudflare
age: 24604
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fbaf9105b7-FRA
content-length: 1520
cf-request-id: 04b697914d000005b749816200000001

GET
H2 200 BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4Omb2RlV9Su1cai.woff
fonts.gstatic.com/s/robotoslab/v12/ 15 KB
15 KB 7ms
6ms Font
font/woff 2a00:1450:4001:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v12/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4Omb2RlV9Su1cai.woff

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Slab:700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.informationweek.com
Referer: https://fonts.googleapis.com/css?family=Roboto+Slab:700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 06:44:16 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Jun 2020 02:24:04 GMT
server: sffe
age: 865399
status: 200
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15368
x-xss-protection: 0
expires: Thu, 12 Aug 2021 06:44:16 GMT

GET
H/2+Q/46 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 426 B
927 B 138ms
97ms XHR
text/plain 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3183890926353766&correlator=3420636871648380&output=ldjh&impl=fif&eid=21066392&vrg=2020081801&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200822&iu_parts=2441%2CInformationWeek&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x2&prev_scp=pos%3Dwallpaper%26testAd%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1598080055&dt=1598080055645&dlt=1598080054802&idt=609&frm=20&biw=1600&bih=1200&oid=3&adxs=300&adys=284&adks=4106651151&ucis=2&ifi=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&dssz=61&icsg=844438018982563&std=0&csl=93&vis=1&dmc=8&scr_x=0&scr_y=0&psz=999x291&msz=999x2&ga_vid=1182060867.1598080056&ga_sid=1598080056&ga_hid=178359078&fws=4&ohw=999&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

0fb71887e3dc08ed95e4f8b9ee72a4a4db1e6fbd8bc3e4a161df38fc33c72e4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 227
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.informationweek.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 38ms
9ms Script
application/x-javascript 2600:9000:2182:9400:18:1fcd:34e:d2a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:9400:18:1fcd:34e:d2a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 9233eac6e8f7adc20a334ce3854d5adbbed6dcc031a36ea1eee952894407951c

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 06:39:21 GMT
content-encoding: gzip
last-modified: Fri, 24 Apr 2020 01:13:41 GMT
server: nginx
age: 1694
etag: W/"5ea23d45-8e68"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=7200
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: rl1TexCGyjuMh2CTZ8fWg97d1WSfZH6hkV5uO48TRVG57JAldvhptA==
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)
expires: Sat, 22 Aug 2020 08:39:21 GMT

GET
H2 200 bullet.png
twimgs.com/nojitter/informationweek/resources/images/ 1 KB
1 KB 13ms
13ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/bullet.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e0e2ad3a93ec78d016efee0993b5856ba9b4acafcee3aa4d6f7162f039fcce4

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 09:06:50 GMT
server: cloudflare
age: 65380
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fc391405b7-FRA
content-length: 1054
cf-request-id: 04b697919f000005b74981b200000001

GET
H/2+Q/46 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 7 KB
4 KB 94ms
94ms XHR
text/plain 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

bb6faea399ff1d30497285193b1e148d05022312d0c0e780f01aa44925a0732c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3756
x-xss-protection: 0
google-lineitem-id: 5448661103
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138319757102
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.informationweek.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/2+Q/46 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 435 B
271 B 89ms
86ms XHR
text/plain 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

34d7e729ad59072f9b6084407899d77da2c5a0610ddd45cced2b39a8c27e266a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.informationweek.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/2+Q/46 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
5 KB 95ms
94ms XHR
text/plain 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

50ded9b9065e23b13e6907ab1754ba1d50a21476e562352e65f97133a55f55a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5177
x-xss-protection: 0
google-lineitem-id: 5451681724
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138320321202
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.informationweek.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 NL-button.png
twimgs.com/nojitter/informationweek/resources/images/ 2 KB
3 KB 12ms
12ms Image
image/png 2606:4700:3031::ac43:83be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://twimgs.com/nojitter/informationweek/resources/images/NL-button.png
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/styles/pano-framework.css?v=1.47
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:83be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b5688f8b168e06251901442c4f2f72b30c4477cb472833cde7979a8dca0a862

Request headers

Referer: https://www.informationweek.com/styles/pano-framework.css?v=1.47
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2017 10:48:10 GMT
server: cloudflare
age: 79182
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 5c6ac1fcaa3005b7-FRA
content-length: 2502
cf-request-id: 04b69791e7000005b749825200000001

GET
H/2+Q/46 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
5 KB 100ms
99ms XHR
text/plain 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

0092ed1d2c5d5cfe6715cc92a670aa4d75e2f943db5785517debab3e38fa8116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4970
x-xss-protection: 0
google-lineitem-id: 5451912659
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138320253122
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.informationweek.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/2+Q/46 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 412 B
460 B 91ms
91ms XHR
text/plain 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

47203fa73f17dec66fbde5a7947486b191a3e1091a542a044862670e3f487f98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 213
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.informationweek.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012008102328000/ Frame 63D5 206 KB
57 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5e145eadf3c0d2ca018da2d25a02de55ac0f70874da8bba148713fa326f278c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 63362
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57397
x-xss-protection: 0
server: sffe
date: Fri, 21 Aug 2020 13:31:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d730d226616e6acf"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Aug 2021 13:31:33 GMT

GET
H/2+Q/46 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012008102328000/v0/ Frame 63D5 94 KB
29 KB 30ms
14ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012008102328000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f125fd246e10689d46bc3c7c529be4f784c9adf3f80f0790a3532f7efd01b012

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 1223
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28844
x-xss-protection: 0
server: sffe
date: Sat, 22 Aug 2020 06:47:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "7dfeab575efd177f"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Aug 2021 06:47:12 GMT

GET
DATA 200
OK truncated
/ Frame 63D5 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05e95f49a5396b756f58ee9dd006ee7379b1ae6ce8be8e739811c248e1a5cc83

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 9981711100885050995
tpc.googlesyndication.com/simgad/ Frame 63D5 25 KB
25 KB 38ms
6ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9981711100885050995

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5553d262c9ef84e1914eb9992d427d565efded895b0deb5bfd0fa898e5ac639

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 17:22:01 GMT
x-content-type-options: nosniff
age: 395134
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25241
x-xss-protection: 0
last-modified: Mon, 17 Aug 2020 16:02:03 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Aug 2021 17:22:01 GMT

GET
H/2+Q/46 200 view
securepubads.g.doubleclick.net/pcs/ Frame 63D5 0
200 B 72ms
72ms Image
image/gif 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssYUnGZZwai_IU4vbv_KtsHzZEjslmSLjlt8LYWLAmCuhxZLue8VWc5f1mDnvR2Y-edoVaOsjSgZnA7w639PJOpnL501irdvJXO_k1R9GD2kVMsEyIxeY8S5uJJof_L6457hOTGH0t1uJTgKAz1yUiuumpdXmjPHm8-FJUVVEXdyAxAujN0LcwhTGFUYUEIHRrjMsCIcHgmHLaRa2A_c70RYGt9wVRT8BILdk8I09x1KSqkSgI9Jg2NqQwDvYBabzAYWlSrKy55I2iS2g&sai=AMfl-YSXJW3XJV1rrkKajT30HgGOdJq_QMdCwlS-xHuFjH4wmMtfqOIWjugoZmsLIXDA724DaZoj_48pJCxk9H_rJ2Gg4A84fcgh7pnvGuT2WGTPwPju7FzXZl6iXgSmUrM&sig=Cg0ArKJSzMU8OUA0p2OpEAE&adurl=

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 22 Aug 2020 07:07:35 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Aug 2020 07:07:35 GMT

GET
H/2+Q/46 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6D8C 0
0 71ms
70ms Fetch
image/gif 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstiDL_PKKo2f0OPe5ijJoakefgVRHvr2BmWgh9nHxDb-IKWR-8iKGP_xH_u6I9WEK6fa9o1zxbzqeDS4cS-rSt7DYWh4fdxEJz1rqaySdzVhvHcTDBaSX9_Sq1FU39QW_qwqSMjKKreX8VbpQk0QWz-mvDEEKfbEg1OlzIR7yY3ml_LeRmHT8nAi289mx2ZNMOBJa3Mo1gCrXyMWVY1AZ-oFv8_yt1jfFnfh6oaW9Bl1YVrdC0-_JLMbabKqHVofw09aKrQQ2whHAwoPhVkzlw&sai=AMfl-YRuVMOjGmobANN23ZWxFQXpaZTNxUDT6obesFcF_QU4KRn2dv9_ocfk67sim97OG3YJOXlIUvn0ImS_F2Z0QXml4kEDAVi-yS0xkf9vLssKhuTZ4mAlROZoFv2IjB8&sig=Cg0ArKJSzJ1my2YPcYY6EAE&urlfix=1&adurl=

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 22 Aug 2020 07:07:35 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Aug 2020 07:07:35 GMT

GET
H/2+Q/46 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6D8C 73 KB
28 KB 39ms
20ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52352645768c4c5daa8abebb4b8468932a84643e7d8edff47cd0666ec5b008bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1597858973492819"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28329
x-xss-protection: 0
expires: Sat, 22 Aug 2020 07:07:35 GMT

GET
H/2+Q/46 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 71 KB
27 KB 36ms
19ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a13ee75dc207f9a65442b766c6a68123d2f3b4db81d87c96604bd8dece2fcbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1597858973492819"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27037
x-xss-protection: 0
expires: Sat, 22 Aug 2020 07:07:35 GMT

GET
H/2+Q/46 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 409 B
242 B 96ms
94ms XHR
text/plain 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3183890926353766&correlator=3420636871648380&output=ldjh&impl=fif&adsid=NT&eid=21066392&vrg=2020081801&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200822&iu_parts=2441%2CInformationWeek&enc_prev_ius=%2F0%2F1&prev_iu_szs=6x6&prev_scp=pos%3Dpromo%26testAd%3D&cookie=ID%3D3068fe67a31fb20a-22e6be4ab9b600a5%3AT%3D1598080055%3AS%3DALNI_MbraJY9hm6w9_KUY5X7s9rmsj2fQA&bc=31&abxe=1&lmt=1598080055&dt=1598080055882&dlt=1598080054802&idt=609&frm=20&biw=1600&bih=1200&oid=3&adxs=942&adys=2809&adks=47615117&ucis=8&ifi=8&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&dssz=75&icsg=209421609520&std=0&csl=94&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x6&msz=336x6&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H83swRAZQLUxbfcduEzHoUszjtYERkOofL_7r8oNzPbI6rmMLTGfLBu67fF2hTuUxakZIh5cw%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H_QgVI1HWRsayaiaItRjkHDFXPng-1koWWsQCa8L5YN8t_LHVGvTPa7zPJOmJIOF57mLlbv9A&ga_vid=1182060867.1598080056&ga_sid=1598080056&ga_hid=178359078&fws=4&ohw=336&btvi=5

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

27ea780b8000268367ed0d11f9fc7e86295b2d13cb6dab5b60566fac84f7e321

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 213
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.informationweek.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/2+Q/46 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012008102328000/ Frame 0A30 206 KB
56 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5e145eadf3c0d2ca018da2d25a02de55ac0f70874da8bba148713fa326f278c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 1235
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57397
x-xss-protection: 0
server: sffe
date: Sat, 22 Aug 2020 06:47:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d730d226616e6acf"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Aug 2021 06:47:00 GMT

GET
H/2+Q/46 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012008102328000/v0/ Frame 0A30 94 KB
28 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012008102328000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f125fd246e10689d46bc3c7c529be4f784c9adf3f80f0790a3532f7efd01b012

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 1223
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28844
x-xss-protection: 0
server: sffe
date: Sat, 22 Aug 2020 06:47:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "7dfeab575efd177f"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Aug 2021 06:47:12 GMT

GET
DATA 200
OK truncated
/ Frame 0A30 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 473fb290d57ae0ac980296e96b7600a13b830eb2ea13297ac84553795176e8a5

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/2+Q/46 200 13741356598614212449
tpc.googlesyndication.com/simgad/ Frame 0A30 51 KB
51 KB 35ms
13ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13741356598614212449

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a10357a3a9662018685e5f79d968e35a2a29bd650ee6d4bb0e7e0bebb1581496

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 17:31:01 GMT
x-content-type-options: nosniff
age: 394594
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52180
x-xss-protection: 0
last-modified: Mon, 17 Aug 2020 15:51:12 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Aug 2021 17:31:01 GMT

GET
H/2+Q/46 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0A30 0
21 B 78ms
71ms Image
image/gif 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssLarm-YoyFCGuHmR6xGE5a0jAuZTbuoTzfkHUigjut3laCbGfnpzmxG6v-bZ74QlqIvY3-6-qQAdle6NPx8gmBP9n7iftDCQO2znEs3KFLOXQV7hwH2WZVg6H6PBqsiov4MagfpfSYH0HTJTGX1nA1ljnr2l6k1Bxlqdy6bXh8eUn9CGaQyPV3MmJkRsl_vERmdl7jD0KPvFqcaGgC0qE9NEyES3v_KfGODXcFaBIuAIenWdabY7Qq1hTndk2LlJ8SYoZAzLjHmXy-WQ&sai=AMfl-YQbscUbgWuWG7AaNM3quM_uzziD6V4dgpuabt3PVdv3y2A0D9K_GeavYeutYKYzT2H2zIHd7TWxsAE5VIDF71S6Htsa5wJ5GXqXRlOR5DZm6KKpFCUKvSmzsd3WGSk&sig=Cg0ArKJSzLmqHvgPHvuZEAE&adurl=

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 22 Aug 2020 07:07:35 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 194 KB
58 KB 10ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=0593d014fe6f6178bc8897524b59eb1c&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

52cfa4eaa420ab1999ead9f74755c4be5dca2ac45f683ac11464d9f13085ecec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.informationweek.com
Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 7VfUit7tndK8rnv992Q47A==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 59274
etag: "f08a617f1de18f61ec577ffc759caa20"
x-fb-debug: UO3a3mNHK0JNrfvN1cgwozzhDz8E0D42JVrfAnKALwiizXBt43HL3ASo2tEC7jcMNda+1ngI51NM+xuSf/sjaQ==
x-fb-trip-id: 1781455057
x-fb-content-md5: 3638ee50145cfc5bbe1a41487f43dcc2
x-frame-options: DENY
date: Sat, 22 Aug 2020 07:07:35 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Sun, 22 Aug 2021 06:50:13 GMT

GET
H/2+Q/46 200 /
www.google.com/pagead/1p-user-list/1007530244/ 42 B
517 B 58ms
26ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1007530244/?random=1598080055571&cv=9&fst=1598079600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&tiba=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning%20-%20InformationWeek&fmt=3&is_vtc=1&random=2508099281&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Aug 2020 07:07:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1007530244/ 42 B
153 B 32ms
28ms Image
image/gif 2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1007530244/?random=1598080055571&cv=9&fst=1598079600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&tiba=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning%20-%20InformationWeek&fmt=3&is_vtc=1&random=2508099281&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Aug 2020 07:07:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/2+Q/46 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012008102328000/ Frame D410 206 KB
56 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5e145eadf3c0d2ca018da2d25a02de55ac0f70874da8bba148713fa326f278c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 1236
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57397
x-xss-protection: 0
server: sffe
date: Sat, 22 Aug 2020 06:47:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d730d226616e6acf"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Aug 2021 06:47:00 GMT

GET
H/2+Q/46 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012008102328000/v0/ Frame D410 94 KB
28 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012008102328000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f125fd246e10689d46bc3c7c529be4f784c9adf3f80f0790a3532f7efd01b012

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 1224
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28844
x-xss-protection: 0
server: sffe
date: Sat, 22 Aug 2020 06:47:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "7dfeab575efd177f"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Aug 2021 06:47:12 GMT

GET
DATA 200
OK truncated
/ Frame D410 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f28dd96acd2f748242631a79dd877204384b1ff1521bfd895b4cbb58394cd6c8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/2+Q/46 200 10098400308317342678
tpc.googlesyndication.com/simgad/ Frame D410 32 KB
32 KB 8ms
8ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10098400308317342678

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a4ef7c3dd742bb24684ac1c95b9180ef94699bef3f4a1814fad24173980e855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 16:07:09 GMT
x-content-type-options: nosniff
age: 399627
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32837
x-xss-protection: 0
last-modified: Mon, 17 Aug 2020 15:40:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Aug 2021 16:07:09 GMT

GET
H/2+Q/46 200 view
securepubads.g.doubleclick.net/pcs/ Frame D410 0
44 B 77ms
76ms Image
image/gif 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsttTnLFC47nZMvKIvSIq1SyuRT7gjsqTPvnuL1gVN5OXmQtHRQg2LmxlwgRHEFXwvK50UGfDUPIuwTbUV61QCKQsPyxfJp7yOvxlons9000biFfsrvnaMckv6W9niSAdx3OVC8WJUBVP10b27SkP-wyHcnazriY51BJKsPM-we9hLcQupNz-1ghoaR0l1UrIHBdS0jtyRll_EKEkFVy-q1T72VAz1fp5uC-o68Hj0RYiic8XLa9XlIjmWhjpWhLX98l7gLzMhscGSSH2g&sig=Cg0ArKJSzEYsBqCtJeWbEAE&adurl=

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 22 Aug 2020 07:07:36 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/2+Q/46 204 l
www.google.com/ads/measurement/ Frame D410 0
0 15ms
14ms Image
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT9MCMu8QyD0RHA33q3arSJJSOO3E8bMNKiZEDOPERypvYz5hJyz2T9wXBuLWXKLPfsm2RAwYb0Ev9Qe3v-H1nK2fd_kQ
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/2+QUIC/46
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H/2+Q/46 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6D8C 0
21 B 71ms
70ms Image
image/gif 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvbO8QPjf0V1p-EYRklw4ML-D-1QYSjJVjV_VNaP0RG_7mF7kJ1wLCnh-l-12WP_rUpHbZg6VEccc0IWje-4FCTC-rXtDAEau8007I161SF23o1JVoMDp0dGqRZnK5yOasSFyW8x0voDSStspcbWV8mH6ral95O6ORtBVQf_mlnwOQ9imWxsGnpxVTDazuZO2qhmHmBMdanAh5Laj6dRIYW16cQDCvO6xXI5sSak0dHsUSJZpqSNP30j6S79kXHukkqOH0bVq2TFZp_BLlkhxJ64A&sai=AMfl-YRiDkOAVCfs0HD0FlWA7q0xlZo35ZhcKBNU7pHF9-icK2zdAEU8kuA4uREtJjWA6ikdLwuc8nuNlEulu5JEoYATgfSBQWUyQAwdUZgVm0nMTRfRqMeW0Liqkin07lI&sig=Cg0ArKJSzJxvcbXWF2_YEAE&urlfix=1&adurl=

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 22 Aug 2020 07:07:36 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/2+Q/46 200 view
securepubads.g.doubleclick.net/pcs/ Frame 63D5 0
21 B 71ms
71ms Image
image/gif 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv3IL-7Hlt4ov3f5R1VUoimb9gXb8X263P-vuFV85jHosuYe3yfPRVDZWls-Od75ODqQJmyx0bGsbbyhS5FFS0AncU_jnpOtUNH9VfsX-GXao_sFocbJUY1GdemVk-3CqnptQrRmlS_zcaN8aIXAoduoNSeOJ4-8IvZUK0W_tg5pRzBB-R6o1AJBfjrOMwEcMuFmd9sYnllra9mlHdyBkx0u56tVb7B6CZFpzsuA6oz5NO98VJRA85bVS15Q8CLSNiSkzr2QgqA-hGAJ09-&sai=AMfl-YRBkmK0pIWTJ5HIHxla2e5wO6mpCWH8-os76JzBJUzKHk6m8sbTjSnMhay-cFTShjK0nEszPUzgE4F7tCGOIGiTqw1yh76Lb58ZXW1hWD6k-cIZLMv8YF351PlOgcw&sig=Cg0ArKJSzFsPxaxmymBLEAE&adurl=

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 22 Aug 2020 07:07:36 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 0
bat.bing.com/action/ 0
148 B 30ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5476211&Ver=2&mid=871e3e28-15e4-3723-25b6-3f7ecdaca300&sid=82a095ea80320e410c1ebc3469c9ed79&vid=583ee87c3bc97b7c33bd5d4d354b7f79&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Phishers%20Turn%20To%20DNS%20Wildcards,%20Cache%20Poisoning%20-%20InformationWeek&p=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&r=&evt=pageLoad&msclkid=N&sv=1&rn=458050
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Sat, 22 Aug 2020 07:07:35 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 30A52DA4EDB449418811BBAF38FD8E81 Ref B: FRAEDGE1410 Ref C: 2020-08-22T07:07:36Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=3005435&ns__t=1598080056162&ns_c=windows-1252&cv=3.5&c8=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning%20-%20InformationWeek&c7=https%3A%2F...
https://sb.scorecardresearch.com/b2?c1=2&c2=3005435&ns__t=1598080056162&ns_c=windows-1252&cv=3.5&c8=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning%20-%20InformationWeek&c7=https%3A%2...

0
528 B

64ms
63ms

Image
text/plain

104.108.64.33
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=3005435&ns__t=1598080056162&ns_c=windows-1252&cv=3.5&c8=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning%20-%20InformationWeek&c7=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&c9=&cs_ak_ss=1
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.64.33 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-64-33.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 22 Aug 2020 07:07:36 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=3005435&ns__t=1598080056162&ns_c=windows-1252&cv=3.5&c8=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning%20-%20InformationWeek&c7=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&c9=&cs_ak_ss=1
Pragma: no-cache
Date: Sat, 22 Aug 2020 07:07:36 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 179ms
178ms Fetch
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=640989409269461&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=0593d014fe6f6178bc8897524b59eb1c&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.informationweek.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
x-fb-debug: zU67f+7C2PG+S27wFVaWzsPRj8XPPa+G7hXOlTKRlTHQ1ACe4N/Dz1QxhvnbvS4fEcbpQWUOpTFiLMo58LoCpA==
fb-s: unknown
status: 200
date: Sat, 22 Aug 2020 07:07:36 GMT
strict-transport-security: max-age=15552000; preload
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.informationweek.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 6D8C 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d4e23527a902149ad4b5e4de5b80005528f9388f13a4c92c9c1b556243e9575

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

index.php Show response
a.dpmsrv.com/dpmpxl/
Redirect Chain

https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&q%3DxImp%26v%3D1.x%26cl%3D55%26pixelIndex%3D0%26r%3D639676%26tzOffset%3D-120%26url%3Dhttps%253A%252F%252Fwww.informationwee...
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26q%253DxImp%2526v%253D1.x%2526cl%253D55%2526pixelIndex%253D0%2526r%253D639676%2526tzOffset%253...
https://a.dpmsrv.com/dpmpxl/index.php?id=2676142873037730215&q=xImp&v=1.x&cl=55&pixelIndex=0&r=639676&tzOffset=-120&url=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-...

250 B
1001 B

565ms
137ms

Script
text/javascript

3.229.100.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?id=2676142873037730215&q=xImp&v=1.x&cl=55&pixelIndex=0&r=639676&tzOffset=-120&url=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&_=1598080056239
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.229.100.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-229-100-58.compute-1.amazonaws.com
Software: /
Resource Hash: 7f7ff9eab807f23299e47b8fbdd83cb3ae6cbc33330cc1e0182e8d42b2025cdb

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
content-encoding: gzip
Access-Control-Max-Age: 10
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept
Content-Length: 222
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sat, 22 Aug 2020 07:07:36 GMT
X-Proxy-Origin: 165.231.142.36; 165.231.142.36; 722.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.154:80
AN-X-Request-Uuid: 1b6a8027-d073-411f-b65e-099e95507b95
Server: nginx/1.13.4
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://a.dpmsrv.com/dpmpxl/index.php?id=2676142873037730215&q=xImp&v=1.x&cl=55&pixelIndex=0&r=639676&tzOffset=-120&url=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&_=1598080056239
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/2+Q/46 200 13741356598614212449
tpc.googlesyndication.com/simgad/ Frame 0A30 51 KB
51 KB 6ms
6ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13741356598614212449

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a10357a3a9662018685e5f79d968e35a2a29bd650ee6d4bb0e7e0bebb1581496

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 17:31:01 GMT
x-content-type-options: nosniff
age: 394595
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52180
x-xss-protection: 0
last-modified: Mon, 17 Aug 2020 15:51:12 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Aug 2021 17:31:01 GMT

GET
H/2+Q/46 200 10098400308317342678
tpc.googlesyndication.com/simgad/ Frame D410 32 KB
32 KB 7ms
6ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10098400308317342678

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a4ef7c3dd742bb24684ac1c95b9180ef94699bef3f4a1814fad24173980e855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 16:07:09 GMT
x-content-type-options: nosniff
age: 399627
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32837
x-xss-protection: 0
last-modified: Mon, 17 Aug 2020 15:40:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Aug 2021 16:07:09 GMT

GET
H/2+Q/46 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0A30 0
21 B 71ms
71ms Image
image/gif 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuB48nLLSk7Fzsc6O8edLaBgawfOCtN500fNrdVL_PTX3mx1d-IrVUqljDycDbYmvJx37s-AZSSzadpbuR4RXpRiUnvlOiiajIFEvKLqz0rggQtUiFPZ-fl0Nzc0ogOB4YKxACBQAMVmVtYOQU0fZzDCZSUTYBrLnoqEdhabbHFQBGJOK2K_zUxiUz26VZG2w8YifNKZ46OvBXvkn_DGm-nsoMO5NxXaYkvZuOekcGwUVT3utcFXMbVgreYw7qjqzCv2SjFo7vvaGtDKdZs&sai=AMfl-YTNkKT6Ls_MrGxvlWQQZRQkmVa3r4pvVFdp7ni_cQWBLuyxH0vP6aU-SqxXHFxMX-ub3NfuiJKHsf-VgSNjykM1jhc4CYga83kGoqNV19e3d_duOuBeL8WBAL5AC0c&sig=Cg0ArKJSzDfQpyug-kqLEAE&adurl=

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 22 Aug 2020 07:07:36 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/2+Q/46 200 view
securepubads.g.doubleclick.net/pcs/ Frame D410 0
21 B 71ms
70ms Image
image/gif 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssAvAjrTRAFogD_Cs-LEgBnkBMOnILdZb1NfMBpSO3S__Hc0q_QfSpQtWIPoNj4MAaUMElOshyfZRxYfaKZDW76w-QrFVoNYKY3QcHm6XAjQMjRnRh-ejNogi-KOy785KmhWfhFFwFVsWL-ZXXDPD495bUt__ZeouYBUzxXUgQZjEulQlg19RV9SVEGnF7uDOfLuG7h8T2Yp0vVzRKXKOoKrWPh_Mu6-aiBngG5jkoCMfpE3-YHVimQMIImXb9dReUTGVBLLdf7rUwobdh9&sig=Cg0ArKJSzCUsrQysIr12EAE&adurl=

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 22 Aug 2020 07:07:36 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/2+Q/46 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 286 B
143 B 90ms
90ms XHR
text/plain 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3183890926353766&correlator=3420636871648380&output=ldjh&impl=fif&adsid=NT&eid=21066392&vrg=2020081801&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200822&iu_parts=2441&enc_prev_ius=%2F0%2F&prev_iu_szs=4x4&prev_scp=pos%3Dvideo%26testAd%3D&cookie=ID%3D3068fe67a31fb20a%3AT%3D1598080055%3AS%3DALNI_MYbTbsvb4sSN5VnUsZN3dZJ8vBxnA&bc=31&abxe=1&lmt=1598080056&dt=1598080056735&dlt=1598080054802&idt=609&frm=20&biw=1600&bih=1200&oid=3&adxs=1108&adys=4128&adks=3007876516&ucis=9&ifi=9&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&dssz=82&icsg=837686438083&mso=32&std=0&csl=94&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x4&msz=336x4&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H83swRAZQLUxbfcduEzHoUszjtYERkOofL_7r8oNzPbI6rmMLTGfLBu67fF2hTuUxakZIh5cw%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H_Y-WdJiJO7kBeYeL8pK2yH4mIpQO3Zb0pNRPlCWYyL5q-G7V0rFHLb_grt-PfRErD0BkZo7g%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H902zGfCsQi1clk9KDKZkRtDBr_J2rTvLAfa_rcMjUVUeLjx4TnhNdTORCSJt49apaBggifRg%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H_QgVI1HWRsayaiaItRjkHDFXPng-1koWWsQCa8L5YN8t_LHVGvTPa7zPJOmJIOF57mLlbv9A&ga_vid=1182060867.1598080056&ga_sid=1598080056&ga_hid=178359078&fws=4&ohw=336&btvi=6

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

5afd3e10da09bd6322122a1c78eea2449ae577e135b29e54a5cbad9df43dd991

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:36 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.informationweek.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 omnitureloggedin.asp Show response
www.informationweek.com/ 13 B
254 B 1304ms
1304ms XHR
text/html 2606:4700::6811:549a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.informationweek.com/omnitureloggedin.asp

Requested by

Host: img.deusm.com
URL: https://img.deusm.com/darkreading/JQuery_Library/Jquery_3.4.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:549a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

1c6187354682403a1fa4b7db2024a3677fac007b03103d5e71c989eb34b84ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept: */*
Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000
content-type: text/html
status: 200
cache-control: private
cf-ray: 5c6ac202db7f96bc-FRA
cf-request-id: 04b69795c3000096bc801ae200000001

GET
H2 200 s0660112262601
ubmtech.d3.sc.omtrdc.net/b/ss/cmpglobalvista/1/JS-2.8.2/ 43 B
244 B 68ms
68ms Image
image/gif 15.188.154.177
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ubmtech.d3.sc.omtrdc.net/b/ss/cmpglobalvista/1/JS-2.8.2/s0660112262601?AQB=1&ndh=1&pf=1&t=22%2F7%2F2020%209%3A7%3A38%206%20-120&mid=40471250935683150122181040497703319300&aamlh=6&ce=UTF-8&ns=ubmtech&pageName=informationweek.com%20gregg%20keizer%20phishers%20turn%20to%20dns%20wildcards%2C%20cache%20poisoning&g=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&cc=USD&events=event5&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&h1=InformationWeek%20Documents%7CPhishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning&c2=1030918&v2=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning%20-%20InformationWeek&c3=InformationWeek%20%7C%201030918%20%7C%20Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning&c4=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning&c7=Gregg%20Keizer&c8=2a01%3A4f8%3A192%3A5414%3A%3A2%20%7C%20Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&v10=saturday%7C3%3A00am&c11=News%20Analysis&v12=1030918&c13=saturday%7C3%3A00am&v13=www.informationweek.com&v15=First%20Visit&c17=New&v17=New&c19=Un-Registered&c20=20050308&c22=First%20Visit&c23=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918&v28=Gregg%20Keizer&v37=News%20Analysis&c41=5&c48=1&v48=1&c50=2.8.2&v61=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=77FB1CFE532B22840A490D45%40AdobeOrg&AQE=1

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.154.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-154-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
x-c: master-1337.If22631.M0-435
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Sun, 23 Aug 2020 07:07:38 GMT
server: jag
xserver: anedge-7b958987b-gssz2
etag: 3431850792835186688-4614195695078984459
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Fri, 21 Aug 2020 07:07:38 GMT

GET
H/2+Q/46 200 10449146614059103052
tpc.googlesyndication.com/simgad/ 31 KB
31 KB 7ms
6ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10449146614059103052?

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

150daf6e51f5288eaeb00175e3917f0ec4cdb17d4694b99413456cba650a2115

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 17 Aug 2020 13:15:30 GMT
x-content-type-options: nosniff
age: 409928
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31626
x-xss-protection: 0
last-modified: Wed, 12 Aug 2020 19:01:20 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Aug 2021 13:15:30 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 63D5 42 B
271 B 15ms
14ms Image
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvTRGy1Huwyi1TeOAZBnl8QrwcyjC25aozgBD8J7aJgoMbBGn0tL3IbZ1N6o5p5gN0qhCgl0UrBP3vGu5QVDrX9qUQM2WWLStHgmHR1Hvc&sig=Cg0ArKJSzGOQYoMqtmxMEAE&id=ampim&o=436,96&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1907&mtos=0,0,1907,1907,1907&tos=0,0,1907,0,0&tfs=258&tls=2165&g=100&h=100&tt=2166&r=v&avms=ampa&adk=3560195062

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0A30 42 B
107 B 14ms
13ms Image
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvoy-AYFEiH-7GpsW09D9AWDvnsmHVW2c6n3M9ZHAIxFnNdkIPOYkyCAeQWOvw1w8aOLKjZ9uq8sJhPELERS1e4JwQbDAbGegcCqtVOBd8&sig=Cg0ArKJSzIBiRnwYkHT6EAE&id=ampim&o=960,400&d=300,600&ss=1600,1200&bs=1600,1200&mcvt=1811&mtos=0,0,1811,1811,1811&tos=0,0,1811,0,0&tfs=194&tls=2005&g=100&h=100&tt=2005&r=v&avms=ampa&adk=1953725078

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK js_data.php Show response
100widgets.com/ 306 B
650 B 396ms
102ms Script
text/html 192.102.6.38
HVDS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://100widgets.com/js_data.php?id=278
Requested by: Host: content.dl-rms.com
URL: https://content.dl-rms.com/rms/mother/564/nodetag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.102.6.38 Kyiv, Ukraine, ASN57682 (HVDS-AS, UA),
Reverse DNS: 100widgets.com
Software: nginx / PHP/5.4.45
Resource Hash: cfd76f8f2b5ed21afc907b2a26e5a1bad5664c9e6deaac474b7e6790354bd282

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 22 Aug 2020 07:07:38 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/5.4.45
Vary: Accept-Encoding
Content-Type: text/html
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK a.html
6600d6d98e534115970f9529a45f3195.pages.ubembed.com/0227c2e1-854e-491f-9e8b-1a56e903809d/ Frame FB7D 0
0 191ms
64ms Document
text/html 54.93.101.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://6600d6d98e534115970f9529a45f3195.pages.ubembed.com/0227c2e1-854e-491f-9e8b-1a56e903809d/a.html?closedAt=0
Requested by: Host: assets.ubembed.com
URL: https://assets.ubembed.com/universalscript/releases/v0.178.1/bundle.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 54.93.101.66 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-101-66.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Host: 6600d6d98e534115970f9529a45f3195.pages.ubembed.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
p3p: CP="This is not a privacy policy."
x-unbounce-pageid: 0227c2e1-854e-491f-9e8b-1a56e903809d
etag: 382bd82e038387b0a09d5a91d699d22c
last-modified: Mon, 17 Aug 2020 15:15:14 GMT
content-encoding: gzip
x-proxy-backend: page-server
connection: close

GET
H2 200 widget_iframe.3c5aa8e2a38bbbee4b6d88e6846fc657.html
platform.twitter.com/widgets/ Frame F514 0
0 63ms
62ms Document
text/html 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.3c5aa8e2a38bbbee4b6d88e6846fc657.html?origin=https%3A%2F%2Fwww.informationweek.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /widgets/widget_iframe.3c5aa8e2a38bbbee4b6d88e6846fc657.html?origin=https%3A%2F%2Fwww.informationweek.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Response headers

status: 200
last-modified: Thu, 30 Jul 2020 21:53:52 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "9fa476ae827f556d5b037fe43632370d+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Sat, 22 Aug 2020 07:07:38 GMT
x-served-by: cache-bwi5121-BWI, cache-hhn4058-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 5825

GET
H2

200

like.php
www.facebook.com/plugins/ Frame E4FD
Redirect Chain

https://web.facebook.com/plugins/like.php?app_id=640989409269461&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2afa92191a105%26domain%3Dwww.inform...
https://www.facebook.com/plugins/like.php?app_id=640989409269461&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2afa92191a105%26domain%3Dwww.inform...

0
0

56ms
55ms

Document
text/html

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?app_id=640989409269461&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2afa92191a105%26domain%3Dwww.informationweek.com%26origin%3Dhttps%253A%252F%252Fwww.informationweek.com%252Ff3865668b1d3aec%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poi%2F60407745&layout=button&locale=en_US&sdk=joey&send=false&show_faces=false&width=87&_rdc=1&_rdr

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=0593d014fe6f6178bc8897524b59eb1c&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?app_id=640989409269461&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2afa92191a105%26domain%3Dwww.informationweek.com%26origin%3Dhttps%253A%252F%252Fwww.informationweek.com%252Ff3865668b1d3aec%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poi%2F60407745&layout=button&locale=en_US&sdk=joey&send=false&show_faces=false&width=87&_rdc=1&_rdr
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: fr=0MBIbI1wVLCr67yjo..BfQMQ3...1.0.BfQMQ3.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: about:blank

Response headers

status: 200
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
strict-transport-security: max-age=15552000; preload
content-encoding: br
timing-allow-origin: *
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-type: text/html; charset="utf-8"
x-fb-debug: UpVHPJTLsk7IbrgZzDJ3yqT4+OpGRDQ2QXH37zKhn4RCdipgF4d+zIPB0bYslw6f36xqjYtlxqIzKRyklER7jw==
date: Sat, 22 Aug 2020 07:07:38 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

Redirect headers

status: 302
location: https://www.facebook.com/plugins/like.php?app_id=640989409269461&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2afa92191a105%26domain%3Dwww.informationweek.com%26origin%3Dhttps%253A%252F%252Fwww.informationweek.com%252Ff3865668b1d3aec%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poi%2F60407745&layout=button&locale=en_US&sdk=joey&send=false&show_faces=false&width=87&_rdc=1&_rdr
x-fb-zr-redirect: 02|1598166458|FzBEAiAHI2GMsa4SggHAKKfrCFUk4fmqWQXLfHAqxFVhqA9ekwIgMAp_9LXpQORTGrx7sC60V-KfOYctmG611tCda2C9Kg4
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: KmzGqjm3q8vOpe4IKHg+qeFPFjXbBnjqnzJLjvBrnXn0zhFPQnNJ2Qr2WnUH5TMdtF97ozcNMWuhm0AaI1y/uQ==
content-length: 0
date: Sat, 22 Aug 2020 07:07:38 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 204 record.do
ins.techweb.com/beacon/ Frame A9C6 0
0 1001ms
1001ms Document
text/plain 2606:4700:3033::ac43:ae3d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ins.techweb.com/beacon/record.do?a=bfb712d4d19ed922a019f653ef0d27df3e8dac70570cb4ba0be8b5d8c49e00ac&u=https%253A%252F%252Fwww.informationweek.com%252Fphishers-turn-to-dns-wildcards-cache-poisoning%252Fd%252Fd-id%252F1030918%253F&t=P
Requested by: Host: ins.techweb.com
URL: https://ins.techweb.com/beacon/js/beacon-min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ae3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: ins.techweb.com
:scheme: https
:path: /beacon/record.do?a=bfb712d4d19ed922a019f653ef0d27df3e8dac70570cb4ba0be8b5d8c49e00ac&u=https%253A%252F%252Fwww.informationweek.com%252Fphishers-turn-to-dns-wildcards-cache-poisoning%252Fd%252Fd-id%252F1030918%253F&t=P
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Response headers

status: 204
date: Sat, 22 Aug 2020 07:07:39 GMT
set-cookie: __cfduid=dd0b475a0cbe4a52e4f429ace100cd5f91598080058; expires=Mon, 21-Sep-20 07:07:38 GMT; path=/; domain=.techweb.com; HttpOnly; SameSite=Lax Insights=27-8c778529-3183-40c9-accd-a5b01fc3a9d5; Domain=.techweb.com; Expires=Thu, 21-Aug-2025 07:07:39 GMT; Path=/
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
cf-cache-status: DYNAMIC
cf-request-id: 04b6979b490000beecd6052200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5c6ac20ba9b9beec-FRA

GET
H/1.1 200
OK elqCfg.min.js Show response
img.en25.com/i/ 6 KB
3 KB 190ms
63ms Script
application/x-javascript 95.100.78.166
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://img.en25.com/i/elqCfg.min.js

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.78.166 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-78-166.deploy.static.akamaitechnologies.com

Software

Resource Hash

6b4ebd6049c806e3eef1bd770b2d8b4fdd75803861ead3584ee753e41988efae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Connection: keep-alive
Content-Length: 2115
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 17 Jul 2020 18:55:09 GMT
Date: Sat, 22 Aug 2020 07:07:38 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache, no-store
ETag: "8bc15cb6b5cd61:0"
Accept-Ranges: bytes
Expires: Sat, 22 Aug 2020 07:07:38 GMT

GET
H/1.1

200
OK

index.php Show response
a.dpmsrv.com/dpmpxl/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=2676142873037730215&pixelIndex=0&_=1598080056240
https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=2676142873037730215&pixelIndex=0&_=1598080056240&google_gid=CAESEL_H2H2o6eYthc995XsAKnk&google_cver=1

0
598 B

138ms
137ms

Script
text/javascript

3.229.100.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=2676142873037730215&pixelIndex=0&_=1598080056240&google_gid=CAESEL_H2H2o6eYthc995XsAKnk&google_cver=1
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.229.100.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-229-100-58.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Access-Control-Max-Age: 10
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept
Content-Length: 0
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 22 Aug 2020 07:07:38 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=2676142873037730215&pixelIndex=0&_=1598080056240&google_gid=CAESEL_H2H2o6eYthc995XsAKnk&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 368
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 423396.gif
idsync.rlcdn.com/ 0
66 B 140ms
64ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/423396.gif?partner_uid=2676142873037730215
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 451
date: Sat, 22 Aug 2020 07:07:38 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58C29PT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 6718
date: Sat, 22 Aug 2020 05:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Sat, 22 Aug 2020 07:15:40 GMT

GET
H/1.1 200 Cookie set login.jsp
ng.techweb.com/authds/login/ Frame D26F 0
0 443ms
111ms Document
text/html 2620:103::192:155:48:119
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.techweb.com/authds/login/login.jsp?type=iframe&cdsocket_client=https://www.informationweek.com/cdsocket_proxy.html
Requested by: Host: img.deusm.com
URL: https://img.deusm.com/darkreading/JQuery_Library/Jquery_3.4.1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:103::192:155:48:119 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software: NG /
Resource Hash

Request headers

Host: ng.techweb.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Response headers

Set-Cookie: JSESSIONID=9F90BDC4F9E78E5C5FE6E7352441907F; Path=/; Secure; HttpOnly
vary: accept-encoding
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 754
Date: Sat, 22 Aug 2020 07:07:38 GMT
Server: NG
Content-Encoding: gzip
Connection: Keep-Alive

GET
H2 200 ping
ping.chartbeat.net/ 43 B
168 B 414ms
139ms Image
image/gif 23.20.2.75
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=informationweek.com&p=%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918&u=B_m9TqCfHprsCgCUKT&d=informationweek.com&g=53678&g0=News&g1=Gregg%20Keizer&n=1&f=00001&c=0&x=0&m=0&y=5105&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=7279&t=D4OEPVBtERECDsQjcBB9m0xDBYecj0&V=120&i=Phishers%20Turn%20To%20DNS%20Wildcards%2C%20Cache%20Poisoning%20-%20InformationWeek&tz=-120&sn=1&sv=DuAnEmCavzRiDbYkfPCNne8bxfsUk&sd=1&im=066b2f7f&_
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.20.2.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-20-2-75.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Sat, 22 Aug 2020 07:07:38 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 moment~timeline~tweet.006e6e150e3a965b21e4fc914a590d30.js Show response
platform.twitter.com/js/ 24 KB
8 KB 64ms
63ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline~tweet.006e6e150e3a965b21e4fc914a590d30.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: be72b4682425893f45b1420747773a28f56ceb19898fe38cce692662a45ced7b

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 7866
x-served-by: cache-bwi5139-BWI, cache-hhn4058-HHN
last-modified: Thu, 30 Jul 2020 21:53:39 GMT
etag: "00905893c2c28d2e922fc149df706711+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 timeline.5ca108765b2ea8f4f7bf6784a62617a7.js Show response
platform.twitter.com/js/ 21 KB
7 KB 63ms
62ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.5ca108765b2ea8f4f7bf6784a62617a7.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c46a6aa8d461f932532de4a4c740b0da237e38d5f111508d298ae3f937a30888

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 6651
x-served-by: cache-bwi5120-BWI, cache-hhn4058-HHN
last-modified: Thu, 30 Jul 2020 21:53:39 GMT
etag: "ada52fd65bacf32ae2fa66819697a19e+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 button.683df8cb64b87a8e4759b1fa17147ad1.js Show response
platform.twitter.com/js/ 7 KB
2 KB 62ms
62ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.683df8cb64b87a8e4759b1fa17147ad1.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: aa2a3db7f92e7a7c6a897f2922e6937e04b3b65b01345f72e1814ff21540847e

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 2298
x-served-by: cache-bwi5135-BWI, cache-hhn4058-HHN
last-modified: Thu, 30 Jul 2020 21:53:39 GMT
etag: "a1edaf0f14262c7e3306f9b502e5e779+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=178359078&t=pageview&_s=1&dl=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918&dp=%...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-135180592-1&cid=1182060867.1598080056&jid=1492742733&_gid=1492810266.1598080058&gjid=1000272739&_v=j83&z=1615636481

35 B
99 B

16ms
16ms

Image
image/gif

2a00:1450:400c:c04::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-135180592-1&cid=1182060867.1598080056&jid=1492742733&_gid=1492810266.1598080058&gjid=1000272739&_v=j83&z=1615636481

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 22 Aug 2020 07:07:38 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 22 Aug 2020 07:07:38 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-135180592-1&cid=1182060867.1598080056&jid=1492742733&_gid=1492810266.1598080058&gjid=1000272739&_v=j83&z=1615636481
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 421
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 profile Show response
cdn.syndication.twimg.com/timeline/ 159 KB
13 KB 233ms
211ms Script
application/javascript 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_InformationWeek_old&dnt=true&domain=www.informationweek.com&lang=en&screen_name=InformationWeek&suppress_response_codes=true&t=1775644&tz=GMT%2B0200&with_replies=false

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f /

Resource Hash

c1b721e2e591ecb160728addba9dbfae93783c1d8a579ca235bc8eb15b5e18a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-disposition: attachment; filename=jsonp.jsonp
content-length: 13182
x-xss-protection: 0
x-response-time: 189
last-modified: Sat, 22 Aug 2020 07:07:38 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
access-control-allow-methods: GET
content-type: application/javascript;charset=utf-8
expires: Sat, 22 Aug 2020 07:12:38 GMT
cache-control: must-revalidate, max-age=300
x-connection-hash: 676b1e1b5cb0dc6521c52f356ffa4927
timing-allow-origin: *
x-transaction: 0016be2c0097198a
access-contol-allow-origin: platform.twitter.com

GET
H2 200 syndication
syndication.twitter.com/i/jot/ 43 B
338 B 176ms
175ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/syndication?dnt=1&l=%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A1598080058374%2C%22dnt%22%3Atrue%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 117
pragma: no-cache
last-modified: Sat, 22 Aug 2020 07:07:38 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 9a5cd32d8a76598d05542a94c8cdc264
x-transaction: 00c4da0d00345d47
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1

200
OK

svrGP.aspx Show response
s657486201.t.eloqua.com/visitor/v200/
Redirect Chain

https://s657486201.t.eloqua.com/visitor/v200/svrGP?pps=50&siteid=657486201&DLKey=7435f16d0b5c4189a89d0d109d2517f5&DLLookup=&ms=378&firstPartyCookieDomain=trk.informationweek.com
https://s657486201.t.eloqua.com/visitor/v200/svrGP.aspx?pps=50&siteid=657486201&DLKey=7435f16d0b5c4189a89d0d109d2517f5&DLLookup=&ms=378&firstPartyCookieDomain=trk.informationweek.com&elqCookie=1

0
369 B

156ms
156ms

Script
application/javascript

142.0.160.13
NETDYNAMICS

General

Check archive.org

Show headers Download Go to

Full URL

https://s657486201.t.eloqua.com/visitor/v200/svrGP.aspx?pps=50&siteid=657486201&DLKey=7435f16d0b5c4189a89d0d109d2517f5&DLLookup=&ms=378&firstPartyCookieDomain=trk.informationweek.com&elqCookie=1

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

142.0.160.13 Ashburn, United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
Date: Sat, 22 Aug 2020 07:07:38 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: private,no-cache, no-store
Content-Type: application/javascript
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: -1

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
Date: Sat, 22 Aug 2020 07:07:38 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Location: https://s657486201.t.eloqua.com/visitor/v200/svrGP.aspx?pps=50&siteid=657486201&DLKey=7435f16d0b5c4189a89d0d109d2517f5&DLLookup=&ms=378&firstPartyCookieDomain=trk.informationweek.com&elqCookie=1
Cache-Control: private,no-cache, no-store
Content-Type: text/html; charset=utf-8
Content-Length: 335
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H/1.1

200
OK

svrGP.aspx
trk.informationweek.com/visitor/v200/
Redirect Chain

https://s2150.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=2150&ref2=elqNone&tzo=-60&ms=378&optin=disabled&firstPartyCookieDomain=trk.informationweek.com
https://trk.informationweek.com/visitor/v200/svrGP.aspx?pps=3&siteid=2150&ref2=elqNone&tzo=-60&ms=378&optin=disabled&elq1pcGUID=00E3CBF729B6475CB26CF2ED8AA6F95C

49 B
539 B

694ms
241ms

Image
image/gif

142.0.173.134
NETDYNAMICS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trk.informationweek.com/visitor/v200/svrGP.aspx?pps=3&siteid=2150&ref2=elqNone&tzo=-60&ms=378&optin=disabled&elq1pcGUID=00E3CBF729B6475CB26CF2ED8AA6F95C

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

142.0.173.134 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
Date: Sat, 22 Aug 2020 07:07:38 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: private,no-cache, no-store
Content-Type: image/gif
Content-Length: 49
X-XSS-Protection: 1; mode=block
Expires: -1

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
Date: Sat, 22 Aug 2020 07:07:37 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Location: https://trk.informationweek.com/visitor/v200/svrGP.aspx?pps=3&siteid=2150&ref2=elqNone&tzo=-60&ms=378&optin=disabled&elq1pcGUID=00E3CBF729B6475CB26CF2ED8AA6F95C
Cache-Control: private,no-cache, no-store
Content-Type: text/html; charset=utf-8
Content-Length: 301
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H2 200 tweet_button.3c5aa8e2a38bbbee4b6d88e6846fc657.en.html
platform.twitter.com/widgets/ Frame FE95 0
0 63ms
63ms Document
text/html 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.3c5aa8e2a38bbbee4b6d88e6846fc657.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /widgets/tweet_button.3c5aa8e2a38bbbee4b6d88e6846fc657.en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Response headers

status: 200
last-modified: Thu, 30 Jul 2020 21:53:47 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "11c2a427fea5f0067ab597938e520d03+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Sat, 22 Aug 2020 07:07:38 GMT
x-served-by: cache-bwi5129-BWI, cache-hhn4058-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 12298

GET
H/1.1 200
OK stat.js.php Show response
100widgets.com/ 0
265 B 96ms
95ms Script
application/javascript 192.102.6.38
HVDS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://100widgets.com/stat.js.php
Requested by: Host: 100widgets.com
URL: https://100widgets.com/js_data.php?id=278
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.102.6.38 Kyiv, Ukraine, ASN57682 (HVDS-AS, UA),
Reverse DNS: 100widgets.com
Software: nginx / PHP/5.4.45
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 07:07:38 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/5.4.45
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 a0hBKla_
pbs.twimg.com/card_img/1296070210252877825/ Frame EF9C 3 KB
3 KB 16ms
13ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1296070210252877825/a0hBKla_?format=jpg&name=144x144_2

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4188) /

Resource Hash

d3f005096f486c572d6d8f06ff5415160d3b22e1a7e846fd9c671592db73feeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 221283
x-cache: HIT
status: 200
content-length: 3101
x-response-time: 140
surrogate-key: card_img card_img/bucket/0 card_img/1296070210252877825
last-modified: Wed, 19 Aug 2020 13:01:12 GMT
server: ECS (fcn/4188)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 617180fa15fd46a78b912e4a2414fb11
accept-ranges: bytes

GET
H2 200 VHEANMsY
pbs.twimg.com/card_img/1295744113149583360/ Frame EF9C 34 KB
34 KB 9ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1295744113149583360/VHEANMsY?format=jpg&name=600x314

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40DD) /

Resource Hash

11ec6023967928b860f5d876e6f5c9e6160f9bf084153848fa52945939cfb814

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 315462
x-cache: HIT
status: 200
content-length: 34520
x-response-time: 149
surrogate-key: card_img card_img/bucket/2 card_img/1295744113149583360
last-modified: Tue, 18 Aug 2020 15:25:24 GMT
server: ECS (fcn/40DD)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: c6ff702389d1a132d0a09ed7003eb7c6
accept-ranges: bytes

GET
H2 200 8dhID39g
pbs.twimg.com/card_img/1295404300433203200/ Frame EF9C 696 B
855 B 15ms
12ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1295404300433203200/8dhID39g?format=png&name=100x100_2

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40FA) /

Resource Hash

2eedd8276734af715363c1968729ec8298ce096da887046d12a9bb57334c98a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 320410
x-cache: HIT
status: 200
content-length: 696
x-response-time: 131
surrogate-key: card_img card_img/bucket/7 card_img/1295404300433203200
last-modified: Mon, 17 Aug 2020 16:55:07 GMT
server: ECS (fcn/40FA)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7fa00ba47fe41c4ade199ab03212da1b
accept-ranges: bytes

GET
H2 200 timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
platform.twitter.com/css/ Frame EF9C 53 KB
12 KB 64ms
63ms Stylesheet
text/css 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 12144
x-served-by: cache-bwi5151-BWI, cache-hhn4058-HHN
last-modified: Thu, 30 Jul 2020 21:53:34 GMT
etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
platform.twitter.com/css/ 53 KB
53 KB 63ms
63ms Image
text/css 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 12144
x-served-by: cache-bwi5151-BWI, cache-hhn4058-HHN
last-modified: Thu, 30 Jul 2020 21:53:34 GMT
etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 a0hBKla_
pbs.twimg.com/card_img/1296070210252877825/ Frame EF9C 3 KB
3 KB 17ms
15ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1296070210252877825/a0hBKla_?format=jpg&name=144x144_2

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.006e6e150e3a965b21e4fc914a590d30.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4195) /

Resource Hash

d3f005096f486c572d6d8f06ff5415160d3b22e1a7e846fd9c671592db73feeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 221283
x-cache: HIT
status: 200
content-length: 3101
x-response-time: 140
surrogate-key: card_img card_img/bucket/0 card_img/1296070210252877825
last-modified: Wed, 19 Aug 2020 13:01:12 GMT
server: ECS (fcn/4195)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 617180fa15fd46a78b912e4a2414fb11
accept-ranges: bytes

GET
H2 200 VHEANMsY
pbs.twimg.com/card_img/1295744113149583360/ Frame EF9C 34 KB
34 KB 18ms
17ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1295744113149583360/VHEANMsY?format=jpg&name=600x314

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.006e6e150e3a965b21e4fc914a590d30.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418A) /

Resource Hash

11ec6023967928b860f5d876e6f5c9e6160f9bf084153848fa52945939cfb814

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 315462
x-cache: HIT
status: 200
content-length: 34520
x-response-time: 149
surrogate-key: card_img card_img/bucket/2 card_img/1295744113149583360
last-modified: Tue, 18 Aug 2020 15:25:24 GMT
server: ECS (fcn/418A)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: c6ff702389d1a132d0a09ed7003eb7c6
accept-ranges: bytes

GET
H2 200 8dhID39g
pbs.twimg.com/card_img/1295404300433203200/ Frame EF9C 696 B
755 B 8ms
7ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1295404300433203200/8dhID39g?format=png&name=100x100_2

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.006e6e150e3a965b21e4fc914a590d30.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B0) /

Resource Hash

2eedd8276734af715363c1968729ec8298ce096da887046d12a9bb57334c98a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 320410
x-cache: HIT
status: 200
content-length: 696
x-response-time: 131
surrogate-key: card_img card_img/bucket/7 card_img/1295404300433203200
last-modified: Mon, 17 Aug 2020 16:55:07 GMT
server: ECS (fcn/40B0)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7fa00ba47fe41c4ade199ab03212da1b
accept-ranges: bytes

GET
H2 200 L184HF7I_normal.jpg
pbs.twimg.com/profile_images/805893520259215360/ Frame EF9C 2 KB
2 KB 17ms
10ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/805893520259215360/L184HF7I_normal.jpg

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E4) /

Resource Hash

b553399a42dd1c5cc8ad60d0e93fefafe8fd85e42390f874b5c0037ebc2ba14c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 571240
x-cache: HIT
status: 200
content-length: 1959
x-response-time: 115
surrogate-key: profile_images profile_images/bucket/7 profile_images/805893520259215360
last-modified: Mon, 05 Dec 2016 21:54:02 GMT
server: ECS (fcn/40E4)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 9f1f9df901fe9cc3c61eeb087d0e32e0
accept-ranges: bytes

GET
H2 200 Lisa_M_normal.jpg
pbs.twimg.com/profile_images/53512379/ Frame EF9C 864 B
1009 B 17ms
9ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/53512379/Lisa_M_normal.jpg

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4188) /

Resource Hash

135899521d576fc8489482bdd2c6ee63aa1ed2e723244c245f3de448d12829f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 509236
x-cache: HIT
status: 200
content-length: 864
x-response-time: 125
surrogate-key: profile_images profile_images/bucket/9 profile_images/53512379
last-modified: Thu, 04 Nov 2010 01:42:54 GMT
server: ECS (fcn/4188)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: eee854489102d84fc4c7d000571abd53
accept-ranges: bytes

GET
H2 200 f4syDXWc_normal.jpg
pbs.twimg.com/profile_images/799356284688470016/ Frame EF9C 2 KB
2 KB 14ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/799356284688470016/f4syDXWc_normal.jpg

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4188) /

Resource Hash

497fbdd1e530a78143b5ebb1cc50eab16fd8bd7a858ab04674ac56952085d657

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 571755
x-cache: HIT
status: 200
content-length: 2187
x-response-time: 116
surrogate-key: profile_images profile_images/bucket/3 profile_images/799356284688470016
last-modified: Thu, 17 Nov 2016 20:57:24 GMT
server: ECS (fcn/4188)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 16aeabf05a24caeffcec3117ea90bfd9
accept-ranges: bytes

GET
H2 200 sFzqq4cK_normal.png
pbs.twimg.com/profile_images/651116488988880896/ Frame EF9C 2 KB
2 KB 9ms
8ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/651116488988880896/sFzqq4cK_normal.png

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E2) /

Resource Hash

cebfe310b1ad6f72d20142f9b8d372ee5b7dbd0615d63f814b43ef0a718c23d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 462688
x-cache: HIT
status: 200
content-length: 2187
x-response-time: 123
surrogate-key: profile_images profile_images/bucket/8 profile_images/651116488988880896
last-modified: Mon, 05 Oct 2015 19:25:22 GMT
server: ECS (fcn/40E2)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 8ca951a336a1058afbc6a808837f2f83
accept-ranges: bytes

GET
H2 200 EeoyoACc_normal.png
pbs.twimg.com/profile_images/1295333761526226944/ Frame EF9C 1 KB
2 KB 13ms
9ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1295333761526226944/EeoyoACc_normal.png

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B3) /

Resource Hash

0f9ad7c2cabb9600d9ca184366b2d849dd870f9664cca2677db22586571066bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 333559
x-cache: HIT
status: 200
content-length: 1427
x-response-time: 122
surrogate-key: profile_images profile_images/bucket/0 profile_images/1295333761526226944
last-modified: Mon, 17 Aug 2020 12:14:49 GMT
server: ECS (fcn/40B3)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: bd724bc9ee3cdb2199c51006e22a2d7d
accept-ranges: bytes

GET
H2 200 SZ7ctmEc_normal.jpg
pbs.twimg.com/profile_images/720604561484996612/ Frame EF9C 2 KB
2 KB 13ms
10ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/720604561484996612/SZ7ctmEc_normal.jpg

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4197) /

Resource Hash

d49e04f55d5290617b410991fab765ce81038e2c81b775b890feb20f509af161

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 390701
x-cache: HIT
status: 200
content-length: 1655
x-response-time: 124
surrogate-key: profile_images profile_images/bucket/2 profile_images/720604561484996612
last-modified: Thu, 14 Apr 2016 13:26:10 GMT
server: ECS (fcn/4197)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d714c5a711d43eec42bc6e598034b523
accept-ranges: bytes

GET
H2 200 Ve0ZLqN8_normal.jpg
pbs.twimg.com/profile_images/1233096555227426818/ Frame EF9C 2 KB
2 KB 14ms
10ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1233096555227426818/Ve0ZLqN8_normal.jpg

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4187) /

Resource Hash

2f13cec4760ce432d7ab362890c0f6ebdb9218eaa40205c291c65b827d064abb

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 427639
x-cache: HIT
status: 200
content-length: 1959
x-response-time: 122
surrogate-key: profile_images profile_images/bucket/9 profile_images/1233096555227426818
last-modified: Thu, 27 Feb 2020 18:26:23 GMT
server: ECS (fcn/4187)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 30af8c1d1243d9cf17a18422d733f9b6
accept-ranges: bytes

GET
H2 200 Maria_and_I_normal.jpg
pbs.twimg.com/profile_images/593854455/ Frame EF9C 999 B
1 KB 13ms
11ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/593854455/Maria_and_I_normal.jpg

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40AD) /

Resource Hash

15662126459d58f35cb1bf795e444a560cfe5c4129a94c5034ac3bbc72a2aa3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 392444
x-cache: HIT
status: 200
content-length: 999
x-response-time: 130
surrogate-key: profile_images profile_images/bucket/6 profile_images/593854455
last-modified: Thu, 04 Nov 2010 01:42:54 GMT
server: ECS (fcn/40AD)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 67ee3ae090a805c3e0f0392020fbdd53
accept-ranges: bytes

GET
H2 200 W5s-fgMi_normal.png
pbs.twimg.com/profile_images/1128711417249636352/ Frame EF9C 5 KB
5 KB 11ms
10ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1128711417249636352/W5s-fgMi_normal.png

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41AF) /

Resource Hash

c466f8d3006a2976581214ae825f51dbbdb0d9161ce1dcdc84dfe32b25314642

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 384950
x-cache: HIT
status: 200
content-length: 4999
x-response-time: 131
surrogate-key: profile_images profile_images/bucket/7 profile_images/1128711417249636352
last-modified: Wed, 15 May 2019 17:17:06 GMT
server: ECS (fcn/41AF)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ce42312f78014f7d906073d274e5d95a
accept-ranges: bytes

GET
H2 200 _jnuPSPO_normal.jpg
pbs.twimg.com/profile_images/999663604147212289/ Frame EF9C 2 KB
2 KB 12ms
11ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/999663604147212289/_jnuPSPO_normal.jpg

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4189) /

Resource Hash

2d6a4690ddbace5eb2842068c2d877ab4bde8e5ead88e00a80a931360da7287f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 420385
x-cache: HIT
status: 200
content-length: 2111
x-response-time: 130
surrogate-key: profile_images profile_images/bucket/4 profile_images/999663604147212289
last-modified: Thu, 24 May 2018 14:47:10 GMT
server: ECS (fcn/4189)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 17461a61ca052ff8fb05ced7af9d5d45
accept-ranges: bytes

GET
H2 200 Ef8yFKcX0AMZsmG
pbs.twimg.com/media/ Frame EF9C 18 KB
18 KB 9ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Ef8yFKcX0AMZsmG?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40F9) /

Resource Hash

39e0a07b2bc583bfd069ebaa8c45a3a8118e2decb548d916778562641fdd922e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 61009
x-cache: HIT
status: 200
content-length: 18600
x-response-time: 139
surrogate-key: media media/bucket/4 media/1296810281990082563
last-modified: Fri, 21 Aug 2020 14:01:59 GMT
server: ECS (fcn/40F9)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 5982421185445882beb35a566233a642
accept-ranges: bytes

GET
H2 200 Ef3zBWhXkAILnUU
pbs.twimg.com/media/ Frame EF9C 21 KB
21 KB 11ms
9ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Ef3zBWhXkAILnUU?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40DB) /

Resource Hash

93d56389cc4bd369587cfa5174753cfb88e852c3504f28d7c1d0119f651cf92b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 144839
x-cache: HIT
status: 200
content-length: 21506
x-response-time: 179
surrogate-key: media media/bucket/0 media/1296459472303525890
last-modified: Thu, 20 Aug 2020 14:47:59 GMT
server: ECS (fcn/40DB)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: bdca87d57857ebc34cd26e11f0beb180
accept-ranges: bytes

GET
H2 200 Efyjjf3WAAEFlLd
pbs.twimg.com/media/ Frame EF9C 15 KB
15 KB 10ms
8ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Efyjjf3WAAEFlLd?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418A) /

Resource Hash

9c8df0a16fc73f5224e8c9f831cb989d005b54b698d3bc52ec0abb3a98b59149

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 147671
x-cache: HIT
status: 200
content-length: 15515
x-response-time: 154
surrogate-key: media media/bucket/0 media/1296090623020236801
last-modified: Wed, 19 Aug 2020 14:22:19 GMT
server: ECS (fcn/418A)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: f0a6721e0b38e093df178aac8a073152
accept-ranges: bytes

GET
H2 200 Efy4niMXkAES0oy
pbs.twimg.com/media/ Frame EF9C 4 KB
4 KB 10ms
8ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Efy4niMXkAES0oy?format=png&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40FB) /

Resource Hash

5e7bf647bdb6f4a59bb111266981191de27e1b48f68d4ed64ca8fc4ebacdecde

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 147702
x-cache: HIT
status: 200
content-length: 4062
x-response-time: 134
surrogate-key: media media/bucket/9 media/1296113782108950529
last-modified: Wed, 19 Aug 2020 15:54:20 GMT
server: ECS (fcn/40FB)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 36a446c2189a12c3dd51ab9bd8655cb2
accept-ranges: bytes

GET
H2 200 EfzH7wiX0AAZfdi
pbs.twimg.com/media/ Frame EF9C 16 KB
16 KB 13ms
11ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EfzH7wiX0AAZfdi?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A7) /

Resource Hash

9087b1c0693940afbfc1de109e61de687c1024e3e44011f8f536e2ad503af977

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 147648
x-cache: HIT
status: 200
content-length: 16306
x-response-time: 137
surrogate-key: media media/bucket/3 media/1296130622231138304
last-modified: Wed, 19 Aug 2020 17:01:15 GMT
server: ECS (fcn/41A7)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d82c542b6e0e3ab958542a8e9e54b962
accept-ranges: bytes

GET
H2 200 EfttfakXgAMlXqq
pbs.twimg.com/media/ Frame EF9C 28 KB
28 KB 12ms
10ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EfttfakXgAMlXqq?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E2) /

Resource Hash

e55404ca2024d809532c059fa1b078bedfad2602ebde04b0a9ac6a06e7a57923

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 269925
x-cache: HIT
status: 200
content-length: 28598
x-response-time: 140
surrogate-key: media media/bucket/2 media/1295749704274378755
last-modified: Tue, 18 Aug 2020 15:47:38 GMT
server: ECS (fcn/40E2)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 6ebd9358892fe5e2cf601e14f22f628b
accept-ranges: bytes

GET
H2 200 Ef3Wbc5XYAAZeaY
pbs.twimg.com/media/ Frame EF9C 10 KB
10 KB 10ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Ef3Wbc5XYAAZeaY?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40FA) /

Resource Hash

2fe24a20a00eb3ee06cbb2f0ab6b9990c4c98c4c6ecc3c74e9c267b3d6e592e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 152532
x-cache: HIT
status: 200
content-length: 9794
x-response-time: 135
surrogate-key: media media/bucket/5 media/1296428034854182912
last-modified: Thu, 20 Aug 2020 12:43:04 GMT
server: ECS (fcn/40FA)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 8e04845ad5070989a5e0a9ba550313c0
accept-ranges: bytes

GET
H2 200 Efymfu7XkAA-qK-
pbs.twimg.com/media/ Frame EF9C 7 KB
7 KB 11ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Efymfu7XkAA-qK-?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D4) /

Resource Hash

290e75fb7ce6bab23c0407844e4682458d0aac8312cacaeb4baa0b973501ad56

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 232219
x-cache: HIT
status: 200
content-length: 6951
x-response-time: 148
surrogate-key: media media/bucket/0 media/1296093856879054848
last-modified: Wed, 19 Aug 2020 14:35:10 GMT
server: ECS (fcn/40D4)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b50a618583ba131d8e9741aa2e7513c8
accept-ranges: bytes

GET
H2 200 EfyeiybXsAASfZd
pbs.twimg.com/media/ Frame EF9C 25 KB
25 KB 11ms
8ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EfyeiybXsAASfZd?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E1) /

Resource Hash

d0fc53826f3102e097fa7eafcbf61f7f84913050558ad77704a7a6970fb17c04

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 234215
x-cache: HIT
status: 200
content-length: 25452
x-response-time: 149
surrogate-key: media media/bucket/7 media/1296085113265172480
last-modified: Wed, 19 Aug 2020 14:00:25 GMT
server: ECS (fcn/40E1)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 6281d3607b2c745550ba2fd458cfffbf
accept-ranges: bytes

GET
H2 200 EfyWwQlWoAAN3u9
pbs.twimg.com/media/ Frame EF9C 17 KB
17 KB 15ms
13ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EfyWwQlWoAAN3u9?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A8) /

Resource Hash

fe80c533f99a6b1e6cc7ffe987dab09a33a4f3674909c613f26285f56df3ecfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 236268
x-cache: HIT
status: 200
content-length: 17164
x-response-time: 143
surrogate-key: media media/bucket/8 media/1296076548605386752
last-modified: Wed, 19 Aug 2020 13:26:23 GMT
server: ECS (fcn/41A8)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 37d23762600618ca84d582790b8acd15
accept-ranges: bytes

GET
H2 200 EfyM11aXsAM7nop
pbs.twimg.com/media/ Frame EF9C 22 KB
22 KB 10ms
9ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EfyM11aXsAM7nop?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4189) /

Resource Hash

937cacc0434fd8bd8c2cd8826a81d29e93e23180b056f373655ecf34eb96ae85

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 238938
x-cache: HIT
status: 200
content-length: 22382
x-response-time: 147
surrogate-key: media media/bucket/7 media/1296065649274499075
last-modified: Wed, 19 Aug 2020 12:43:05 GMT
server: ECS (fcn/4189)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: eafeeed7730b0a7367fc7544e53d6e7e
accept-ranges: bytes

GET
H2 200 Efx_GbXXoAA61mo
pbs.twimg.com/media/ Frame EF9C 6 KB
6 KB 10ms
9ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Efx_GbXXoAA61mo?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E8) /

Resource Hash

391deff349d160f3306dc10da40ee1a28f6196ce71a1852aecb7403cdd71e283

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 242531
x-cache: HIT
status: 200
content-length: 5842
x-response-time: 145
surrogate-key: media media/bucket/4 media/1296050541177577472
last-modified: Wed, 19 Aug 2020 11:43:03 GMT
server: ECS (fcn/40E8)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: e0a8f1dbf53d3172def2eea356ab230c
accept-ranges: bytes

GET
H2 200 EfttlvPWAAADPSF
pbs.twimg.com/media/ Frame EF9C 46 KB
46 KB 21ms
19ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EfttlvPWAAADPSF?format=png&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41AF) /

Resource Hash

37982e6cd31abeea53ffc51d2f7647e4cee7a486d4b3c2a94618ecd314efb1d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 314187
x-cache: MISS
status: 200
content-length: 46812
x-response-time: 128
surrogate-key: media media/bucket/1 media/1295749812902559744
last-modified: Tue, 18 Aug 2020 15:48:03 GMT
server: ECS (fcn/41AF)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ce47efec04e61bb459f6bece9f11bc77
accept-ranges: bytes

GET
H2 200 EftFgYhX0AIbTbD
pbs.twimg.com/media/ Frame EF9C 25 KB
25 KB 10ms
8ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EftFgYhX0AIbTbD?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40AD) /

Resource Hash

99383e54dbf198f8528bd1ae3c1c66840c3d3e0e4898672646e36badbfaddd99

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 309360
x-cache: HIT
status: 200
content-length: 25685
x-response-time: 138
surrogate-key: media media/bucket/4 media/1295705740439703554
last-modified: Tue, 18 Aug 2020 12:52:56 GMT
server: ECS (fcn/40AD)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 946574bf6bc2bcd68092ae785b6a845a
accept-ranges: bytes

GET
H2 200 Eft_MRQWkAEdFAc
pbs.twimg.com/media/ Frame EF9C 10 KB
10 KB 8ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Eft_MRQWkAEdFAc?format=jpg&name=360x360

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41AC) /

Resource Hash

2fe24a20a00eb3ee06cbb2f0ab6b9990c4c98c4c6ecc3c74e9c267b3d6e592e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 309576
x-cache: HIT
status: 200
content-length: 9794
x-response-time: 141
surrogate-key: media media/bucket/4 media/1295769166566297601
last-modified: Tue, 18 Aug 2020 17:04:58 GMT
server: ECS (fcn/41AC)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7a331ad8264da8dc7448e92445309319
accept-ranges: bytes

GET
H2 200 syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ Frame EF9C 44 KB
7 KB 34ms
6ms Stylesheet
text/css 2606:2800:233:7ee2:97c:ab4c:6c70:be36
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FC6) /

Resource Hash

a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 218419
x-ton-expected-size: 45170
x-cache: HIT
status: 200
vary: Accept-Encoding
content-length: 6839
x-response-time: 18
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECAcc (frc/8FC6)
etag: "4mhImCFS9rptiUICNnLD1g=="
strict-transport-security: max-age=631138519
content-type: text/css
access-control-allow-origin: *
x-connection-hash: 922ee604303d14a57b614db5a5dddf51
accept-ranges: bytes
expires: Sat, 29 Aug 2020 07:07:38 GMT

GET
H2 200 syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ 44 KB
44 KB 30ms
9ms Image
text/css 2606:2800:233:7ee2:97c:ab4c:6c70:be36
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FC6) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 218419
x-ton-expected-size: 45170
x-cache: HIT
status: 200
vary: Accept-Encoding
content-length: 6839
x-response-time: 18
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECAcc (frc/8FC6)
etag: "4mhImCFS9rptiUICNnLD1g=="
strict-transport-security: max-age=631138519
content-type: text/css
access-control-allow-origin: *
x-connection-hash: 922ee604303d14a57b614db5a5dddf51
accept-ranges: bytes
expires: Sat, 29 Aug 2020 07:07:38 GMT

GET
DATA 200
OK truncated
/ Frame EF9C 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame EF9C 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame EF9C 644 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame EF9C 739 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 204
No Content embeddableActivated Show response
6600d6d98e534115970f9529a45f3195.events.ubembed.com/ 0
190 B 575ms
143ms XHR
text/plain 52.204.202.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://6600d6d98e534115970f9529a45f3195.events.ubembed.com/embeddableActivated?activationRuleId=5b23fd3871d4499290127363de418c63&browserTrackingId=c390fd6026194c1aabed496c1a814b13&clientId=efd4c64a-a31a-4947-a2ff-f4a323c79214&hostPageCorrelationId=dede5f010f7a4169b896f3913b448bad&hostPageReferrerUrl=&hostPageUrl=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&isFirstTime=true&requestId=a9d4fb37c52d44dba364ccc16152f8ee&source=universalscript-v0.178.1
Requested by: Host: assets.ubembed.com
URL: https://assets.ubembed.com/universalscript/releases/v0.178.1/bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.202.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-202-55.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.informationweek.com
Date: Sat, 22 Aug 2020 07:07:39 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive

GET
H2 200 a0hBKla_
pbs.twimg.com/card_img/1296070210252877825/ Frame EF9C 3 KB
3 KB 17ms
16ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1296070210252877825/a0hBKla_?format=jpg&name=144x144_2

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4195) /

Resource Hash

d3f005096f486c572d6d8f06ff5415160d3b22e1a7e846fd9c671592db73feeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 221283
x-cache: MISS
status: 200
content-length: 3101
x-response-time: 140
surrogate-key: card_img card_img/bucket/0 card_img/1296070210252877825
last-modified: Wed, 19 Aug 2020 13:01:12 GMT
server: ECS (fcn/4195)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 617180fa15fd46a78b912e4a2414fb11
accept-ranges: bytes

GET
H2 200 VHEANMsY
pbs.twimg.com/card_img/1295744113149583360/ Frame EF9C 34 KB
34 KB 17ms
16ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1295744113149583360/VHEANMsY?format=jpg&name=600x314

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418A) /

Resource Hash

11ec6023967928b860f5d876e6f5c9e6160f9bf084153848fa52945939cfb814

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 315462
x-cache: MISS
status: 200
content-length: 34520
x-response-time: 149
surrogate-key: card_img card_img/bucket/2 card_img/1295744113149583360
last-modified: Tue, 18 Aug 2020 15:25:24 GMT
server: ECS (fcn/418A)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: c6ff702389d1a132d0a09ed7003eb7c6
accept-ranges: bytes

GET
H2 200 8dhID39g
pbs.twimg.com/card_img/1295404300433203200/ Frame EF9C 696 B
884 B 7ms
6ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1295404300433203200/8dhID39g?format=png&name=100x100_2

Requested by

Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B0) /

Resource Hash

2eedd8276734af715363c1968729ec8298ce096da887046d12a9bb57334c98a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:38 GMT
x-content-type-options: nosniff
age: 320410
x-cache: HIT
status: 200
content-length: 696
x-response-time: 131
surrogate-key: card_img card_img/bucket/7 card_img/1295404300433203200
last-modified: Mon, 17 Aug 2020 16:55:07 GMT
server: ECS (fcn/40B0)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7fa00ba47fe41c4ade199ab03212da1b
accept-ranges: bytes

GET
H2

200

jot.html
platform.twitter.com/ Frame 85B3
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

0
0

62ms
61ms

Document
text/html

151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /jot.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://www.informationweek.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
last-modified: Thu, 30 Jul 2020 22:04:49 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "d9592a6c704736fa4da218d4357976dd+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Sat, 22 Aug 2020 07:07:39 GMT
x-served-by: cache-bwi5139-BWI, cache-hhn4058-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 95

Redirect headers

status: 302 302 Found
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Sat, 22 Aug 2020 07:07:39 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Sat, 22 Aug 2020 07:07:39 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: 9a5cd32d8a76598d05542a94c8cdc264
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 127
x-transaction: 00dfd77000559194
x-tsa-request-body-time: 3
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 37ms
18ms XHR
application/json 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020081801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a1a0d19ae22a99392bb853c405cca78ada84de0d49824ccd17acb6522e9cdd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 22 Aug 2020 07:07:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6213
x-xss-protection: 0

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 38 KB
12 KB 195ms
66ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.informationweek.com
URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3707edca98715fc3fe7ea36b15c506641b4c380e7e6c4d8ebb9e288f1438ff8

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: CeVUvvucPy3Id6wu3pm.U9kY8oddI4fW
Content-Encoding: gzip
ETag: "d78a05d3ec6a770650daa2185ccbc352"
x-amz-request-id: AR5H0H0WBN7M3Z5M
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 11962
x-amz-id-2: M93StxvvSqMxMsj+xy9yc6/AzzLsqM+G9sD8qeZqrxLh0uwhVbmeri750Q0Y8g/i85pm3VGzATE=
Last-Modified: Wed, 19 Aug 2020 17:39:39 GMT
Server: AmazonS3
Date: Sat, 22 Aug 2020 07:07:39 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 22 Aug 2020 07:07:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1591403518460474"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5540
x-xss-protection: 0
expires: Sat, 22 Aug 2020 07:07:39 GMT

GET
H/2+Q/46 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame 446E 0
0 6ms
6ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/210/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4590
date: Sat, 22 Aug 2020 06:06:24 GMT
expires: Sun, 22 Aug 2021 06:06:24 GMT
last-modified: Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3675
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/TQSV74R4GVCSJITSZC2MCP/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

64ms
63ms

Script
application/javascript

23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 2U8XMvdFINXJNFsilaXONuSvqmREKV3.
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: 0A9DFB41B15EF3A2
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: 9wtYzl8isf76a+KTcCc0hWCh/ZKrxXSL0KsmsoDDvS1VGgWl/GxdSe7DtPnOmbh4BH+84jF1nEY=
Last-Modified: Fri, 31 Jul 2020 16:11:15 GMT
Server: AmazonS3
Date: Sat, 22 Aug 2020 07:07:40 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Sat, 22 Aug 2020 07:07:40 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/TQSV74R4GVCSJITSZC2MCP/ACPJ7LN56VBITNNAUDPDMG/ 1 KB
1 KB 218ms
93ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/TQSV74R4GVCSJITSZC2MCP/ACPJ7LN56VBITNNAUDPDMG/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: hi39tpHPtpgfE8_r68xyBRseMEJWCPCF
Content-Encoding: gzip
ETag: "3996d65282dd996ee0d7d4c90c139158"
x-amz-request-id: B9D3A285A700F5AB
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 635
x-amz-id-2: S/eO8VLx9+jGV6ihmeGziEECfUo2QEXOE3jOStPq7M5zP/szHVX8BO72TzHlM9FcQaS1ysu4rHI=
Last-Modified: Fri, 21 Aug 2020 18:34:47 GMT
Server: AmazonS3
Date: Sat, 22 Aug 2020 07:07:40 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/TQSV74R4GVCSJITSZC2MCP/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/TQSV74R4GVCSJITSZC2MCP?_s=15f9038e827edd39108bcbd05f6b776e&_b=2
https://d.adroll.com/consent/check/TQSV74R4GVCSJITSZC2MCP/?_s=15f9038e827edd39108bcbd05f6b776e&_b=2

385 B
477 B

74ms
73ms

Script
application/javascript

52.16.181.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/TQSV74R4GVCSJITSZC2MCP/?_s=15f9038e827edd39108bcbd05f6b776e&_b=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.16.181.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 6cebfe4c2c88375f3570ae52847901ebd32fec362e20e76f972b9acfe4f78ce1

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Sat, 22 Aug 2020 07:07:40 GMT
server: nginx/1.16.1
content-length: 385
content-type: application/javascript

Redirect headers

status: 302
date: Sat, 22 Aug 2020 07:07:40 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/TQSV74R4GVCSJITSZC2MCP/?_s=15f9038e827edd39108bcbd05f6b776e&_b=2

GET
H/2+Q/46 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
223 B 15ms
14ms Image
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gpt_2020081801&jk=3183890926353766&bg=!ExClEAhYV9jWcBVRWyQCAAAAYFIAAAAMmQGuihyPWPs7bTYjR8mGTnNWYIX0S6lExewaoXqxTpGj1nK8FDyiXUV4zMi-lPXXGohzZ6yNMz4sqVU2-LD9cGEeMIMYxa1Z3qKG4mTU1Uhl7g1-gfIgWl55oCnZY9qI4t3NZ2ywJbz8L608b3ekHJsQIdApLGh6FfB33mkoQ2FtgVKC8iQU7oMnH2VV4DD8Lok0DhSX16Krt022dnFmQWdpgl3--buWiYD0WzKwqDFh3bArzuDOMCHXN4B6ziu89hBGcxriLQS8pZsxgRURNI6xMdW5_RtpLoq21i6mxWA_rmNn5n3LkL7lVl_5y295CwsSTS10gpiWJpORTILtyO02NtDt8jsvUV5KQ0DKPxb2NgvLUUtVe3Kr6SpE4ZkhcgAjkDZuVuTEJiVuTv2_zYTF0AHKt29IpXnJuMnGVNh7g-K-ymGMb_38PLn1yKLsyFrF4vjtcUz49yQIvDf6lDyw7HDI5CTQFZO_cui96BA51SCCRLr_GH8jfqze_JiBEpQNtslx0SNHv5SJVYTUegXllzv8EdcHFNRZSclTnlq74I63n73-IeRyfm-eKGc07w

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Aug 2020 07:07:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 388 KB
53 KB 105ms
105ms Script
application/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 0a7a0c8fbd2cb2bbefe2e27f968895ef75575a339f828fe828eefecc9aba8f4e

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: rLgMqKDY3Z8iy3h1vHVy6NTi8Ycho.KG
Content-Encoding: gzip
ETag: "d630366051d2b8500304c98540ad5f78"
x-amz-request-id: DFBF1C01462CD46E
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 53109
x-amz-id-2: HdIuQs+jBwMFQq2MWSSuEV33aWmEuV7qU+Ntb8t8yoa/LcTlL738Rx0dzht21/xnUR8rCqHa5wE=
Last-Modified: Thu, 09 Jul 2020 13:42:18 GMT
Server: AmazonS3
Date: Sat, 22 Aug 2020 07:07:40 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK favicon-32x32.png
nextroll.com/ 2 KB
2 KB 441ms
144ms Image
image/png 35.175.20.97
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nextroll.com/favicon-32x32.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.175.20.97 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-175-20-97.compute-1.amazonaws.com
Software: Apache /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 22 Aug 2020 07:07:40 GMT
Via: 1.1 vegur
Last-Modified: Mon, 17 Aug 2020 18:25:32 GMT
Server: Apache
Etag: "64f-5ad16e5551f00"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1615

GET
H/1.1 200
OK svrGP Show response
s2150.t.eloqua.com/visitor/v200/ 0
369 B 171ms
170ms Script
application/javascript 209.167.231.17
NETDYNAMICS

General

Check archive.org

Show headers Download Go to

Full URL

https://s2150.t.eloqua.com/visitor/v200/svrGP?pps=50&siteid=2150&DLKey=f09b5473ef7642a085c28ad29c30c1d2&DLLookup=&ms=378&firstPartyCookieDomain=trk.informationweek.com

Requested by

Host: img.en25.com
URL: https://img.en25.com/i/elqCfg.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

209.167.231.17 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

e017.en25.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
Date: Sat, 22 Aug 2020 07:07:40 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: private,no-cache, no-store
Content-Type: application/javascript
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H/1.1 204
No Content embeddableViewed Show response
6600d6d98e534115970f9529a45f3195.events.ubembed.com/ 0
190 B 145ms
144ms XHR
text/plain 52.204.202.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://6600d6d98e534115970f9529a45f3195.events.ubembed.com/embeddableViewed?activationRuleId=5b23fd3871d4499290127363de418c63&browserTrackingId=c390fd6026194c1aabed496c1a814b13&clientId=efd4c64a-a31a-4947-a2ff-f4a323c79214&hostPageCorrelationId=dede5f010f7a4169b896f3913b448bad&hostPageReferrerUrl=&hostPageUrl=https%3A%2F%2Fwww.informationweek.com%2Fphishers-turn-to-dns-wildcards-cache-poisoning%2Fd%2Fd-id%2F1030918%3F&isFirstTime=true&requestId=8ebbfeca6d2d4f1aba4437b6e7d55a3e&source=universalscript-v0.178.1
Requested by: Host: assets.ubembed.com
URL: https://assets.ubembed.com/universalscript/releases/v0.178.1/bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.202.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-202-55.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.informationweek.com
Date: Sat, 22 Aug 2020 07:07:43 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: static.adsnative.com
URL: https://static.adsnative.com/static/js/render.v1.js

Verdicts & Comments Add Verdict or Comment

435 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.informationweek.com/	1970-01-19 21:24:54	Name: ELOQUA Value: GUID=00E3CBF729B6475CB26CF2ED8AA6F95C

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://twimgs.com/custom/library.gtecevent.com/assets/at.js?ormzkk(Line 9) Message: AT: Adobe Target content delivery is disabled. Update your DOCTYPE to support Standards mode.
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081801.js(Line 6) Message: Invalid GPT fixed size specification: "div-gpt-ad-961777897907396673-oop"
console-api	log	URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?(Line 1047) Message: lpage==>notblocked
console-api	info	URL: https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js(Line 422) Message: Powered by AMP ⚡ HTML – Version 2008102328000 https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
console-api	info	URL: https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js(Line 422) Message: Powered by AMP ⚡ HTML – Version 2008102328000 https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
console-api	info	URL: https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js(Line 422) Message: Powered by AMP ⚡ HTML – Version 2008102328000 https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?
console-api	warning	URL: https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js(Line 21) Message: [amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv3IL-7Hlt4ov3f5R1VUoimb9gXb8X263P-vuFV85jHosuYe3yfPRVDZWls-Od75ODqQJmyx0bGsbbyhS5FFS0AncU_jnpOtUNH9VfsX-GXao_sFocbJUY1GdemVk-3CqnptQrRmlS_zcaN8aIXAoduoNSeOJ4-8IvZUK0W_tg5pRzBB-R6o1AJBfjrOMwEcMuFmd9sYnllra9mlHdyBkx0u56tVb7B6CZFpzsuA6oz5NO98VJRA85bVS15Q8CLSNiSkzr2QgqA-hGAJ09-&sai=AMfl-YRBkmK0pIWTJ5HIHxla2e5wO6mpCWH8-os76JzBJUzKHk6m8sbTjSnMhay-cFTShjK0nEszPUzgE4F7tCGOIGiTqw1yh76Lb58ZXW1hWD6k-cIZLMv8YF351PlOgcw&sig=Cg0ArKJSzFsPxaxmymBLEAE&adurl=
console-api	warning	URL: https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js(Line 21) Message: [amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuB48nLLSk7Fzsc6O8edLaBgawfOCtN500fNrdVL_PTX3mx1d-IrVUqljDycDbYmvJx37s-AZSSzadpbuR4RXpRiUnvlOiiajIFEvKLqz0rggQtUiFPZ-fl0Nzc0ogOB4YKxACBQAMVmVtYOQU0fZzDCZSUTYBrLnoqEdhabbHFQBGJOK2K_zUxiUz26VZG2w8YifNKZ46OvBXvkn_DGm-nsoMO5NxXaYkvZuOekcGwUVT3utcFXMbVgreYw7qjqzCv2SjFo7vvaGtDKdZs&sai=AMfl-YTNkKT6Ls_MrGxvlWQQZRQkmVa3r4pvVFdp7ni_cQWBLuyxH0vP6aU-SqxXHFxMX-ub3NfuiJKHsf-VgSNjykM1jhc4CYga83kGoqNV19e3d_duOuBeL8WBAL5AC0c&sig=Cg0ArKJSzDfQpyug-kqLEAE&adurl=
console-api	warning	URL: https://cdn.ampproject.org/rtv/012008102328000/amp4ads-v0.js(Line 21) Message: [amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssAvAjrTRAFogD_Cs-LEgBnkBMOnILdZb1NfMBpSO3S__Hc0q_QfSpQtWIPoNj4MAaUMElOshyfZRxYfaKZDW76w-QrFVoNYKY3QcHm6XAjQMjRnRh-ejNogi-KOy785KmhWfhFFwFVsWL-ZXXDPD495bUt__ZeouYBUzxXUgQZjEulQlg19RV9SVEGnF7uDOfLuG7h8T2Yp0vVzRKXKOoKrWPh_Mu6-aiBngG5jkoCMfpE3-YHVimQMIImXb9dReUTGVBLLdf7rUwobdh9&sig=Cg0ArKJSzCUsrQysIr12EAE&adurl=
console-api	info	URL: https://platform.twitter.com/widgets.js(Line 1) Message: You may have been affected by an update to settings in embedded timelines. See https://twittercommunity.com/t/deprecating-widget-settings/102295. [object HTMLAnchorElement]
console-api	log	URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?(Line 1050) Message: 5 second timeout
console-api	log	URL: https://www.informationweek.com/phishers-turn-to-dns-wildcards-cache-poisoning/d/d-id/1030918?(Line 1069) Message: unhide main content

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

100widgets.com
32e617b7b4cdcddd40fa5c086542f316.safeframe.googlesyndication.com
6600d6d98e534115970f9529a45f3195.events.ubembed.com
6600d6d98e534115970f9529a45f3195.js.ubembed.com
6600d6d98e534115970f9529a45f3195.pages.ubembed.com
a.dpmsrv.com
adservice.google.com
adservice.google.de
assets.ubembed.com
bat.bing.com
cdn.ampproject.org
cdn.syndication.twimg.com
cf-images.us-east-1.prod.boltdns.net
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
content.dl-rms.com
d.adroll.com
d.adroll.mgr.consensu.org
dpm.demdex.net
dsimg.ubm-us.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.ubm-us.net
ib.adnxs.com
idsync.rlcdn.com
img.deusm.com
img.en25.com
informationweek.com
ins.techweb.com
maxcdn.bootstrapcdn.com
nextroll.com
ng.techweb.com
pagead2.googlesyndication.com
pbs.twimg.com
ping.chartbeat.net
platform.linkedin.com
platform.twitter.com
s.adroll.com
s.dpmsrv.com
s2150.t.eloqua.com
s657486201.t.eloqua.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
static.adsnative.com
static.chartbeat.com
stats.g.doubleclick.net
syndication.twitter.com
ton.twimg.com
tpc.googlesyndication.com
trk.informationweek.com
twimgs.com
ubm.demdex.net
ubmtech.d3.sc.omtrdc.net
web.facebook.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.informationweek.com
static.adsnative.com
104.108.64.33
104.244.42.200
13.224.193.146
13.226.155.53
142.0.160.13
142.0.173.134
143.204.94.121
15.188.154.177
151.101.112.157
151.101.193.131
172.217.23.98
185.33.220.243
192.102.6.38
2001:4de0:ac19::1:b:1b
209.167.231.17
216.58.207.66
23.20.2.75
23.210.248.216
2600:9000:2182:9400:18:1fcd:34e:d2a1
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:233:7ee2:97c:ab4c:6c70:be36
2606:4700:3031::ac43:83be
2606:4700:3031::ac43:c629
2606:4700:3032::681b:93f7
2606:4700:3033::6818:7975
2606:4700:3033::ac43:ae3d
2606:4700::6811:539a
2606:4700::6811:549a
2620:103::192:155:48:119
2620:1ec:c11::200
2a00:1450:4001:801::2001
2a00:1450:4001:801::200e
2a00:1450:4001:806::2001
2a00:1450:4001:806::200a
2a00:1450:4001:809::2004
2a00:1450:4001:819::2002
2a00:1450:4001:81a::2003
2a00:1450:4001:81d::2003
2a00:1450:4001:81e::2003
2a00:1450:4001:820::2008
2a00:1450:4001:821::2002
2a00:1450:4001:824::2004
2a00:1450:400c:c04::9a
2a01:4a0:1338:28::c38a:ff13
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f02d:e:face:b00c:0:2
2a03:2880:f12d:83:face:b00c:0:25de
3.229.100.58
3.248.37.251
35.175.20.97
35.244.174.68
52.16.181.3
52.204.202.55
52.48.66.74
54.93.101.66
66.117.28.86
87.236.16.24
95.100.78.166
0092ed1d2c5d5cfe6715cc92a670aa4d75e2f943db5785517debab3e38fa8116
0330ecdc5489a4f1a7121f4e04e000cdbb8c18d3784b6becef688f2faee66e93
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05e95f49a5396b756f58ee9dd006ee7379b1ae6ce8be8e739811c248e1a5cc83
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
0a4f12795a11d0957a7e476cdd2516967e3e00f54841456fbd8c0dd607984d92
0a7a0c8fbd2cb2bbefe2e27f968895ef75575a339f828fe828eefecc9aba8f4e
0bdd15fb5f1a4a05e480452d6f39b88e6be6b14b3074043512274c0c1f80aa56
0d4e23527a902149ad4b5e4de5b80005528f9388f13a4c92c9c1b556243e9575
0f762bf1a58c917c1ad50006bfcd192ab55b2d01a857b7c08b6c40e3af878695
0f9ad7c2cabb9600d9ca184366b2d849dd870f9664cca2677db22586571066bb
0fb71887e3dc08ed95e4f8b9ee72a4a4db1e6fbd8bc3e4a161df38fc33c72e4b
10a6e0f0427a05104050292e8d62b3d01062f9422701e267df74958d0cc2eef7
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11ec6023967928b860f5d876e6f5c9e6160f9bf084153848fa52945939cfb814
135899521d576fc8489482bdd2c6ee63aa1ed2e723244c245f3de448d12829f2
13943a8cdc412f8769bb2c8f92651e7d0261f95b733838b60dff9b7ed5bb8ee5
1399c38bd120b5ec5548085f61949d402a8bbf05a3831e0ff11a5f1345269046
150daf6e51f5288eaeb00175e3917f0ec4cdb17d4694b99413456cba650a2115
15662126459d58f35cb1bf795e444a560cfe5c4129a94c5034ac3bbc72a2aa3a
195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8
1a20c982ab1c4ed2cfc46d83cb7845b444585615fbd31228ff295635206a22bc
1ae4b8548f250831a2443bd449af625f6331b7c72e1f408789642a3050596d45
1b8ba60049f9217af2ed437717a244b2287237e86c2b3e1ff10e140d44d0d82c
1c6187354682403a1fa4b7db2024a3677fac007b03103d5e71c989eb34b84ab4
232244b0ba946bbc8008bbda646852d28ea3e3bbb85abf13ab613606da9680e1
26686a44567bbe0157ec4131abd18639fed3e9d24bad7b3cf9f7d923ce5c770b
26938b04b64ab630827adf5bc06f44a02562bcb1ff21377e4c8ffb3fdaa42425
27ea780b8000268367ed0d11f9fc7e86295b2d13cb6dab5b60566fac84f7e321
290e75fb7ce6bab23c0407844e4682458d0aac8312cacaeb4baa0b973501ad56
29af1220687198b36d0de9a9a2e50f2a9ef6f756b08b9ebdf72022b924e73151
2a97d612637d9a12c88fbcb92dbc3527c8b70874933ff814fe0615c7bdb1a0bc
2c076feeb4f531a346cbd00b3dd87200e96afc835a0a70661eefb6ac3efbf3e9
2d6a4690ddbace5eb2842068c2d877ab4bde8e5ead88e00a80a931360da7287f
2eedd8276734af715363c1968729ec8298ce096da887046d12a9bb57334c98a6
2f13cec4760ce432d7ab362890c0f6ebdb9218eaa40205c291c65b827d064abb
2fe24a20a00eb3ee06cbb2f0ab6b9990c4c98c4c6ecc3c74e9c267b3d6e592e2
3112d0d18e4c95c40a30d294d3da7de3445dd07da19d1a2d737bd85386559ac9
333ebceb9aa9504dea89c8cf5c931d95c30c231b1eae8d3bdcc81fd33a37dd84
34d7e729ad59072f9b6084407899d77da2c5a0610ddd45cced2b39a8c27e266a
35d38a74743f046056657cb86a71afb58dcad1e4d8e070b2d6f4b9a64bd701f4
3643a4281550f1e770b0e731d318636ad8529507812515751dfef4b6b1fa142f
37982e6cd31abeea53ffc51d2f7647e4cee7a486d4b3c2a94618ecd314efb1d6
37a0bbeac143b190eb553c9e8ebf42b7f85b1acba06883855eda085fdf155c4b
38116605b056c8f0f094437590317f596d76dcfcc8976cc5032f2121eb44c6c1
391deff349d160f3306dc10da40ee1a28f6196ce71a1852aecb7403cdd71e283
39a82595bfd507ef8aec04be403a40df0522c7274d3d142015b2355cea460c54
39e0a07b2bc583bfd069ebaa8c45a3a8118e2decb548d916778562641fdd922e
3a08be5766c0e198ba8171f7decd09065c08a5c850276325cc1792f25e7b356e
3c5b83e390d046c3623c4b8e35b58aaf64a7481bb2372fb51ae2e0e7818f7407
3eea91bd1f33507891a2909689d21be3a6e0fb1b688037c2a7d59c042503d910
42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc
46eff3985410535501e8c70e41d0c029dfbcb80a30556d6e898879cd3617948f
47203fa73f17dec66fbde5a7947486b191a3e1091a542a044862670e3f487f98
473fb290d57ae0ac980296e96b7600a13b830eb2ea13297ac84553795176e8a5
478b041f721d9154dc425be10f37f8cdcaab5656422099071b5a08f76c2fff9e
493f9736eeceeaf425d99f7e8d0ae636bd0994206b7a94083875b0d7839eb359
497fbdd1e530a78143b5ebb1cc50eab16fd8bd7a858ab04674ac56952085d657
4a33088fd0c405d0f3406714ba250932f0c892d32dda39a181e6cf6abe26843f
4bbed2de83df27dc8130644101bce3dd9ddd1c178815e42bcb49118b4a73593c
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b
4ee770b0e3baad401f79f09df651e6f4d5735bd799c62d2d7b58bf38478a76dd
4f0e5150f9076d04d0ecd6acdef1ce9e06e0c373b94c257adcb3807d9f07c821
4f65ccd30d1c95588b51035a804dd49090d7fbe6c2829a576a31d1b6a3e0f86b
5061b7c20588d2e6ea633ee5aada32152938bdcc83157b8c9cdb6159f10cb066
50ded9b9065e23b13e6907ab1754ba1d50a21476e562352e65f97133a55f55a0
52352645768c4c5daa8abebb4b8468932a84643e7d8edff47cd0666ec5b008bc
52cfa4eaa420ab1999ead9f74755c4be5dca2ac45f683ac11464d9f13085ecec
58fa7844a72e7769ccb2b91a10b1148b469846e9e3ca7f151a5e8e66c223fa07
5afd3e10da09bd6322122a1c78eea2449ae577e135b29e54a5cbad9df43dd991
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b
5e7bf647bdb6f4a59bb111266981191de27e1b48f68d4ed64ca8fc4ebacdecde
61494fd1b573b217034bef7e22044bda91962797d68efada6726910d32bb995b
6414656f939f73a463499bd2c5a8f75793658adf6e05d0e4cd61d1ba36636b94
64374c8277a8d1459650ba3d7e4b985f039d9edb9662739ee8044609098f11df
64d729936559c85caa7ecaab1b97edf1f7f240cc5b876a32902670958775e984
6516436c472b6188d35206dcdfecbee1900d191031112d348de7a04c405ff47c
68186da8217c1d4ad410860716ee0614e21ec23a60da354cbb03dd3dce2f89e1
684fbe6c53a7a0596e11fdd68c8b9d8c17689c9b96a636b3e94079c1a9947e0e
6a1a0d19ae22a99392bb853c405cca78ada84de0d49824ccd17acb6522e9cdd3
6ada88201e93fa3be8d519419bded2f5c5e53936084ae8456dd38a4e86df13f3
6adaf62612623c674af2f597baf83ffa56f157a9ab69346be7c11a9569fdebbc
6b4ebd6049c806e3eef1bd770b2d8b4fdd75803861ead3584ee753e41988efae
6c28d6dab997425ea050f40c1941fb40c2d95601898bda10809bcc0c47b6e142
6c39d5732a1fef74d96bc05dab1cf62833b21dab721b75c5412b62ce0d8fa4ea
6cebfe4c2c88375f3570ae52847901ebd32fec362e20e76f972b9acfe4f78ce1
6df4eb3783bf684715535e6c0af536b3f6888050e95b724b676643cbbb801ea9
6f4c9015be52b8c813425545f39d2e8c95dbd6660c1943c9117199b4cffdfb79
708687b9149aa486f01692402dd8c7a66bf34f1ce7fdc3d059a77b7937a7ccdb
733a16c402b466ef7c9143bd596e9e850da193b1b7650201a172c09154e23e83
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a13ee75dc207f9a65442b766c6a68123d2f3b4db81d87c96604bd8dece2fcbd
7b5688f8b168e06251901442c4f2f72b30c4477cb472833cde7979a8dca0a862
7f7ff9eab807f23299e47b8fbdd83cb3ae6cbc33330cc1e0182e8d42b2025cdb
809b4c95dcd6831b7d62d53a90e167a9f4ddd6ec8df85a7bd55f0bf5cbc1042d
81b61e3963d6c2dc555d7c73d6147a7c6b2d45395567524d55954e311812d6ec
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8420f59cd348cf0e10e05482724523ad6b83f88467bbfacf6826eaadd3a03985
893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37
8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2
8a4ef7c3dd742bb24684ac1c95b9180ef94699bef3f4a1814fad24173980e855
8ef0d7d41c2380c12a83b586ed1ef4d036a951e922d0cc711405000f83a42713
9087b1c0693940afbfc1de109e61de687c1024e3e44011f8f536e2ad503af977
90ff91338e1002331c0f0db9a428a3411793d36e25213cd87e60986345a29b6b
9233eac6e8f7adc20a334ce3854d5adbbed6dcc031a36ea1eee952894407951c
92aea71f51b3b84ec301dd5df6ff9d46b006ae31f0408e9a612eecbaaac3f1c1
937cacc0434fd8bd8c2cd8826a81d29e93e23180b056f373655ecf34eb96ae85
93d56389cc4bd369587cfa5174753cfb88e852c3504f28d7c1d0119f651cf92b
95ef5b080ecf0e2726835bafef2613d3fd328832e84f81da38c5f4f26dab8755
97413884e185bdc121c29f7d19c9b3f5eb42700124853936d570b5459097979e
984cd1fa5dd20c2b1b8fd77b6bb876a3a211cdf14aaaed6bc1481e3c98027544
99383e54dbf198f8528bd1ae3c1c66840c3d3e0e4898672646e36badbfaddd99
9b27e70f7985c9752417d5f3cd21b812e6703253b72af7cd6f64a8a0d1c71978
9c8df0a16fc73f5224e8c9f831cb989d005b54b698d3bc52ec0abb3a98b59149
9e0e2ad3a93ec78d016efee0993b5856ba9b4acafcee3aa4d6f7162f039fcce4
9e5308b7bcf92c85593c8235f82b5db720b2e7134ad12341d119a808232f0b43
9f61400081191bf755c967c186a8fd356b02010fac3412f84cf83d5dfe10dd5d
9f9eca957a036ecac5e8e85264759b27337db88626e96ad825658b8e065df0f5
a0761aa1289035f3d20430d55e475043a8fa40deff221715e31068905d561753
a09e7df78a2388e1ddd07dae352916763346e1fd4aad01c592f04c11027fb108
a10357a3a9662018685e5f79d968e35a2a29bd650ee6d4bb0e7e0bebb1581496
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a290ede885635a3f7bb2b8e630bf795f15dde146fea32520b775bee1b2926ff3
a456c328bbb88fc991a5ddb80db492ec9e179a3ef443d50bf80b3fbbb5e8a7f7
a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf
a5e145eadf3c0d2ca018da2d25a02de55ac0f70874da8bba148713fa326f278c
a6dd6de9a83d88bf8d041d61b94800684c6eb447c6f959ff1b2038945c6eb364
a8041ba3d02102bd99dcead4dcc9882c484902362927cfd598e389e930f68ceb
aa2a3db7f92e7a7c6a897f2922e6937e04b3b65b01345f72e1814ff21540847e
ab58578dfe33b0474b3a1b181ee076b54f3f2d7ef562cd96b94b2ce1b437f3d0
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b19f14d674857362b6e10d0dcb1703b149d9dda6f350d1737562fc36e4e67a81
b553399a42dd1c5cc8ad60d0e93fefafe8fd85e42390f874b5c0037ebc2ba14c
b5553d262c9ef84e1914eb9992d427d565efded895b0deb5bfd0fa898e5ac639
b5c543f59d71e1e4f6b51c896febf86975206dcf9e34757f475b125d64d16ea6
bb6faea399ff1d30497285193b1e148d05022312d0c0e780f01aa44925a0732c
bc32b2e41f4a19b75fa4aac4c47ab6d0011a26634436ada908bd29217e6ac47a
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
be72b4682425893f45b1420747773a28f56ceb19898fe38cce692662a45ced7b
bf4be57d63e8a5ebd117622ae04e15b9a8e24a286f27021e8eb1ca5c2e0b6166
c1a4ed872e58773e8a8cc9bf0647da0ce3b1003735517fb9ca815c8e4f0b4bc0
c1b721e2e591ecb160728addba9dbfae93783c1d8a579ca235bc8eb15b5e18a2
c43d949c01ab753c52aa5aed169a56a1a36457bb447577625553624dfa2994eb
c466f8d3006a2976581214ae825f51dbbdb0d9161ce1dcdc84dfe32b25314642
c46a6aa8d461f932532de4a4c740b0da237e38d5f111508d298ae3f937a30888
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d
cc9e2736d89634c048131e8120ffa3186d2d86af1993e4a92f1c499e254fb07a
cd8ddec509daf284f644926ce4a94e2cf5a3cefa41c7c18f2358b6cca80a4a3f
cdd3ea23c31f2648f41910d222e1afdfc9604af17240b567a09220cd28f246c5
cebfe310b1ad6f72d20142f9b8d372ee5b7dbd0615d63f814b43ef0a718c23d2
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf7bdb0487590885c13a3cc0a2a1450b3ac649a465de267af12f552be8bcb5fe
cfd76f8f2b5ed21afc907b2a26e5a1bad5664c9e6deaac474b7e6790354bd282
cfedf5fb1843c21f4b93a6e2faf269cdd27028596e3a204b1b6574f422615bb3
d00864408cbdc222c15d1121399de866b51a877be0b60f82e693ee8f5236401f
d0cf3346854d4bf99c980c924eb9d5b769b3804063d35af1fea9fb942288325c
d0fc53826f3102e097fa7eafcbf61f7f84913050558ad77704a7a6970fb17c04
d12f738e7bb79d4425da1cbf46ea7d00d214960e0618123068110d77bf0e6280
d2a9e752212b4609f979fcae11a4f768506cd4acb90339b66da256f0610858f6
d3f005096f486c572d6d8f06ff5415160d3b22e1a7e846fd9c671592db73feeb
d49e04f55d5290617b410991fab765ce81038e2c81b775b890feb20f509af161
d4c44c0c4d00553d81a0185026a1260c93ceca5b6e2a7e17c98c1a60322a7e7d
d50a73b1885b7af67191fb0289bc82b723e42c53adaa3dd1777c6643a605fcba
d50b7e268e8eb1e2c1cad19c29cb0b6f9e5fa30aeea126766032b57cad36c606
d50d436889f46d5b9455690493e877e02ad30ea4dca963ffcaa3024c45c1d58c
d8b7ea5cc75abc79d502a95c5ccac8f97aa82fd8c13acc74c84c754eb86cc4c3
dde94ba3b6521bd5bbc5e3505539e99465267b78829e80bebe30b6ac0b7f546c
df25786bc3951d78d0f763a2a75a1f33b01b8ae2a5157831d2cf4d0348c2ede7
e12df2cbf33151bdbd3fb86e63b4f01fc1d3eac7796cf82238ef8ef379ed49bb
e3707edca98715fc3fe7ea36b15c506641b4c380e7e6c4d8ebb9e288f1438ff8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e55404ca2024d809532c059fa1b078bedfad2602ebde04b0a9ac6a06e7a57923
e8ef6f1f868d3e95a0f21e57ce98f2d8ea7c54ac0459f8a35a9abe44913e7c9b
e8f4da17f1949f0eb535522706c59331302c0e890836fc2ba6aba921e81f85fd
e9c4fdf016dada0c097669d8b99933affafe6156ff5dfd952f83b9bfc66bda60
eb10ee4bb01244ef454b18ff3eeffa52e1f4579970be5a531f865a098c7fb58c
ebe3a0272a317857bf566a0deec42181bf0e89d280bb3143bba14da1ae1ddb10
ec21aac4031dc5c23e1d40e2ed211253ba70f67dce54bf03850ad5dd7b9d4e42
ecc7f0b3a6673ea2207e2b63ab29b2755d653faab413a35887e9d63ac5f404fa
ed2c6c0fb3151dc9d40120a17446f07d8873a8b6e08b071bbed82cd6de9b78ba
eeb0c449f78961c0d700e250d120b47b5f7a014823c4a270528de1ba5c28261f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1173677f89192f7127a9eaaeb8c5e191edb4952b602cf59b646a2fd72d344ce
f125fd246e10689d46bc3c7c529be4f784c9adf3f80f0790a3532f7efd01b012
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
f28dd96acd2f748242631a79dd877204384b1ff1521bfd895b4cbb58394cd6c8
f3bd482cd3ec17583f25ad0819d1ccbcd0cdcb0fe26f8d87b7f30fd61b3dc640
f52201eedecf963a705285f5b5dd70410ac74125d92924da13004fa162b074da
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f9b177e239ced67e117e6bb69189820081e586b09df40822bfa7b24e6b1ef883
fb295c2a72d39784b18a1d2d5b0c9976807f7cf010fe730b86d43bc55b0ae251
fbb475f48d03815474a554d3c16599917c2fabf811e3fe2772aeabeee474aa8f
fc2cb9a1836be188b24c46e1ba1cdcd6d19e0b0b79049a1d84701eece65af07d
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
fe80c533f99a6b1e6cc7ffe987dab09a33a4f3674909c613f26285f56df3ecfa
ffcaeef328a1e67717f714997426aaf936e4b9d378a5fbe1bd2a063dfeb50750

www.informationweek.com Open in urlscan Pro 2606:4700::6811:549a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

247 Requests

100 %HTTPS

52 %IPv6

42 Domains

65 Subdomains

55 IPs

9 Countries

2639 kBTransfer

7148 kBSize

1 Cookies

61 Outgoing links

Page URL History

Redirected requests

247 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.informationweek.com Open in urlscan Pro
2606:4700::6811:549a Public Scan

Screenshot
Live screenshot

Full Image

247
Requests

100 %
HTTPS

52 %
IPv6

42
Domains

65
Subdomains

55
IPs

9
Countries

2639 kB
Transfer

7148 kB
Size

1
Cookies

247 HTTP transactions
8 data transactions