URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Submission: On October 25 via manual from CA

Summary

This website contacted 10 IPs in 4 countries across 11 domains to perform 37 HTTP transactions. The main IP is 138.68.3.44, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN - DigitalOcean, LLC, US. The main domain is www.allthingsdfir.com.
This is the only time www.allthingsdfir.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 138.68.3.44 14061 (DIGITALOC...)
8 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 151.101.112.134 54113 (FASTLY)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a04:4e42:3::720 54113 (FASTLY)
4 2606:4700::68... 13335 (CLOUDFLAR...)
2 151.101.0.134 54113 (FASTLY)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 151.101.112.64 54113 (FASTLY)
37 10
Domain Requested by
11 www.allthingsdfir.com www.allthingsdfir.com
5 googleads.g.doubleclick.net pagead2.googlesyndication.com
4 c.disquscdn.com allthingsdfir.disqus.com
3 images.unsplash.com pagead2.googlesyndication.com
3 pagead2.googlesyndication.com www.allthingsdfir.com
pagead2.googlesyndication.com
2 links.services.disqus.com c.disquscdn.com
2 cdn.viglink.com
2 disqus.com allthingsdfir.disqus.com
1 www.googletagservices.com pagead2.googlesyndication.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 allthingsdfir.disqus.com www.allthingsdfir.com
1 code.jquery.com www.allthingsdfir.com
37 13

This site contains links to these domains. Also see Links.

Domain
docs.microsoft.com
twitter.com
www.facebook.com
ghost.org
Subject Issuer Validity Valid
*.g.doubleclick.net
GTS CA 1O1
2019-10-10 -
2020-01-02
3 months crt.sh
jquery.org
COMODO RSA Domain Validation Secure Server CA
2018-10-17 -
2020-10-16
2 years crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA
2018-03-28 -
2020-04-27
2 years crt.sh
*.google.com
GTS CA 1O1
2019-10-10 -
2020-01-02
3 months crt.sh
imgix2.map.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2019-07-11 -
2020-07-11
a year crt.sh
ssl565697.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-08-25 -
2020-03-02
6 months crt.sh
f.ssl.fastly.net
GlobalSign Organization Validation CA - SHA256 - G2
2018-08-30 -
2020-12-02
2 years crt.sh

This page contains 7 frames:

Primary Page: http://www.allthingsdfir.com/tracing-malicious-downloads/
Frame ID: 087A53806483DF4457E7870FBAC2C630
Requests: 31 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20191022/r20190131/zrt_lookup.html
Frame ID: FE0B0D66DCE6B8FDE2EE38F42998AB0B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8700697432536079&output=html&adk=1812271804&adf=3025194257&lmt=1572017073&plat=1%3A32776%2C2%3A32776%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A1081344&guci=1.2.0.0.2.2.0.0&format=0x0&url=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1572017073777&bpp=13&bdt=342&fdt=165&idt=165&shv=r20191022&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=8278445738126&frm=20&pv=2&ga_vid=1395918697.1572017074&ga_sid=1572017074&ga_hid=501936404&ga_fc=0&iag=0&icsg=756366&dssz=19&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040010&oid=3&pvsid=1917703909833469&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=23&ifi=0&uci=a!0&fsb=1&dtd=182
Frame ID: E8E75974A44A1BC4C4D21610773C8BCB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8700697432536079&output=html&h=200&adk=3715268300&adf=3943602527&w=840&lmt=1572017074&num_ads=1&sem=mc&pwprc=5793312753&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=840x200&url=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&flash=0&pra=3&wgl=1&fa=27&adsid=NT&dt=1572017074095&bpp=6&bdt=660&fdt=7&idt=7&shv=r20191022&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=8278445738126&frm=20&pv=1&ga_vid=1395918697.1572017074&ga_sid=1572017074&ga_hid=501936404&ga_fc=0&iag=0&icsg=2853518&dssz=20&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=373&ady=3229&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040010&oid=3&pvsid=1917703909833469&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=23&ifi=1&uci=a!1&fsb=1&xpc=EzsWqZhwV5&p=http%3A//www.allthingsdfir.com&dtd=11
Frame ID: 68E018BA1E6631B1E2FA92737026DB90
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8700697432536079&output=html&h=200&adk=3715268300&adf=2066135634&w=840&lmt=1572017074&num_ads=1&sem=mc&pwprc=5793312753&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=840x200&url=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&flash=0&pra=3&wgl=1&fa=27&adsid=NT&dt=1572017074109&bpp=5&bdt=674&fdt=5&idt=6&shv=r20191022&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=0x0%2C840x200&nras=3&correlator=8278445738126&frm=20&pv=1&ga_vid=1395918697.1572017074&ga_sid=1572017074&ga_hid=501936404&ga_fc=0&iag=0&icsg=11242126&dssz=21&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=373&ady=3890&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040010&oid=3&pvsid=1917703909833469&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=23&ifi=2&uci=a!2&fsb=1&xpc=P13sLELV47&p=http%3A//www.allthingsdfir.com&dtd=9
Frame ID: DB131BE57730A43824D6A4C9916F7FDE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8700697432536079&output=html&h=200&adk=3715268300&adf=2151103379&w=840&lmt=1572017074&num_ads=1&sem=mc&pwprc=5793312753&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=840x200&url=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&flash=0&pra=3&wgl=1&fa=27&adsid=NT&dt=1572017074122&bpp=4&bdt=688&fdt=5&idt=5&shv=r20191022&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=0x0%2C840x200%2C840x200&nras=4&correlator=8278445738126&frm=20&pv=1&ga_vid=1395918697.1572017074&ga_sid=1572017074&ga_hid=501936404&ga_fc=0&iag=0&icsg=11242126&dssz=21&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=373&ady=8733&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040010&oid=3&pvsid=1917703909833469&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=23&ifi=3&uci=a!3&fsb=1&xpc=onBb5JGjzH&p=http%3A//www.allthingsdfir.com&dtd=8
Frame ID: C6D1CA1844F02562A363B371A24694D6
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=allthingsdfir&t_u=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&t_d=%22Tracing%22%20Malicious%20Downloads&t_t=%22Tracing%22%20Malicious%20Downloads&s_o=default
Frame ID: 035ED0F2F67393FF4EBCBDC819EC7CEF
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • meta generator /Ghost(?:\s([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • meta generator /Ghost(?:\s([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /react.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i

Page Statistics

37
Requests

65 %
HTTPS

60 %
IPv6

11
Domains

13
Subdomains

10
IPs

4
Countries

1151 kB
Transfer

1504 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

37 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.allthingsdfir.com/tracing-malicious-downloads/
31 KB
10 KB
Document
General
Full URL
http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Server
138.68.3.44 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx / Express
Resource Hash
09254c7d8ba22e319970d382ee038d918562b9d1382af62debb4a3dcfac908a6

Request headers

Host
www.allthingsdfir.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx
Date
Fri, 25 Oct 2019 15:24:33 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
Express
Cache-Control
public, max-age=0
ETag
W/"7d6b-7xBQJKsu7QXAnpVcVvoCEfKT3EE"
Vary
Accept-Encoding
Content-Encoding
gzip
screen.css
www.allthingsdfir.com/assets/built/
35 KB
8 KB
Stylesheet
General
Full URL
http://www.allthingsdfir.com/assets/built/screen.css?v=6ba5d2ba86
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Server
138.68.3.44 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx / Express
Resource Hash
38a84488a92ecce4cc9f9ce49816ca20c40683ee68552f4630fd7e143d315dc9

Request headers

Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:33 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Tue, 08 Oct 2019 01:16:32 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"8a6c-16da8f06da4"
Transfer-Encoding
chunked
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
ghost-sdk.min.js
www.allthingsdfir.com/public/
751 B
1 KB
Script
General
Full URL
http://www.allthingsdfir.com/public/ghost-sdk.min.js?v=6ba5d2ba86
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Server
138.68.3.44 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx / Express
Resource Hash
f2831147657d57b0481dd0d71764ad2d412b46cc17d40e18f606e19a5b6f6cf5

Request headers

Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:33 GMT
ETag
"b56eb2beac7328e1e5fdf3cb583ff216"
Server
nginx
X-Powered-By
Express
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=31536000
Connection
keep-alive
Content-Length
751
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
103 KB
36 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
7730c095f1686fece5b7f9a56f7f60e8f450475754e403a4e8dbc911fbf32551
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 25 Oct 2019 15:24:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
36912
x-xss-protection
0
server
cafe
etag
1245316868701029799
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 25 Oct 2019 15:24:33 GMT
Figure1-1.png
www.allthingsdfir.com/content/images/2018/09/
7 KB
7 KB
Image
General
Full URL
http://www.allthingsdfir.com/content/images/2018/09/Figure1-1.png
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Server
138.68.3.44 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx / Express
Resource Hash
462e82cdaa0d4e0e95d33e30eff75cf49acd3ebd47232a2af1a5793d9b4b9e6d

Request headers

Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:33 GMT
Last-Modified
Sun, 16 Sep 2018 00:00:46 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"1a8b-165dfadfd1b"
Content-Type
image/png
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6795
Figure2-1.png
www.allthingsdfir.com/content/images/2018/09/
10 KB
10 KB
Image
General
Full URL
http://www.allthingsdfir.com/content/images/2018/09/Figure2-1.png
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Server
138.68.3.44 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx / Express
Resource Hash
4973b6ea8d5dae473262a6293065e994ab5e1aad8b50b0a33e33b54555115de2

Request headers

Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:33 GMT
Last-Modified
Sun, 16 Sep 2018 00:01:04 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"2757-165dfae433b"
Content-Type
image/png
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10071
Figure3-1.png
www.allthingsdfir.com/content/images/2018/09/
10 KB
11 KB
Image
General
Full URL
http://www.allthingsdfir.com/content/images/2018/09/Figure3-1.png
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Server
138.68.3.44 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx / Express
Resource Hash
6625496eb189a6ce699fed0d12df95af06350d75d7d380ef03a7ac34056c15d3

Request headers

Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:33 GMT
Last-Modified
Sun, 16 Sep 2018 00:01:40 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"2915-165dfaed187"
Content-Type
image/png
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10517
Figure4-1.png
www.allthingsdfir.com/content/images/2018/09/
28 KB
29 KB
Image
General
Full URL
http://www.allthingsdfir.com/content/images/2018/09/Figure4-1.png
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Server
138.68.3.44 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx / Express
Resource Hash
df587b90a3d8c5c89c8182b24f2c3f996c9c67bd76bca79ef6e7312ac180c03a

Request headers

Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:33 GMT
Last-Modified
Sun, 16 Sep 2018 00:01:52 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"718b-165dfaeff46"
Content-Type
image/png
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
29067
Figure5-1.png
www.allthingsdfir.com/content/images/2018/09/
75 KB
75 KB
Image
General
Full URL
http://www.allthingsdfir.com/content/images/2018/09/Figure5-1.png
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Server
138.68.3.44 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx / Express
Resource Hash
2feab66a44caadda5bde086afd3abc7f006b46590a811a8278005ce899720736

Request headers

Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:33 GMT
Last-Modified
Sun, 16 Sep 2018 00:02:23 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"12cb3-165dfaf78a6"
Content-Type
image/png
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
76979
Profile_Picture_JC.jpg
www.allthingsdfir.com/content/images/2018/09/
147 KB
147 KB
Image
General
Full URL
http://www.allthingsdfir.com/content/images/2018/09/Profile_Picture_JC.jpg
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Server
138.68.3.44 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx / Express
Resource Hash
46219ac501fd468f2f13dca3c1b3ea74516d8225c6d599fbe5088f2f814debdb

Request headers

Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:33 GMT
Last-Modified
Sun, 16 Sep 2018 01:30:38 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"24a72-165e00043a7"
Content-Type
image/jpeg
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
150130
Favicon.ico
www.allthingsdfir.com/content/images/2018/09/
53 KB
40 KB
Image
General
Full URL
http://www.allthingsdfir.com/content/images/2018/09/Favicon.ico
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Server
138.68.3.44 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx / Express
Resource Hash
6cf7adbf7b868ef34f4b0e0fca588590be7f8257e465119e0fdaa7ede33ae7cc

Request headers

Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:33 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Sun, 16 Sep 2018 01:14:56 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"d5cd-165dff1e5b3"
Transfer-Encoding
chunked
Content-Type
image/x-icon
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
jquery-3.2.1.min.js
code.jquery.com/
85 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.2.1.min.js
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Sec-Fetch-Mode
cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
Origin
http://www.allthingsdfir.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:33 GMT
Content-Encoding
gzip
Last-Modified
Mon, 20 Mar 2017 19:01:15 GMT
Server
nginx
ETag
W/"58d026fb-15283"
Vary
Accept-Encoding
X-HW
1572017073.dop124.fr8.t,1572017073.cds128.fr8.shn,1572017073.cds128.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
30125
jquery.fitvids.js
www.allthingsdfir.com/assets/js/
3 KB
2 KB
Script
General
Full URL
http://www.allthingsdfir.com/assets/js/jquery.fitvids.js?v=6ba5d2ba86
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Server
138.68.3.44 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
nginx / Express
Resource Hash
6e3fc9948343d85d59440451c12f2de1ddb6c2132ae503314f6ac6b3f87218a8

Request headers

Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:33 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Tue, 08 Oct 2019 01:16:32 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"d76-16da8f06da4"
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
embed.js
allthingsdfir.disqus.com/
63 KB
21 KB
Script
General
Full URL
https://allthingsdfir.disqus.com/embed.js
Requested by
Host: www.allthingsdfir.com
URL: http://www.allthingsdfir.com/tracing-malicious-downloads/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
276aa5e4dc5b11ad0d98e428278dc9f1a668073e58766e023e66e933416124c2
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
0
Connection
keep-alive
Content-Length
20427
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 23 Oct 2019 18:04:38 GMT
Server
nginx
ETag
"5db09636-4fcb"
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache, private, must-revalidate, no-transform
Timing-Allow-Origin
*
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Expires
Fri, 25 Oct 2019 15:24:33 GMT
integrator.js
adservice.google.de/adsid/
109 B
319 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.allthingsdfir.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Oct 2019 15:24:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.allthingsdfir.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Oct 2019 15:24:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20191022/r20190131/
241 KB
88 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20191022/r20190131/show_ads_impl.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
4814577bbb7edeee569ce9f71c53033d76b0620d4ccf1999c8c0bed67c0f9f2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 25 Oct 2019 15:24:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
90365
x-xss-protection
0
server
cafe
etag
16768665619486995544
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Oct 2019 15:24:33 GMT
photo-1516345079912-c3e011a5a848
images.unsplash.com/
139 KB
139 KB
Image
General
Full URL
https://images.unsplash.com/photo-1516345079912-c3e011a5a848?ixlib=rb-0.3.5&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=1080&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ&s=48132edc938989ca68b5e11ea6c50446
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::720 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
imgix /
Resource Hash
503ec79f182d798996ada383206f28f173f7078d2938f5b2c2a5c91be6c53c04
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 25 Oct 2019 15:24:33 GMT
x-content-type-options
nosniff
last-modified
Mon, 21 Oct 2019 10:42:55 GMT
server
imgix
age
362519
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
public, max-age=315360000
x-imgix-id
4d903f0360f602483ea2bcf44d1623821feab00a
accept-ranges
bytes
access-control-allow-origin
*
content-length
142044
x-served-by
cache-lax8636-LAX, cache-fra19176-FRA
photo-1514302240736-b1fee5985889
images.unsplash.com/
89 KB
89 KB
Image
General
Full URL
https://images.unsplash.com/photo-1514302240736-b1fee5985889?ixlib=rb-1.2.1&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=1080&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::720 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
imgix /
Resource Hash
c8d8c366cdc3194bcdadc139cf3ede1023ad7ca43cb36c802c5b08212c161497
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 25 Oct 2019 15:24:33 GMT
x-content-type-options
nosniff
server
imgix
age
13979345
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
public, max-age=315360000
x-imgix-id
ba2d9c38f3f23a04c80cd6efc0f087c10a5dbc3c
accept-ranges
bytes
access-control-allow-origin
*
content-length
91234
x-served-by
cache-lax8646-LAX, cache-fra19176-FRA
photo-1527600478564-488952effedb
images.unsplash.com/
76 KB
77 KB
Image
General
Full URL
https://images.unsplash.com/photo-1527600478564-488952effedb?ixlib=rb-0.3.5&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=1080&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ&s=f5a9a0c8e5a79304bd94814afd290903
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::720 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
imgix /
Resource Hash
ed4a70ca780757bd7386faec3e89250cd06e10962ab3585a336f35412e4d0f21
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 25 Oct 2019 15:24:33 GMT
x-content-type-options
nosniff
last-modified
Mon, 14 Oct 2019 03:33:32 GMT
server
imgix
age
993079
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
public, max-age=315360000
x-imgix-id
459736db89cd7d792c8ab53222f9c60e39e2299d
accept-ranges
bytes
access-control-allow-origin
*
content-length
78208
x-served-by
cache-lax8639-LAX, cache-fra19176-FRA
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20191022/r20190131/ Frame FE0B
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20191022/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20191022/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Wed, 23 Oct 2019 04:03:47 GMT
expires
Wed, 06 Nov 2019 04:03:47 GMT
content-type
text/html; charset=UTF-8
etag
8648543205226238674
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
7402
x-xss-protection
0
cache-control
public, max-age=1209600
age
213646
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
ads
googleads.g.doubleclick.net/pagead/ Frame E8E7
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8700697432536079&output=html&adk=1812271804&adf=3025194257&lmt=1572017073&plat=1%3A32776%2C2%3A32776%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A1081344&guci=1.2.0.0.2.2.0.0&format=0x0&url=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1572017073777&bpp=13&bdt=342&fdt=165&idt=165&shv=r20191022&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=8278445738126&frm=20&pv=2&ga_vid=1395918697.1572017074&ga_sid=1572017074&ga_hid=501936404&ga_fc=0&iag=0&icsg=756366&dssz=19&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040010&oid=3&pvsid=1917703909833469&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=23&ifi=0&uci=a!0&fsb=1&dtd=182
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191022/r20190131/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8700697432536079&output=html&adk=1812271804&adf=3025194257&lmt=1572017073&plat=1%3A32776%2C2%3A32776%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A1081344&guci=1.2.0.0.2.2.0.0&format=0x0&url=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1572017073777&bpp=13&bdt=342&fdt=165&idt=165&shv=r20191022&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=8278445738126&frm=20&pv=2&ga_vid=1395918697.1572017074&ga_sid=1572017074&ga_hid=501936404&ga_fc=0&iag=0&icsg=756366&dssz=19&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040010&oid=3&pvsid=1917703909833469&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=23&ifi=0&uci=a!0&fsb=1&dtd=182
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 25 Oct 2019 15:24:34 GMT
server
cafe
content-length
521
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Fri, 25-Oct-2019 15:39:33 GMT; path=/; domain=.doubleclick.net
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires
Fri, 25 Oct 2019 15:24:34 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/
77 KB
29 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191022/r20190131/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
6ea513209d279ad98847b40b2efafa36378a2b57dc720e66103d0e102cf53230
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 25 Oct 2019 15:24:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1571829475333115"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29164
x-xss-protection
0
expires
Fri, 25 Oct 2019 15:24:33 GMT
reactive_library.js
pagead2.googlesyndication.com/pagead/js/r20191022/r20190131/
152 KB
54 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20191022/r20190131/reactive_library.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191022/r20190131/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
6c507e3debd14fa2471a7eccd64b2dfff5ce842a42d1ead55df4eeca77cd4933
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 25 Oct 2019 15:24:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
54888
x-xss-protection
0
server
cafe
etag
10975819740049371846
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Oct 2019 15:24:34 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 68E0
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8700697432536079&output=html&h=200&adk=3715268300&adf=3943602527&w=840&lmt=1572017074&num_ads=1&sem=mc&pwprc=5793312753&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=840x200&url=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&flash=0&pra=3&wgl=1&fa=27&adsid=NT&dt=1572017074095&bpp=6&bdt=660&fdt=7&idt=7&shv=r20191022&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=8278445738126&frm=20&pv=1&ga_vid=1395918697.1572017074&ga_sid=1572017074&ga_hid=501936404&ga_fc=0&iag=0&icsg=2853518&dssz=20&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=373&ady=3229&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040010&oid=3&pvsid=1917703909833469&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=23&ifi=1&uci=a!1&fsb=1&xpc=EzsWqZhwV5&p=http%3A//www.allthingsdfir.com&dtd=11
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191022/r20190131/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8700697432536079&output=html&h=200&adk=3715268300&adf=3943602527&w=840&lmt=1572017074&num_ads=1&sem=mc&pwprc=5793312753&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=840x200&url=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&flash=0&pra=3&wgl=1&fa=27&adsid=NT&dt=1572017074095&bpp=6&bdt=660&fdt=7&idt=7&shv=r20191022&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=8278445738126&frm=20&pv=1&ga_vid=1395918697.1572017074&ga_sid=1572017074&ga_hid=501936404&ga_fc=0&iag=0&icsg=2853518&dssz=20&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=373&ady=3229&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040010&oid=3&pvsid=1917703909833469&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=23&ifi=1&uci=a!1&fsb=1&xpc=EzsWqZhwV5&p=http%3A//www.allthingsdfir.com&dtd=11
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 25 Oct 2019 15:24:34 GMT
server
cafe
content-length
14247
x-xss-protection
0
set-cookie
IDE=AHWqTUnYM0LCHzr-Uhwm9qjN1XADYiod-RBZdrKaSHSxjEMLL1wOK_slxTtHIz5R; expires=Wed, 18-Nov-2020 15:24:34 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires
Fri, 25 Oct 2019 15:24:34 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame DB13
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8700697432536079&output=html&h=200&adk=3715268300&adf=2066135634&w=840&lmt=1572017074&num_ads=1&sem=mc&pwprc=5793312753&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=840x200&url=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&flash=0&pra=3&wgl=1&fa=27&adsid=NT&dt=1572017074109&bpp=5&bdt=674&fdt=5&idt=6&shv=r20191022&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=0x0%2C840x200&nras=3&correlator=8278445738126&frm=20&pv=1&ga_vid=1395918697.1572017074&ga_sid=1572017074&ga_hid=501936404&ga_fc=0&iag=0&icsg=11242126&dssz=21&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=373&ady=3890&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040010&oid=3&pvsid=1917703909833469&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=23&ifi=2&uci=a!2&fsb=1&xpc=P13sLELV47&p=http%3A//www.allthingsdfir.com&dtd=9
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191022/r20190131/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8700697432536079&output=html&h=200&adk=3715268300&adf=2066135634&w=840&lmt=1572017074&num_ads=1&sem=mc&pwprc=5793312753&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=840x200&url=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&flash=0&pra=3&wgl=1&fa=27&adsid=NT&dt=1572017074109&bpp=5&bdt=674&fdt=5&idt=6&shv=r20191022&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=0x0%2C840x200&nras=3&correlator=8278445738126&frm=20&pv=1&ga_vid=1395918697.1572017074&ga_sid=1572017074&ga_hid=501936404&ga_fc=0&iag=0&icsg=11242126&dssz=21&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=373&ady=3890&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040010&oid=3&pvsid=1917703909833469&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=23&ifi=2&uci=a!2&fsb=1&xpc=P13sLELV47&p=http%3A//www.allthingsdfir.com&dtd=9
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 25 Oct 2019 15:24:34 GMT
server
cafe
content-length
24316
x-xss-protection
0
set-cookie
IDE=AHWqTUn0NYqsqXY2wBrAeF9HXH6aU8kDV87V4yT3dk692TcialC4SUqc7OmuzcvX; expires=Wed, 18-Nov-2020 15:24:34 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires
Fri, 25 Oct 2019 15:24:34 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame C6D1
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8700697432536079&output=html&h=200&adk=3715268300&adf=2151103379&w=840&lmt=1572017074&num_ads=1&sem=mc&pwprc=5793312753&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=840x200&url=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&flash=0&pra=3&wgl=1&fa=27&adsid=NT&dt=1572017074122&bpp=4&bdt=688&fdt=5&idt=5&shv=r20191022&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=0x0%2C840x200%2C840x200&nras=4&correlator=8278445738126&frm=20&pv=1&ga_vid=1395918697.1572017074&ga_sid=1572017074&ga_hid=501936404&ga_fc=0&iag=0&icsg=11242126&dssz=21&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=373&ady=8733&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040010&oid=3&pvsid=1917703909833469&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=23&ifi=3&uci=a!3&fsb=1&xpc=onBb5JGjzH&p=http%3A//www.allthingsdfir.com&dtd=8
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191022/r20190131/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8700697432536079&output=html&h=200&adk=3715268300&adf=2151103379&w=840&lmt=1572017074&num_ads=1&sem=mc&pwprc=5793312753&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=840x200&url=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&flash=0&pra=3&wgl=1&fa=27&adsid=NT&dt=1572017074122&bpp=4&bdt=688&fdt=5&idt=5&shv=r20191022&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=0x0%2C840x200%2C840x200&nras=4&correlator=8278445738126&frm=20&pv=1&ga_vid=1395918697.1572017074&ga_sid=1572017074&ga_hid=501936404&ga_fc=0&iag=0&icsg=11242126&dssz=21&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=373&ady=8733&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040010&oid=3&pvsid=1917703909833469&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=23&ifi=3&uci=a!3&fsb=1&xpc=onBb5JGjzH&p=http%3A//www.allthingsdfir.com&dtd=8
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 25 Oct 2019 15:24:34 GMT
server
cafe
content-length
205
x-xss-protection
0
set-cookie
IDE=AHWqTUkmZvR6ZhyAzK1cLFSAbee8SyjF6fYroKs8FjB7zW9Yw1WwpB5zCVnixrsf; expires=Wed, 18-Nov-2020 15:24:34 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires
Fri, 25 Oct 2019 15:24:34 GMT
cache-control
private
lounge.953a2bd009935f47a8e815c3ee2bfc5a.css
c.disquscdn.com/next/embed/styles/
0
21 KB
Other
General
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.953a2bd009935f47a8e815c3ee2bfc5a.css
Requested by
Host: allthingsdfir.disqus.com
URL: https://allthingsdfir.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4ea6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 25 Oct 2019 15:24:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
2038304
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
21493
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Wed, 02 Oct 2019 01:07:45 GMT
server
cloudflare
etag
"5d93f861-53f5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
cf-ray
52b532bafa4bcbb8-VIE
expires
Thu, 01 Oct 2020 01:12:47 GMT
common.bundle.9ae27258a9490b17fbb3b9cdf530aff0.js
c.disquscdn.com/next/embed/
0
88 KB
Other
General
Full URL
https://c.disquscdn.com/next/embed/common.bundle.9ae27258a9490b17fbb3b9cdf530aff0.js
Requested by
Host: allthingsdfir.disqus.com
URL: https://allthingsdfir.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4ea6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 25 Oct 2019 15:24:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
223002
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
90428
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Wed, 23 Oct 2019 01:20:44 GMT
server
cloudflare
etag
"5dafaaec-1613c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
cf-ray
52b532bafa4ecbb8-VIE
expires
Thu, 22 Oct 2020 01:27:45 GMT
lounge.bundle.0adc4cfceff8c3ab4259d467d6ea3419.js
c.disquscdn.com/next/embed/
0
107 KB
Other
General
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.0adc4cfceff8c3ab4259d467d6ea3419.js
Requested by
Host: allthingsdfir.disqus.com
URL: https://allthingsdfir.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4ea6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 25 Oct 2019 15:24:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
223002
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
109409
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Wed, 23 Oct 2019 01:20:44 GMT
server
cloudflare
etag
"5dafaaec-1ab61"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
cf-ray
52b532bafa51cbb8-VIE
expires
Thu, 22 Oct 2020 01:27:45 GMT
config.js
disqus.com/next/
0
3 KB
Other
General
Full URL
https://disqus.com/next/config.js
Requested by
Host: allthingsdfir.disqus.com
URL: https://allthingsdfir.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
28
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
2227
X-XSS-Protection
1; mode=block
Server
nginx
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Timing-Allow-Origin
*
/
disqus.com/embed/comments/ Frame 035E
0
0
Document
General
Full URL
https://disqus.com/embed/comments/?base=default&f=allthingsdfir&t_u=http%3A%2F%2Fwww.allthingsdfir.com%2Ftracing-malicious-downloads%2F&t_d=%22Tracing%22%20Malicious%20Downloads&t_t=%22Tracing%22%20Malicious%20Downloads&s_o=default
Requested by
Host: allthingsdfir.disqus.com
URL: https://allthingsdfir.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/

Response headers

Server
nginx
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
text/html; charset=utf-8
Last-Modified
Tue, 13 Aug 2019 03:24:26 GMT
ETag
W/"lounge:view:7306857404.8c9bda06562dadc3a18b395e06691a87.2"
Content-Encoding
gzip
Content-Length
3536
Date
Fri, 25 Oct 2019 15:24:34 GMT
Age
0
Connection
keep-alive
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
alfalfalfa.0823c767a3bc925f628afd9bed26c958.js
c.disquscdn.com/next/embed/
77 KB
26 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/alfalfalfa.0823c767a3bc925f628afd9bed26c958.js
Requested by
Host: allthingsdfir.disqus.com
URL: https://allthingsdfir.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4ea6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
718fd5c03df797aa7be456f091bd611676b7f65a52aa564d252618036a235090
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 25 Oct 2019 15:24:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
8444200
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
26299
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Thu, 11 Jul 2019 21:15:28 GMT
server
cloudflare
etag
"5d27a6f0-66bb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
cf-ray
52b532bedb9acbb8-VIE
expires
Tue, 14 Jul 2020 14:45:05 GMT
pixel.gif
cdn.viglink.com/images/
43 B
694 B
Image
General
Full URL
http://cdn.viglink.com/images/pixel.gif?ch=1&rn=4.837016020548945
Protocol
HTTP/1.1
Server
2606:4700::6810:a00d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:35 GMT
CF-Cache-Status
HIT
Last-Modified
Tue, 10 Feb 2015 03:29:39 GMT
Server
cloudflare
Age
14
ETag
"221d8352905f2c38b3cb2bd191d630b0"
Vary
Accept-Encoding
Content-Type
image/gif
Cache-Control
max-age=15, must-revalidate
Content-Length
43
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
52b532bf2bce5994-VIE
x-amz-request-id
8D4FAEC87454B7B3
x-amz-id-2
pUIcNHuEITwITJAFv0zf1eMWqWeJVfzBeFeZF51cZGt5vvArCq3oVjQ/5N6crQW0Hv3Wnj02BRA=
pixel.gif
cdn.viglink.com/images/
43 B
694 B
Image
General
Full URL
http://cdn.viglink.com/images/pixel.gif?ch=2&rn=4.837016020548945
Protocol
HTTP/1.1
Server
2606:4700::6810:a00d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 25 Oct 2019 15:24:35 GMT
CF-Cache-Status
HIT
Last-Modified
Tue, 10 Feb 2015 03:29:39 GMT
Server
cloudflare
Age
14
ETag
"221d8352905f2c38b3cb2bd191d630b0"
Vary
Accept-Encoding
Content-Type
image/gif
Cache-Control
max-age=15, must-revalidate
Content-Length
43
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
52b532bf2ac35958-VIE
x-amz-request-id
8D4FAEC87454B7B3
x-amz-id-2
pUIcNHuEITwITJAFv0zf1eMWqWeJVfzBeFeZF51cZGt5vvArCq3oVjQ/5N6crQW0Hv3Wnj02BRA=
ping
links.services.disqus.com/api/
218 B
848 B
XHR
General
Full URL
https://links.services.disqus.com/api/ping
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfalfalfa.0823c767a3bc925f628afd9bed26c958.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
f5b7e8a522671c10eca48dd93ba7460f7a6c9d6b2d1a15ee9647246fae9a3579

Request headers

Sec-Fetch-Mode
cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Fri, 25 Oct 2019 15:24:35 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
http://www.allthingsdfir.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
218
Expires
Thu, 01 Jan 1970 00:00:00 GMT
domains
links.services.disqus.com/api/
82 B
519 B
XHR
General
Full URL
https://links.services.disqus.com/api/domains
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfalfalfa.0823c767a3bc925f628afd9bed26c958.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
ae3757ad92d972d8ce8bfb9944b38fafd2d6dbc13221c9f7fb8188a25f35b702

Request headers

Sec-Fetch-Mode
cors
Referer
http://www.allthingsdfir.com/tracing-malicious-downloads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Fri, 25 Oct 2019 15:24:35 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
http://www.allthingsdfir.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
82
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| ghost object| adsbygoogle object| google_js_reporting_queue number| google_srt object| google_ad_modifications object| google_logging_queue object| ggeac boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots function| google_spfd object| google_sv_map object| google_t12n_vars object| images function| $ function| jQuery function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_jobrunner object| google_persistent_state_async object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| google_iframe_oncopy boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb boolean| _gfp_p_ number| google_lpabyc number| google_unique_id object| google_llp object| DISQUS boolean| __v5k function| vl_cB function| vl_disable function| vglnk_15720170750426 object| vglnk undefined| vglnk_15720170755437 undefined| vglnk_15720170756159

1 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: IDE
Value: AHWqTUnYM0LCHzr-Uhwm9qjN1XADYiod-RBZdrKaSHSxjEMLL1wOK_slxTtHIz5R

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
allthingsdfir.disqus.com
c.disquscdn.com
cdn.viglink.com
code.jquery.com
disqus.com
googleads.g.doubleclick.net
images.unsplash.com
links.services.disqus.com
pagead2.googlesyndication.com
www.allthingsdfir.com
www.googletagservices.com
138.68.3.44
151.101.0.134
151.101.112.134
151.101.112.64
2001:4de0:ac19::1:b:3b
2606:4700::6810:4ea6
2606:4700::6810:a00d
2a00:1450:4001:816::2002
2a00:1450:4001:820::2002
2a04:4e42:3::720
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
09254c7d8ba22e319970d382ee038d918562b9d1382af62debb4a3dcfac908a6
276aa5e4dc5b11ad0d98e428278dc9f1a668073e58766e023e66e933416124c2
2feab66a44caadda5bde086afd3abc7f006b46590a811a8278005ce899720736
38a84488a92ecce4cc9f9ce49816ca20c40683ee68552f4630fd7e143d315dc9
46219ac501fd468f2f13dca3c1b3ea74516d8225c6d599fbe5088f2f814debdb
462e82cdaa0d4e0e95d33e30eff75cf49acd3ebd47232a2af1a5793d9b4b9e6d
4814577bbb7edeee569ce9f71c53033d76b0620d4ccf1999c8c0bed67c0f9f2a
4973b6ea8d5dae473262a6293065e994ab5e1aad8b50b0a33e33b54555115de2
503ec79f182d798996ada383206f28f173f7078d2938f5b2c2a5c91be6c53c04
6625496eb189a6ce699fed0d12df95af06350d75d7d380ef03a7ac34056c15d3
6c507e3debd14fa2471a7eccd64b2dfff5ce842a42d1ead55df4eeca77cd4933
6cf7adbf7b868ef34f4b0e0fca588590be7f8257e465119e0fdaa7ede33ae7cc
6e3fc9948343d85d59440451c12f2de1ddb6c2132ae503314f6ac6b3f87218a8
6ea513209d279ad98847b40b2efafa36378a2b57dc720e66103d0e102cf53230
718fd5c03df797aa7be456f091bd611676b7f65a52aa564d252618036a235090
7730c095f1686fece5b7f9a56f7f60e8f450475754e403a4e8dbc911fbf32551
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
ae3757ad92d972d8ce8bfb9944b38fafd2d6dbc13221c9f7fb8188a25f35b702
c8d8c366cdc3194bcdadc139cf3ede1023ad7ca43cb36c802c5b08212c161497
df587b90a3d8c5c89c8182b24f2c3f996c9c67bd76bca79ef6e7312ac180c03a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed4a70ca780757bd7386faec3e89250cd06e10962ab3585a336f35412e4d0f21
f2831147657d57b0481dd0d71764ad2d412b46cc17d40e18f606e19a5b6f6cf5
f5b7e8a522671c10eca48dd93ba7460f7a6c9d6b2d1a15ee9647246fae9a3579