urlscan.io logo urlscan.io
SecurityTrails logo

www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Submission: On March 30 via api from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 55 IPs in 7 countries across 38 domains to perform 318 HTTP transactions. The main IP is 104.20.59.209, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bleepingcomputer.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 12th 2018. Valid for: 2 years.
This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.20.59.209 13335 (CLOUDFLAR...)
5 2a00:1450:400... 15169 (GOOGLE)
42 104.26.13.6 13335 (CLOUDFLAR...)
2 151.101.114.217 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
3 3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
4 23.210.248.44 16625 (AKAMAI-AS)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 178.79.175.86 63949 (LINODE-AP...)
12 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:21f... 16509 (AMAZON-02)
9 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 172.217.18.166 15169 (GOOGLE)
8 151.101.14.217 54113 (FASTLY)
2 2600:9000:20e... 16509 (AMAZON-02)
1 95.101.185.246 20940 (AKAMAI-ASN1)
3 35.188.71.214 15169 (GOOGLE)
1 13.226.155.104 16509 (AMAZON-02)
1 50.16.134.22 14618 (AMAZON-AES)
12 172.217.16.194 15169 (GOOGLE)
1 2600:9000:215... 16509 (AMAZON-02)
1 13.224.194.97 16509 (AMAZON-02)
7 143.204.90.242 16509 (AMAZON-02)
2 143.204.97.120 16509 (AMAZON-02)
3 52.206.202.13 14618 (AMAZON-AES)
6 48 34.95.120.147 15169 (GOOGLE)
2 4 104.74.100.205 16625 (AKAMAI-AS)
1 52.6.68.76 14618 (AMAZON-AES)
1 13.225.73.111 16509 (AMAZON-02)
12 146.20.132.163 27357 (RACKSPACE)
1 34.200.100.213 14618 (AMAZON-AES)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 199.232.53.140 54113 (FASTLY)
3 2600:1f18:612... 14618 (AMAZON-AES)
18 2a00:1450:400... 15169 (GOOGLE)
5 35.226.36.58 15169 (GOOGLE)
5 54.93.211.175 16509 (AMAZON-02)
5 185.33.220.145 29990 (ASN-APPNEX)
6 2a02:fa8:8806... 41041 (VCLK-EU-)
5 95.101.185.51 20940 (AKAMAI-ASN1)
10 69.173.144.140 26667 (RUBICONPR...)
11 104.16.68.69 13335 (CLOUDFLAR...)
5 95.101.185.197 20940 (AKAMAI-ASN1)
25 2a00:1450:400... 15169 (GOOGLE)
7 185.33.223.80 29990 (ASN-APPNEX)
1 108.128.234.189 16509 (AMAZON-02)
1 69.16.175.42 20446 (HIGHWINDS3)
1 2a00:1288:f03... 10310 (YAHOO-1)
1 52.18.86.70 16509 (AMAZON-02)
1 6 52.57.98.188 16509 (AMAZON-02)
5 151.101.13.108 54113 (FASTLY)
1 104.109.78.125 20940 (AKAMAI-ASN1)
318 55
1    104.20.59.209 (United States)

ASN13335 (CLOUDFLARENET, US)
www.bleepingcomputer.com
5    2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
42    104.26.13.6 (United States)

ASN13335 (CLOUDFLARENET, US)
www.bleepstatic.com
2    151.101.114.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
cdn.connatix.com
cdns.connatix.com
1    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a00:1450:4001:820::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:815::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cse.google.com
7    2a00:1450:4001:820::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
4    23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com
s9.addthis.com
v1.addthisedge.com
s7.addthis.com
2    2606:4700:20::681a:18b (United States)

ASN13335 (CLOUDFLARENET, US)
a.pub.network
1    178.79.175.86 (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: nb-178-79-175-86.london.nodebalancer.linode.com
ecdn.analysis.fi
12    2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2600:9000:21f3:6200:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)
quantcast.mgr.consensu.org
9    2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
adservice.google.com
googleads.g.doubleclick.net
www.googletagservices.com
2    2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    172.217.18.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s29-in-f6.1e100.net
ad.doubleclick.net
8    151.101.14.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
ck.connatix.com
i.connatix.com
2    2600:9000:20eb:5000:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.quantcast.mgr.consensu.org
1    95.101.185.246 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a95-101-185-246.deploy.static.akamaitechnologies.com
z.moatads.com
3    35.188.71.214 (United States)

ASN15169 (GOOGLE, US)
PTR: 214.71.188.35.bc.googleusercontent.com
d.pub.network
1    13.226.155.104 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-104.dus51.r.cloudfront.net
freestar-io.videoplayerhub.com
1    50.16.134.22 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-134-22.compute-1.amazonaws.com
core.connatix.com
12    172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net
securepubads.g.doubleclick.net
1    2600:9000:2156:d000:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
vendorlist.consensu.org
1    13.224.194.97 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-97.fra2.r.cloudfront.net
api.quantcast.mgr.consensu.org
7    143.204.90.242 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-90-242.fra50.r.cloudfront.net
c.amazon-adsystem.com
2    143.204.97.120 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-97-120.fra50.r.cloudfront.net
ad-delivery.net
3    52.206.202.13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-202-13.compute-1.amazonaws.com
rtb.connatix.com
48    34.95.120.147 (United States)

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com
connatix-d.openx.net
freestar-d.openx.net
eu-u.openx.net
4    104.74.100.205 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-74-100-205.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com
1    52.6.68.76 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-6-68-76.compute-1.amazonaws.com
trk.connatix.com
1    13.225.73.111 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-111.fra2.r.cloudfront.net
audit.quantcast.mgr.consensu.org
12    146.20.132.163 (San Antonio, United States)

ASN27357 (RACKSPACE, US)
ssp.lkqd.net
1    34.200.100.213 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-100-213.compute-1.amazonaws.com
cluster-na.cdnjquery.com
2    2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)
graph.facebook.com
2    199.232.53.140 (Manchester, United Kingdom)

ASN54113 (FASTLY, US)
www.reddit.com
3    2600:1f18:612b:4216:e78e:8f3d:d54e:ee23 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
slckg-4znyf.ads.tremorhub.com
slckg-kqe2e.ads.tremorhub.com
slckg-qrmhc.ads.tremorhub.com
18    2a00:1450:4001:821::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
5    35.226.36.58 (United States)

ASN15169 (GOOGLE, US)
PTR: 58.36.226.35.bc.googleusercontent.com
c.pub.network
5    54.93.211.175 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-211-175.eu-central-1.compute.amazonaws.com
tlx.3lift.com
5    185.33.220.145 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
6    2a02:fa8:8806:12::1430 (Sweden)

ASN41041 (VCLK-EU-, SE)
web.hb.ad.cpe.dotomi.com
5    95.101.185.51 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a95-101-185-51.deploy.static.akamaitechnologies.com
as-sec.casalemedia.com
10    69.173.144.140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
11    104.16.68.69 (United States)

ASN13335 (CLOUDFLARENET, US)
dmx.districtm.io
cdn.districtm.io
5    95.101.185.197 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a95-101-185-197.deploy.static.akamaitechnologies.com
ads.stickyadstv.com
25    2a00:1450:4001:81b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
7    185.33.223.80 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
1    108.128.234.189 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-234-189.eu-west-1.compute.amazonaws.com
vid.springserve.com
1    69.16.175.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: hwcdn.net
vpaid.springserve.com
1    2a00:1288:f03d:1fa::2000 (United Kingdom)

ASN10310 (YAHOO-1, US)
cdn-ssl.vidible.tv
1    52.18.86.70 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
bc-rtb-dub.springserve.com
6    52.57.98.188 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-98-188.eu-central-1.compute.amazonaws.com
eb2.3lift.com
5    151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
acdn.adnxs.com
1    104.109.78.125 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
Apex Domain
Subdomains		 Transfer
48 openx.net
connatix-d.openx.net
freestar-d.openx.net
eu-u.openx.net
11 KB
42 bleepstatic.com
www.bleepstatic.com
307 KB
25 ampproject.org
cdn.ampproject.org
642 KB
25 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
158 KB
17 adnxs.com
ib.adnxs.com
acdn.adnxs.com
13 KB
17 doubleclick.net
googleads.g.doubleclick.net
ad.doubleclick.net
securepubads.g.doubleclick.net
127 KB
15 connatix.com
cdn.connatix.com
cdns.connatix.com
ck.connatix.com
core.connatix.com
rtb.connatix.com
i.connatix.com
trk.connatix.com
509 KB
12 lkqd.net
ssp.lkqd.net
4 KB
12 gstatic.com
fonts.gstatic.com
130 KB
11 districtm.io
dmx.districtm.io
cdn.districtm.io
555 B
11 rubiconproject.com
fastlane.rubiconproject.com
eus.rubiconproject.com
17 KB
11 3lift.com
tlx.3lift.com
eb2.3lift.com
3 KB
10 pub.network
a.pub.network
d.pub.network
c.pub.network
233 KB
7 amazon-adsystem.com
c.amazon-adsystem.com
30 KB
6 dotomi.com
web.hb.ad.cpe.dotomi.com
5 KB
6 consensu.org
quantcast.mgr.consensu.org
static.quantcast.mgr.consensu.org
vendorlist.consensu.org
api.quantcast.mgr.consensu.org
audit.quantcast.mgr.consensu.org
170 KB
5 stickyadstv.com
ads.stickyadstv.com
3 KB
5 casalemedia.com
as-sec.casalemedia.com
5 KB
5 google.com
www.google.com
cse.google.com
adservice.google.com
2 KB
5 googleapis.com
fonts.googleapis.com
4 KB
4 scorecardresearch.com
sb.scorecardresearch.com
4 KB
3 springserve.com
vid.springserve.com
vpaid.springserve.com
bc-rtb-dub.springserve.com
vid-io.springserve.com Failed
100 KB
3 tremorhub.com
slckg-4znyf.ads.tremorhub.com
slckg-kqe2e.ads.tremorhub.com
slckg-qrmhc.ads.tremorhub.com
2 KB
3 googletagservices.com
www.googletagservices.com
70 KB
3 addthis.com
s9.addthis.com
s7.addthis.com
189 KB
2 reddit.com
www.reddit.com
2 KB
2 facebook.com
graph.facebook.com
1 KB
2 ad-delivery.net
ad-delivery.net
1 KB
2 google-analytics.com
www.google-analytics.com
18 KB
1 vidible.tv
cdn-ssl.vidible.tv
8 KB
1 cdnjquery.com
cluster-na.cdnjquery.com
355 B
1 videoplayerhub.com
freestar-io.videoplayerhub.com
26 KB
1 addthisedge.com
v1.addthisedge.com
855 B
1 moatads.com
z.moatads.com
1 KB
1 google.de
adservice.google.de
171 B
1 analysis.fi
ecdn.analysis.fi
2 KB
1 googletagmanager.com
www.googletagmanager.com
28 KB
1 bleepingcomputer.com
www.bleepingcomputer.com
17 KB
318 38
Domain Requested by
42 www.bleepstatic.com www.bleepingcomputer.com
cdn.connatix.com
www.bleepstatic.com
pagead2.googlesyndication.com
36 connatix-d.openx.net 4 redirects www.bleepingcomputer.com
cdns.connatix.com
25 cdn.ampproject.org securepubads.g.doubleclick.net
18 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
securepubads.g.doubleclick.net
www.bleepingcomputer.com
cdn.ampproject.org
12 ib.adnxs.com a.pub.network
vpaid.springserve.com
12 ssp.lkqd.net cdns.connatix.com
12 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.bleepingcomputer.com
12 fonts.gstatic.com cdn.connatix.com
www.bleepingcomputer.com
cdn.ampproject.org
10 fastlane.rubiconproject.com a.pub.network
7 eu-u.openx.net 2 redirects a.pub.network
7 i.connatix.com www.bleepingcomputer.com
7 c.amazon-adsystem.com a.pub.network
c.amazon-adsystem.com
7 pagead2.googlesyndication.com www.bleepingcomputer.com
pagead2.googlesyndication.com
6 eb2.3lift.com 1 redirects a.pub.network
6 dmx.districtm.io a.pub.network
6 web.hb.ad.cpe.dotomi.com a.pub.network
vpaid.springserve.com
5 acdn.adnxs.com a.pub.network
5 cdn.districtm.io a.pub.network
5 ads.stickyadstv.com cdns.connatix.com
5 freestar-d.openx.net a.pub.network
5 as-sec.casalemedia.com a.pub.network
5 tlx.3lift.com a.pub.network
5 c.pub.network a.pub.network
5 fonts.googleapis.com www.bleepingcomputer.com
securepubads.g.doubleclick.net
4 sb.scorecardresearch.com 2 redirects www.bleepingcomputer.com
4 googleads.g.doubleclick.net pagead2.googlesyndication.com
www.bleepingcomputer.com
3 rtb.connatix.com cdns.connatix.com
3 www.googletagservices.com a.pub.network
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
3 d.pub.network a.pub.network
3 www.google.com 3 redirects
2 www.reddit.com s9.addthis.com
2 graph.facebook.com s9.addthis.com
2 ad-delivery.net freestar-io.videoplayerhub.com
www.bleepingcomputer.com
2 s7.addthis.com s9.addthis.com
2 static.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
2 www.google-analytics.com www.googletagmanager.com
www.bleepingcomputer.com
2 a.pub.network www.bleepingcomputer.com
a.pub.network
1 eus.rubiconproject.com a.pub.network
1 bc-rtb-dub.springserve.com vpaid.springserve.com
1 cdn-ssl.vidible.tv vpaid.springserve.com
1 vpaid.springserve.com cdns.connatix.com
1 vid.springserve.com cdns.connatix.com
1 slckg-qrmhc.ads.tremorhub.com cdns.connatix.com
1 slckg-kqe2e.ads.tremorhub.com cdns.connatix.com
1 slckg-4znyf.ads.tremorhub.com cdns.connatix.com
1 cluster-na.cdnjquery.com freestar-io.videoplayerhub.com
1 audit.quantcast.mgr.consensu.org static.quantcast.mgr.consensu.org
1 trk.connatix.com www.bleepingcomputer.com
1 api.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 vendorlist.consensu.org quantcast.mgr.consensu.org
1 core.connatix.com cdns.connatix.com
1 freestar-io.videoplayerhub.com a.pub.network
1 v1.addthisedge.com s9.addthis.com
1 z.moatads.com s9.addthis.com
1 ck.connatix.com cdns.connatix.com
1 ad.doubleclick.net www.bleepingcomputer.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 quantcast.mgr.consensu.org www.bleepstatic.com
1 cdns.connatix.com cdn.connatix.com
1 ecdn.analysis.fi www.bleepingcomputer.com
1 s9.addthis.com www.bleepingcomputer.com
1 cse.google.com www.bleepingcomputer.com
1 www.googletagmanager.com www.bleepingcomputer.com
1 cdn.connatix.com www.bleepingcomputer.com
1 www.bleepingcomputer.com
0 vid-io.springserve.com Failed vpaid.springserve.com
318 67
Subject Issuer Validity Valid
bleepingcomputer.com
COMODO RSA Domain Validation Secure Server CA		 2018-05-12 -
2020-05-17		 2 years crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2019-11-11 -
2020-10-09		 a year crt.sh
j3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-03-24 -
2021-01-14		 10 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
odc-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2019-10-10 -
2020-09-04		 a year crt.sh
*.analysis.fi
Sectigo RSA Domain Validation Secure Server CA		 2019-06-13 -
2020-06-12		 a year crt.sh
quantcast.mgr.consensu.org
Amazon		 2019-05-06 -
2020-06-06		 a year crt.sh
*.doubleclick.net
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2020-01-17 -
2021-03-17		 a year crt.sh
*.pub.network
Go Daddy Secure Certificate Authority - G2		 2019-02-09 -
2020-05-16		 a year crt.sh
*.videoplayerhub.com
Amazon		 2019-07-18 -
2020-08-18		 a year crt.sh
*.connatix.com
Amazon		 2019-10-19 -
2020-11-19		 a year crt.sh
vendorlist.consensu.org
Amazon		 2020-02-07 -
2021-03-07		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2019-10-07 -
2020-09-29		 a year crt.sh
ad-delivery.net
Amazon		 2019-03-07 -
2020-04-07		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2018-01-04 -
2020-07-09		 3 years crt.sh
*.scorecardresearch.com
Sectigo RSA Organization Validation Secure Server CA		 2019-12-16 -
2020-12-25		 a year crt.sh
*.lkqd.net
Go Daddy Secure Certificate Authority - G2		 2019-05-13 -
2021-07-12		 2 years crt.sh
*.assetbucket.net
Amazon		 2019-09-11 -
2020-10-11		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-03-01 -
2020-05-30		 3 months crt.sh
*.reddit.com
DigiCert SHA2 Secure Server CA		 2018-08-17 -
2020-09-02		 2 years crt.sh
*.tremorhub.com
Amazon		 2019-08-22 -
2020-09-22		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
*.3lift.com
Amazon		 2019-07-17 -
2020-08-17		 a year crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA		 2019-01-23 -
2021-03-08		 2 years crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2019-06-19 -
2021-08-31		 2 years crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2020-03-02 -
2021-04-01		 a year crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA		 2019-01-10 -
2021-01-14		 2 years crt.sh
districtm.io
CloudFlare Inc ECC CA-2		 2020-02-25 -
2020-10-09		 7 months crt.sh
ads.stickyadstv.com
DigiCert SHA2 Secure Server CA		 2019-08-28 -
2020-11-26		 a year crt.sh
misc-sni.google.com
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
*.springserve.com
Amazon		 2020-03-20 -
2021-04-20		 a year crt.sh
cdn-ycs.vidible.tv
DigiCert SHA2 High Assurance Server CA		 2020-01-30 -
2020-07-28		 6 months crt.sh
cdn.adnxs.com
GlobalSign CloudSSL CA - SHA256 - G3		 2019-05-16 -
2020-05-16		 a year crt.sh

This page contains 33 frames:

Primary Page: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Frame ID: E796E3B804A14F8360DC7DAFCC0A67C6
Requests: 170 HTTP requests in this frame

Frame: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Frame ID: 0AF9A28FE2256A89A3407C65A5D906D8
Requests: 60 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200324/r20190131/zrt_lookup.html
Frame ID: E51D7DE96C3B9135AA188D1D2197B81B
Requests: 1 HTTP requests in this frame

Frame: https://static.quantcast.mgr.consensu.org/v32/cmp-3pc-check.html
Frame ID: EC7CE0B68C703307F598C3BD6B2323DB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1585079110&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1585577789951&bpp=5&bdt=389&fdt=249&idt=249&shv=r20200324&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5687104499172&frm=20&pv=2&ga_vid=1950450585.1585577790&ga_sid=1585577791&ga_hid=669732870&ga_fc=0&iag=0&icsg=2260595949182976&dssz=52&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=44713363&oid=3&pvsid=2560246634520143&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=778
Frame ID: 350E9D085209AAFE1D391408026910DD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: FE3F31849FB706F6EB5A2FC241814596
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Frame ID: 9C4FCF821DDB8158DF1D785C5716BD3F
Requests: 14 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssuVDAOv1hLMYzXzEmoaMgJqXbGQPm0gkqCt6zeB9BnfGQK60kBI0kKZJIx1006QGQ6mfr8tanWXTeR3Yby6EPE0b2YJWaDXSvYmNuRKJ7iuaRNm0bBaZ7YX3Yp0_39L7fuzFtCjM5WR6eUWkr5CotU46RiIdkwxOWvaMEKxxJjQ0r8CYzGp81EJ01x0-RPea0tQG49UrFoQfdFI276hC0IYpLpMJUwmg3DtROxlTDqJApnWhERDlWN3X1YaC3J3R0ppmxOvLphxW5yymhc-ehx5hhPkjbF2ovc&sai=AMfl-YSZ6htzewRbEiLUxHXVNB0hUFZljIOcMJ1WkIxxmcYvvSPt9TzLcAc5QvHsEdjyOCyFsoeCh76VQqd6yiGBYAm7KFtzWQtIxWo6g37w&sig=Cg0ArKJSzOoSiLp8tBljEAE&urlfix=1&adurl=
Frame ID: 3C0333D201E143905AF258522580309C
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Frame ID: A810F63C41F3C8DBC754225044355C44
Requests: 16 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Frame ID: 24AEC00BC501BD2D0742F01FCFC3CF83
Requests: 16 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Frame ID: E38B4F1A05D62721D43E37F076C6691B
Requests: 17 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_029b7bdf.js
Frame ID: 02B7E3A0556A11B9F5602AC47DB247F7
Requests: 7 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: FE832D5FE57E76723D367FD0C041F579
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 1E43F2D560F609057218476EF981DBF2
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 184E39992ABD8546DC453C1BFC2E4F79
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: E408D45A226F5695150DC999F2EEF595
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: C813F44161B893DACC99AA2A14EE35C9
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: BDA9C536D8F8AF37983851517C7BD60F
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: A99A7424CB7EFA1A34CD76D8B2B502F1
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 78682CF66A2670096307736D769C842D
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: B9DF5D219AE7149DA73475D1E34506EA
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: A1B507C1DFC107F3AE718A7327D9DEE9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 97D09C559699D787DF74F3C689BE7E8F
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 75AB928512B2BA53B351DCEE5C37EC09
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 54C07741ED7AE286D3EC72B885DFDA2E
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 839E08772F00068C703DF99929086C93
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 84BB2ACEE64AD1FAC937629057E25D53
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 378C51D2C5929C91C7BB6632155041C6
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 4841E07D4E9B8C063A4BA88A23C45315
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 627412460E58F2F1AA8F5301BEDA2B2C
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: C2628CE2CBDC8993FFA223C4116C4DDA
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 1CE36A13763F5B708307DB43CDD7D4FF
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 617D920A7B9B3B181887460B57E274CC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i
Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

318
Requests

97 %
HTTPS

33 %
IPv6

38
Domains

67
Subdomains

55
IPs

7
Countries

2839 kB
Transfer

8039 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 302
  • https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
Request Chain 96
  • https://connatix-d.openx.net/v/1.0/av?auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=4ede751c4459021701811585577790592&vwd=834&vht=469&gdpr=1&gdpr_consent= HTTP 302
  • https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=4ede751c4459021701811585577790592&vwd=834&vht=469&gdpr=1&gdpr_consent=
Request Chain 97
  • https://sb.scorecardresearch.com/p?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1585577790620&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=30000&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_ts=1585577790622&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=1&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&c8=&c9=&cs_ucfr=0 HTTP 302
  • https://sb.scorecardresearch.com/p2?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1585577790620&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=30000&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_ts=1585577790622&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=1&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&c8=&c9=&cs_ucfr=0
Request Chain 118
  • https://connatix-d.openx.net/v/1.0/av?auid=540193965&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=2e8fedd708e8d7042dc31585577791638&vwd=834&vht=470&gdpr=1&gdpr_consent= HTTP 302
  • https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193965&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=2e8fedd708e8d7042dc31585577791638&vwd=834&vht=470&gdpr=1&gdpr_consent=
Request Chain 138
  • https://sb.scorecardresearch.com/p?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1585577790620&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=pause&ns_st_po=1517&ns_st_cl=30000&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=1517&ns_st_dpt=1517&ns_st_ipt=1517&ns_st_et=1517&ns_st_det=1517&ns_st_upc=1517&ns_st_dupc=1517&ns_st_iupc=1517&ns_st_upa=1517&ns_st_dupa=1517&ns_st_iupa=1517&ns_st_lpc=1517&ns_st_dlpc=1517&ns_st_lpa=1517&ns_st_dlpa=1517&ns_st_pa=1517&ns_ts=1585577792139&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=1&ns_st_pp=1&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&c8=&c9=&cs_ucfr=0 HTTP 302
  • https://sb.scorecardresearch.com/p2?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1585577790620&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=pause&ns_st_po=1517&ns_st_cl=30000&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=1517&ns_st_dpt=1517&ns_st_ipt=1517&ns_st_et=1517&ns_st_det=1517&ns_st_upc=1517&ns_st_dupc=1517&ns_st_iupc=1517&ns_st_upa=1517&ns_st_dupa=1517&ns_st_iupa=1517&ns_st_lpc=1517&ns_st_dlpc=1517&ns_st_lpa=1517&ns_st_dlpa=1517&ns_st_pa=1517&ns_ts=1585577792139&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=1&ns_st_pp=1&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&c8=&c9=&cs_ucfr=0
Request Chain 177
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 194
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 261
  • https://connatix-d.openx.net/v/1.0/av?auid=540193964&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=b8742fd5d877874609571585577794778&vwd=834&vht=470&gdpr=1&gdpr_consent= HTTP 302
  • https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193964&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=b8742fd5d877874609571585577794778&vwd=834&vht=470&gdpr=1&gdpr_consent=
Request Chain 276
  • https://eb2.3lift.com/sync HTTP 302
  • https://eb2.3lift.com/sync?&ld=1
Request Chain 278
  • https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1 HTTP 302
  • https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Request Chain 282
  • https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1 HTTP 302
  • https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Request Chain 295
  • https://connatix-d.openx.net/v/1.0/av?auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=ad0c12ae84f0776f071a1585577798889&vwd=834&vht=470&gdpr=1&gdpr_consent= HTTP 302
  • https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=ad0c12ae84f0776f071a1585577798889&vwd=834&vht=470&gdpr=1&gdpr_consent=

318 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/ 		77 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6770479ab4ceac8510e65132c5ef5d8dea924680ab26843fdb1c56f276d61a9e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
www.bleepingcomputer.com
:scheme
https
:path
/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
date
Mon, 30 Mar 2020 14:16:29 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d571bd0cbaac5f22166e9c2115aae8e781585577789; expires=Wed, 29-Apr-20 14:16:29 GMT; path=/; domain=.bleepingcomputer.com; HttpOnly; SameSite=Lax; Secure session_id=c1ff6d1ac2b45c14fa007a0dde899c0a; path=/; domain=.bleepingcomputer.com; httponly;Secure lav=8013; expires=Wed, 29-Apr-2020 14:16:29 GMT; Max-Age=2592000; path=/;Secure
content-security-policy
upgrade-insecure-requests;
x-frame-options
SAMEORIGIN
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
expires
0
last-modified
Tue, 24 Mar 2020 19:45:10 GMT
vary
Accept-Encoding,User-Agent
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
57c272dd3e94ce3b-LHR
content-encoding
br
css
fonts.googleapis.com/ 		15 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2dda7ea92135dcf21660d4d79391d303fc38f6a6524ae74bbe2986f1d2e990d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 30 Mar 2020 14:16:29 GMT
server
ESF
date
Mon, 30 Mar 2020 14:16:29 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 30 Mar 2020 14:16:29 GMT
bootstrap.css
www.bleepstatic.com/css/redesign/ 		111 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/bootstrap.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
age
2716
cf-polished
origSize=137522
status
200
cf-bgj
minify
last-modified
Fri, 23 Sep 2016 14:33:06 GMT
server
cloudflare
etag
W/"2184297232"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
57c272e13c8edc07-LHR
expires
Sat, 23 Mar 2019 05:29:58 GMT
main.css
www.bleepstatic.com/css/redesign/ 		51 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
age
2200330
cf-polished
origSize=60842
status
200
cf-bgj
minify
last-modified
Thu, 16 Aug 2018 15:28:40 GMT
server
cloudflare
etag
W/"4249134023"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
57c272e13c94dc07-LHR
expires
Tue, 12 Nov 2019 07:00:33 GMT
home.css
www.bleepstatic.com/css/redesign/ 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/home.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
age
1456
cf-polished
origSize=14998
status
200
cf-bgj
minify
last-modified
Sat, 24 Mar 2018 16:18:00 GMT
server
cloudflare
etag
W/"2402535603"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
57c272e13c95dc07-LHR
expires
Thu, 28 Mar 2019 00:17:49 GMT
news.css
www.bleepstatic.com/css/redesign/ 		27 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/news.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d44b93a0af159f0d547d7ec89e9227a5667ce1171bc630e6fbf79dae0e596e2d

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
age
1433
cf-polished
origSize=32905
status
200
cf-bgj
minify
last-modified
Tue, 26 Nov 2019 02:56:16 GMT
server
cloudflare
etag
W/"400467278"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
57c272e13c96dc07-LHR
expires
Tue, 31 Dec 2019 03:31:34 GMT
jquery-1.11.1.min.js
www.bleepstatic.com/js/redesign/ 		94 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/jquery-1.11.1.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 23 Apr 2015 12:36:44 GMT
server
cloudflare
age
2450268
etag
W/"3647451394"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
max-age=3024000
cf-ray
57c272e13c99dc07-LHR
access-control-allow-origin
*
expires
Mon, 06 Apr 2020 05:38:41 GMT
news.js
www.bleepstatic.com/js/redesign/ 		183 B
252 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/news.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
age
2537900
cf-polished
origSize=247
status
200
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 15:41:46 GMT
server
cloudflare
etag
W/"4218930423"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
57c272e13c9adc07-LHR
expires
Sun, 05 Apr 2020 05:18:09 GMT
connatix.renderer.infeed.min.js
cdn.connatix.com/min/ 		957 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
58f598cb4a5fc9cc01e87e4efb8a626e494a7a20024fbfcadfd1811055951dbb

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
via
1.1 varnish
server
Varnish
age
0
x-cache
HIT
content-type
application/javascript
status
200
x-referer-host
bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
x-cache-hits
0
accept-ranges
bytes
x-timer
S1585577790.666186,VS0,VE0
content-length
957
retry-after
0
x-served-by
cache-hhn4050-HHN
qc-consent.js
www.bleepstatic.com/js/qc-consent/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
age
2780
cf-polished
origSize=3848
status
200
cf-bgj
minify
last-modified
Thu, 07 Feb 2019 13:49:44 GMT
server
cloudflare
etag
W/"3981350888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
57c272e1de46dc07-LHR
expires
Thu, 07 Nov 2019 07:15:12 GMT
js
www.googletagmanager.com/gtag/ 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-91740-1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
730bfff26abc95bea2467f53e7d88821e991530afe15737608f5972b45f97abd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28637
x-xss-protection
0
last-modified
Mon, 30 Mar 2020 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 30 Mar 2020 14:16:29 GMT
logo.png
www.bleepstatic.com/images/site/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/logo.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
323696
cf-polished
origFmt=png, origSize=1882
status
200
content-disposition
inline; filename="logo.webp"
cf-bgj
imgq:85
content-length
1152
last-modified
Sat, 04 Mar 2017 04:12:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e1de49dc07-LHR
expires
Sat, 25 Apr 2020 20:21:33 GMT
brand
cse.google.com/coop/cse/
Redirect Chain
  • https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
  • https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
pfe /
Resource Hash
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 13:55:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
pfe
age
1252
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, max-age=1800
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
1181
x-xss-protection
0
expires
Mon, 30 Mar 2020 14:25:37 GMT

Redirect headers

date
Mon, 30 Mar 2020 14:16:29 GMT
x-content-type-options
nosniff
server
sffe
location
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
content-type
text/html; charset=UTF-8
status
302
cache-control
private
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
266
x-xss-protection
0
TP-Link_Archer_Router.jpg
www.bleepstatic.com/content/hl-images/2019/12/16/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/content/hl-images/2019/12/16/TP-Link_Archer_Router.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3dc801f28e8d12c45aeebe900178050e25dc0ec56fe996821119a923df6ead8

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
963424
cf-polished
qual=85, origFmt=jpeg, origSize=167282
status
200
content-disposition
inline; filename="TP-Link_Archer_Router.webp"
cf-bgj
imgq:85
content-length
27054
last-modified
Mon, 16 Dec 2019 21:24:24 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e1de4bdc07-LHR
expires
Sat, 18 Apr 2020 10:39:25 GMT
dns-servers.jpg
www.bleepstatic.com/images/news/malware/v/vidar-covid-dns-hijack/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/news/malware/v/vidar-covid-dns-hijack/dns-servers.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b765a8fc0b34c6f9698d83c9cbc215b7d39f9a140856e86a41c69f29027dd329

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
323163
cf-polished
qual=85, origFmt=jpeg, origSize=65671
status
200
content-disposition
inline; filename="dns-servers.webp"
cf-bgj
imgq:85
content-length
28104
last-modified
Mon, 23 Mar 2020 21:44:26 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e1de4ddc07-LHR
expires
Sat, 25 Apr 2020 20:30:26 GMT
covid-app-alert.jpg
www.bleepstatic.com/images/news/malware/v/vidar-covid-dns-hijack/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/news/malware/v/vidar-covid-dns-hijack/covid-app-alert.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7b605011a999f5b4dea5ae27d4db211fdb9832daaf6bf50bf942f8d126b5b5d

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
574957
cf-polished
qual=85, origFmt=jpeg, origSize=116712
status
200
content-disposition
inline; filename="covid-app-alert.webp"
cf-bgj
imgq:85
content-length
42168
last-modified
Mon, 23 Mar 2020 21:14:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e1de4edc07-LHR
expires
Wed, 22 Apr 2020 22:33:52 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		108 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b5770296964d94c22c5e1910d596ad954432f78031b3a2911e9e4fea39a9e839
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
39155
x-xss-protection
0
server
cafe
etag
18020887556007674622
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 30 Mar 2020 14:16:29 GMT
twitter.png
www.bleepstatic.com/images/site/login/ 		282 B
674 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/login/twitter.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
318127
cf-polished
origFmt=png, origSize=475
status
200
content-disposition
inline; filename="twitter.webp"
cf-bgj
imgq:85
content-length
282
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e1de51dc07-LHR
expires
Sat, 25 Apr 2020 21:54:22 GMT
bootstrap.js
www.bleepstatic.com/js/redesign/ 		44 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/bootstrap.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
age
2373
cf-polished
origSize=65813
status
200
cf-bgj
minify
last-modified
Thu, 23 Apr 2015 12:36:43 GMT
server
cloudflare
etag
W/"3930092018"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
57c272e1de55dc07-LHR
expires
Tue, 26 Mar 2019 04:15:43 GMT
blazy.min.js
www.bleepstatic.com/js/blazy/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/blazy/blazy.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Aug 2018 21:06:19 GMT
server
cloudflare
age
1544
etag
W/"753357888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
max-age=3024000
cf-ray
57c272e1adb3dc07-LHR
access-control-allow-origin
*
expires
Wed, 01 Jan 2020 06:03:54 GMT
bleep.js
www.bleepstatic.com/js/redesign/ 		3 KB
765 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/bleep.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
age
1542
cf-polished
origSize=3600
status
200
cf-bgj
minify
last-modified
Mon, 01 Oct 2018 12:47:57 GMT
server
cloudflare
etag
W/"2696894447"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
57c272e1de56dc07-LHR
expires
Wed, 01 Jan 2020 06:03:55 GMT
jquery.fancybox.js
www.bleepstatic.com/js/redesign/fancybox/ 		31 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
age
846
cf-polished
origSize=48706
status
200
cf-bgj
minify
last-modified
Wed, 14 Oct 2015 20:25:51 GMT
server
cloudflare
etag
W/"327140449"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
57c272e1de57dc07-LHR
expires
Tue, 03 Mar 2020 05:01:54 GMT
fixto.min.js
www.bleepstatic.com/js/fixto/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/fixto/fixto.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 13 Jun 2015 21:34:42 GMT
server
cloudflare
age
6530
etag
W/"1740214911"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
max-age=3024000
cf-ray
57c272e1adb4dc07-LHR
access-control-allow-origin
*
expires
Thu, 19 Dec 2019 04:53:37 GMT
addthis_widget.js
s9.addthis.com/js/300/ 		349 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s9.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Tue, 21 Jan 2020 20:57:37 GMT
server
nginx/1.15.8
etag
"5e2765c1-57446"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
status
200
cache-control
public, max-age=600
date
Mon, 30 Mar 2020 14:16:29 GMT
x-host
s9.addthis.com
content-length
114924
pubfig.min.js
a.pub.network/bleepingcomputer-com/ 		444 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ec121f4a397ce4d83457da94acc1da7de859966389ab40b7a50ab90a5ff26e4

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
age
55
status
200
x-guploader-uploadid
AEnB2Upspn7YDg1UYy3yrDSYF9QnYjwd-e_THLa0_JJPoJDR44Z_3cLKCYCOTrwGC-yzabeaHn-l7lhAiRQrdPWj0URCSd_1Rg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
last-modified
Fri, 27 Mar 2020 00:24:21 GMT
server
cloudflare
etag
W/"74cdaeb8114a1825b0e57ad3d7831898"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=yN4hkA==, md5=dM2uuBFKGCWw5XrT14MYmA==
content-type
application/javascript
x-goog-generation
1585268661230823
cache-control
public, max-age=1800
x-goog-stored-content-length
454880
cf-ray
57c272e1fc380eaf-FRA
expires
Mon, 30 Mar 2020 14:16:34 GMT
fab.js
ecdn.analysis.fi/static/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecdn.analysis.fi/static/js/fab.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.79.175.86 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
nb-178-79-175-86.london.nodebalancer.linode.com
Software
nginx/1.12.2 /
Resource Hash
affd87461f2babd57a2f7aec75e9193e8e71a377e8249a02c95a5f43326e289e

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Mon, 30 Mar 2020 14:25:29 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Jul 2015 00:00:00 GMT
Server
nginx/1.12.2
ETag
"55a5a280-560"
Content-Type
application/javascript
Cache-Control
max-age=3600
Connection
close
Content-Length
1376
Expires
Mon, 30 Mar 2020 15:25:29 GMT
login_bg.png
www.bleepstatic.com/images/site/ 		126 B
395 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/login_bg.png
Requested by
Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
320119
cf-polished
origFmt=png, origSize=187
status
200
content-disposition
inline; filename="login_bg.webp"
cf-bgj
imgq:85
content-length
126
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e1ee67dc07-LHR
expires
Sat, 25 Apr 2020 21:21:09 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 27 Feb 2020 08:47:06 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
2784563
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Fri, 26 Feb 2021 08:47:06 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 31 Jan 2020 00:50:19 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:58 GMT
server
sffe
age
5145970
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11020
x-xss-protection
0
expires
Sat, 30 Jan 2021 00:50:19 GMT
connatix.renderer.infeed.min_dc.js
cdns.connatix.com/p/1913/min/ Frame 0AF9 		725 KB
191 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Requested by
Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fdc625fa4f207390f0a4a7626300f3fceb1847582c1bef3ab0de3e22fab03573

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
gzip
age
254716
x-cache
HIT, HIT
status
200
content-length
194869
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17733-DCA, cache-hhn4050-HHN
last-modified
Fri, 27 Mar 2020 15:19:59 GMT
x-timer
S1585577790.772386,VS0,VE0
etag
"f79238a86404019bf6d1178c53fd97fb"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
2, 42097
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/gif
nav_bg.png
www.bleepstatic.com/images/site/ 		72 B
373 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/nav_bg.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
318349
cf-polished
origFmt=png, origSize=83
status
200
content-disposition
inline; filename="nav_bg.webp"
cf-bgj
imgq:85
content-length
72
last-modified
Sat, 04 Mar 2017 07:57:02 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e20ededc07-LHR
expires
Sat, 25 Apr 2020 21:50:40 GMT
20x20-printer.png
www.bleepstatic.com/images/site/ 		422 B
589 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/20x20-printer.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
324237
cf-polished
origFmt=png, origSize=824
status
200
content-disposition
inline; filename="20x20-printer.webp"
cf-bgj
imgq:85
content-length
422
last-modified
Sat, 03 Oct 2015 03:18:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e20ee0dc07-LHR
expires
Sat, 25 Apr 2020 20:12:32 GMT
calendar.png
www.bleepstatic.com/images/site/ 		86 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/calendar.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
318087
cf-polished
origFmt=png, origSize=129
status
200
content-disposition
inline; filename="calendar.webp"
cf-bgj
imgq:85
content-length
86
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e20ee5dc07-LHR
expires
Sat, 25 Apr 2020 21:55:02 GMT
clock.png
www.bleepstatic.com/images/site/ 		252 B
414 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/clock.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
318925
cf-polished
origFmt=png, origSize=1316
status
200
content-disposition
inline; filename="clock.webp"
cf-bgj
imgq:85
content-length
252
last-modified
Fri, 29 May 2015 07:08:14 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e20ee6dc07-LHR
expires
Sat, 25 Apr 2020 21:41:04 GMT
comment-light.png
www.bleepstatic.com/images/site/ 		96 B
372 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/comment-light.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
323326
cf-polished
origFmt=png, origSize=1034
status
200
content-disposition
inline; filename="comment-light.webp"
cf-bgj
imgq:85
content-length
96
last-modified
Fri, 29 May 2015 07:08:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e20ee7dc07-LHR
expires
Sat, 25 Apr 2020 20:27:42 GMT
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 05 Mar 2020 03:21:18 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:52 GMT
server
sffe
age
2199311
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11180
x-xss-protection
0
expires
Fri, 05 Mar 2021 03:21:18 GMT
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 05 Mar 2020 03:12:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
2199830
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11056
x-xss-protection
0
expires
Fri, 05 Mar 2021 03:12:39 GMT
cmp.js
quantcast.mgr.consensu.org/ 		264 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/cmp.js
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:6200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bc73cc3b5fbc98895f0b459237df3d9aa111098c787650e72cda7eadf27388df

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:15:58 GMT
content-encoding
gzip
last-modified
Tue, 24 Mar 2020 19:10:19 GMT
server
AmazonS3
age
740
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
status
200
x-amz-meta-qc-ineu
True
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
xU8ysY8nxGyj4kPgDaJgQAUl4w0CbGuBH2ZjhLvurlMlG2HOfWUXdw==
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
32x32-printer.png
www.bleepstatic.com/images/site/ 		256 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/32x32-printer.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
318053
cf-polished
origFmt=png, origSize=618
status
200
content-disposition
inline; filename="32x32-printer.webp"
cf-bgj
imgq:85
content-length
256
last-modified
Fri, 02 Oct 2015 21:57:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e25fd1dc07-LHR
expires
Sat, 25 Apr 2020 21:55:36 GMT
21beb902b545b086a90ec39f1df36b94.jpg
www.bleepstatic.com/author/photos/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/author/photos/21beb902b545b086a90ec39f1df36b94.jpg
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19e1dbba639ba68ceb71cdada9621e11d0aec6edba410971f1937d6cc4935b32

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
5567
cf-polished
origSize=7617, status=webp_bigger
status
200
cf-bgj
imgq:85
content-length
7581
last-modified
Mon, 26 Oct 2015 17:15:33 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e25fd2dc07-LHR
expires
Sun, 17 Mar 2019 04:29:34 GMT
before-bg.png
www.bleepstatic.com/images/site/ 		116 B
420 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/before-bg.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee9b2fe75e3a5637b840957e2f9aefedb394224a1846a731ad7ead76abf91d58

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
320739
cf-polished
origFmt=png, origSize=1026
status
200
content-disposition
inline; filename="before-bg.webp"
cf-bgj
imgq:85
content-length
116
last-modified
Fri, 29 May 2015 07:08:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e25fd5dc07-LHR
expires
Sat, 25 Apr 2020 21:10:50 GMT
news-icon-01.png
www.bleepstatic.com/images/site/ 		240 B
486 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/news-icon-01.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1af15b17fd7099b2d3a81a8b3aeffd94b26d2c1a58489c3903e11ec5a4896d3

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
320739
cf-polished
origFmt=png, origSize=1204
status
200
content-disposition
inline; filename="news-icon-01.webp"
cf-bgj
imgq:85
content-length
240
last-modified
Fri, 29 May 2015 07:09:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e25fd8dc07-LHR
expires
Sat, 25 Apr 2020 21:10:50 GMT
link-icon.png
www.bleepstatic.com/images/site/comments/ 		494 B
660 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/comments/link-icon.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef3d32ea9a9fa05f8170d164890b55e15ce39157bb9ae7e96b047c1996d22a8b

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
320918
cf-polished
origFmt=png, origSize=787
status
200
content-disposition
inline; filename="link-icon.webp"
cf-bgj
imgq:85
content-length
494
last-modified
Fri, 25 Sep 2015 17:29:04 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e25fdbdc07-LHR
expires
Sat, 25 Apr 2020 21:07:51 GMT
h4-bg.png
www.bleepstatic.com/images/site/ 		38 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/h4-bg.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
316381
cf-polished
origFmt=png, origSize=72
status
200
content-disposition
inline; filename="h4-bg.webp"
cf-bgj
imgq:85
content-length
38
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e25fe0dc07-LHR
expires
Sat, 25 Apr 2020 22:23:28 GMT
news_email_icon.png
www.bleepstatic.com/images/site/ 		126 B
403 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/news_email_icon.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a

Request headers

Referer
https://www.bleepstatic.com/css/redesign/home.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
323249
cf-polished
origFmt=png, origSize=1105
status
200
content-disposition
inline; filename="news_email_icon.webp"
cf-bgj
imgq:85
content-length
126
last-modified
Fri, 29 May 2015 07:10:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e25fe4dc07-LHR
expires
Sat, 25 Apr 2020 20:28:59 GMT
news_footer_icon.png
www.bleepstatic.com/images/site/ 		110 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/news_footer_icon.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
317670
cf-polished
origFmt=png, origSize=186
status
200
content-disposition
inline; filename="news_footer_icon.webp"
cf-bgj
imgq:85
content-length
110
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e25ff6dc07-LHR
expires
Sat, 25 Apr 2020 22:01:59 GMT
integrator.js
adservice.google.de/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.bleepingcomputer.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.bleepingcomputer.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200324/r20190131/ 		225 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200324/r20190131/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fa367d459d8a6e0e561310bffc233bcd6193fe984ecd62c34d87e6d2bbdf358b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
86411
x-xss-protection
0
server
cafe
etag
14090742720300430934
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 30 Mar 2020 14:16:29 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200324/r20190131/ Frame E51D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20200324/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20200324/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Tue, 24 Mar 2020 15:12:04 GMT
expires
Tue, 07 Apr 2020 15:12:04 GMT
content-type
text/html; charset=UTF-8
etag
10348540741379653356
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4494
x-xss-protection
0
cache-control
public, max-age=1209600
age
515065
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
6177
date
Mon, 30 Mar 2020 12:33:32 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
18174
expires
Mon, 30 Mar 2020 14:33:32 GMT
292x176_Windows_7.jpg
www.bleepstatic.com/content/hl-images/2019/10/01/thumb/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/content/hl-images/2019/10/01/thumb/292x176_Windows_7.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
721f205f2cafac9f9eaf483d8bd50ace4d4273b6b81cf86e9b2fb12c7136296e

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
33650
cf-polished
origSize=11316, status=webp_bigger
status
200
cf-bgj
imgq:85
content-length
10268
last-modified
Tue, 01 Oct 2019 18:11:11 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e35b01dc07-LHR
expires
Wed, 29 Apr 2020 04:55:38 GMT
292x176_Coronavirus-Phishing.jpg
www.bleepstatic.com/content/hl-images/2020/01/31/thumb/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/content/hl-images/2020/01/31/thumb/292x176_Coronavirus-Phishing.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f32de77da27cde4c43807033e98fcf44e498fcf6a91a6ed7fae231d6ed03cf8

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
814501
cf-polished
qual=85, origFmt=jpeg, origSize=7503
status
200
content-disposition
inline; filename="292x176_Coronavirus-Phishing.webp"
cf-bgj
imgq:85
content-length
6270
last-modified
Fri, 31 Jan 2020 23:11:34 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e35b06dc07-LHR
expires
Mon, 20 Apr 2020 04:01:28 GMT
icon1488384255.png
www.bleepstatic.com/download/product-logos/2017/03/01/ 		756 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/download/product-logos/2017/03/01/icon1488384255.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07e673ceea9740617380e286fbe77a9c10204660d33fac73ec0fdb348fcb7e

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
316074
cf-polished
origFmt=png, origSize=1889
status
200
content-disposition
inline; filename="icon1488384255.webp"
cf-bgj
imgq:85
content-length
756
last-modified
Wed, 01 Mar 2017 16:04:15 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e35b12dc07-LHR
expires
Sat, 25 Apr 2020 22:28:34 GMT
icon1471128781.png
www.bleepstatic.com/download/product-logos/2016/08/13/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/download/product-logos/2016/08/13/icon1471128781.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b0ba976f51ee59161622fc7d364c35985343adca90a2f5045e1dbb227f6bd3a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
1795631
cf-polished
origFmt=png, origSize=4801
status
200
content-disposition
inline; filename="icon1471128781.webp"
cf-bgj
imgq:85
content-length
2958
last-modified
Sat, 13 Aug 2016 22:53:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e35b17dc07-LHR
expires
Wed, 08 Apr 2020 19:29:18 GMT
icon1523304226.png
www.bleepstatic.com/download/product-logos/2018/04/09/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/download/product-logos/2018/04/09/icon1523304226.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
326436aa8a01d063bd93a19a156330d175e2805688e03959bece5246db080ac5

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
322333
cf-polished
origFmt=png, origSize=2812
status
200
content-disposition
inline; filename="icon1523304226.webp"
cf-bgj
imgq:85
content-length
1394
last-modified
Mon, 09 Apr 2018 20:03:47 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e35b1adc07-LHR
expires
Sat, 25 Apr 2020 20:44:16 GMT
icon1348083463.jpg
www.bleepstatic.com/download/product-logos/2012/09/19/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/download/product-logos/2012/09/19/icon1348083463.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ebee3fab4fdb2f178afd3d4a64d03c44b658f81ead11e46b46a5ad5b7b16663

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
318072
cf-polished
qual=85, origFmt=jpeg, origSize=1629
status
200
content-disposition
inline; filename="icon1348083463.webp"
cf-bgj
imgq:85
content-length
1074
last-modified
Wed, 19 Sep 2012 19:37:54 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e35b1edc07-LHR
expires
Sat, 25 Apr 2020 21:55:17 GMT
icon1447711295.png
www.bleepstatic.com/download/product-logos/2015/11/16/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/download/product-logos/2015/11/16/icon1447711295.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d79d851441af70ad9f139807a9cd6abd7524102f211eb8d6c23a544d59b474a1

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
cf-cache-status
HIT
age
326135
cf-polished
origFmt=png, origSize=4775
status
200
content-disposition
inline; filename="icon1447711295.webp"
cf-bgj
imgq:85
content-length
3394
last-modified
Mon, 16 Nov 2015 22:01:35 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e35b22dc07-LHR
expires
Sat, 25 Apr 2020 19:40:53 GMT
favicon.ico
ad.doubleclick.net/ 		1 KB
269 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s29-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 29 Mar 2020 15:32:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81868
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
last-modified
Tue, 08 May 2012 13:08:06 GMT
server
sffe
vary
Accept-Encoding
content-type
image/x-icon
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Mon, 30 Mar 2020 15:32:01 GMT
jquery.fancybox.css
www.bleepstatic.com/js/redesign/fancybox/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
age
793
cf-polished
origSize=4895
status
200
cf-bgj
minify
last-modified
Wed, 14 Oct 2015 20:25:51 GMT
server
cloudflare
etag
W/"9108074"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
57c272e36b34dc07-LHR
expires
Tue, 03 Mar 2020 05:01:55 GMT
font-awesome.css
www.bleepstatic.com/css/redesign/ 		22 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/font-awesome.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Mon, 30 Mar 2020 14:16:29 GMT
content-encoding
br
cf-cache-status
HIT
age
2712
cf-polished
origSize=26776
status
200
cf-bgj
minify
last-modified
Tue, 03 May 2016 04:39:29 GMT
server
cloudflare
etag
W/"1700274315"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
57c272e36b36dc07-LHR
expires
Thu, 07 Nov 2019 07:15:15 GMT
g
ck.connatix.com/ 		46 B
235 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ck.connatix.com/g?callback=cnxJSONP_5f1992afb010cf17c60a1585577789995
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
6c3a4f8211d703d19a0eb79db9b2164e6ed88180e6a7ca7883d216c920ff3219

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
via
1.1 varnish
server
Varnish
age
0
x-cache
HIT
status
200
cache-control
no-cache, no-store, must-revalidate, max-age=0
x-cache-hits
0
accept-ranges
bytes
x-timer
S1585577790.113642,VS0,VE0
content-length
46
retry-after
0
x-served-by
cache-fra19128-FRA
cmp-3pc-check.html
static.quantcast.mgr.consensu.org/v32/ Frame EC7C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://static.quantcast.mgr.consensu.org/v32/cmp-3pc-check.html
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20eb:5000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

:method
GET
:authority
static.quantcast.mgr.consensu.org
:scheme
https
:path
/v32/cmp-3pc-check.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
content-type
text/html
content-length
645
last-modified
Tue, 24 Mar 2020 19:10:15 GMT
x-amz-server-side-encryption
AES256
accept-ranges
bytes
server
AmazonS3
date
Mon, 30 Mar 2020 14:15:25 GMT
etag
"55b98270d639ef0c34781d9f03cce91f"
x-cache
Hit from cloudfront
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfd.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
axz7Kiqghz2BLV_y1JN5hOeLnxdz3YiRiGFp3uMXH3hIkJXn52YVqg==
age
400
moatframe.js
z.moatads.com/addthismoatframe568911941483/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.185.246 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-246.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
3DA20F33DFB043F4
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=28110
accept-ranges
bytes
content-length
948
x-amz-id-2
g7+QTkfgFpKXdjIV1ns3PedgNVHG4mi9TLupYfjziOmGieTRD5DTu0V21U3C4oqBbTG5njMGxL0=
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/ 		2 KB
855 B 		Script
General
Check archive.org
Download Go to
Full URL
https://v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/_ate.track.config_resp
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6d23d10111755a12c87198df1c71cce449de31eca9643030c6327a2157f9bd86

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
content-encoding
gzip
etag
-1659864586--gzip
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
public, max-age=17, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
678
cookie
d.pub.network/ 		36 B
472 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.pub.network/cookie
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
214.71.188.35.bc.googleusercontent.com
Software
/
Resource Hash
74db3eb5dd675696fef5b98ed8f6b659e9b15053923763a5f21abf4eec93cbd9

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 30 Mar 2020 14:16:30 GMT
Access-Control-Allow-Credentials
true
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
gpt.js
www.googletagservices.com/tag/js/ 		44 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
020e567f654a6c0dc4b827887b79dd5628f585dc27c5abdf17dbbde6ab920b82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"471 / 272 of 1000 / last-modified: 1585413544"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
14712
x-xss-protection
0
expires
Mon, 30 Mar 2020 14:16:30 GMT
gallery.js
freestar-io.videoplayerhub.com/ 		101 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freestar-io.videoplayerhub.com/gallery.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-104.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ad4d57b8c2ac583a0b890f4bd88990ecbe76a7e1463f2508dd7cde85fa55aad9

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
HyfDQPRwTVUvKVqE3e.nnmfw7fIrXN8d
Content-Encoding
gzip
Last-Modified
Tue, 24 Mar 2020 16:08:09 GMT
Server
AmazonS3
Age
79
Date
Mon, 30 Mar 2020 14:15:52 GMT
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 0c17d43ed0068cac968c920774378b84.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
X-Amz-Cf-Pop
DUS51-C1
Connection
keep-alive
X-Amz-Cf-Id
ihVky55l2cydiTN3pM2QranONhfj5ey97nxXGSweYpB6aIb7OLNYDw==
prebid-analytics-3.11.0.js
a.pub.network/core/ 		364 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/core/prebid-analytics-3.11.0.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23aca4890fe8b2728dcab78ee9f3b9614cd6cdb0dab2b785d2f8d2d666247cac

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
content-encoding
br
cf-cache-status
BYPASS
status
200
x-guploader-uploadid
AEnB2UpmCFySIrkJtcc71EIjP4HMa6bIpQzacR_1y_8xBBWS0n18yWzZWLV9kWLioMiK0qsH-ACONBS0ZGD11RmRiNu2YKdlaw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
content-type
text/html
last-modified
Thu, 12 Mar 2020 16:03:13 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=jXxawA==, md5=N4XMnjSG82gI3oX56Od5vA==
content-language
en
x-goog-generation
1584028993632199
cache-control
private
x-goog-stored-content-length
372446
cf-ray
57c272e47c510eaf-FRA
expires
Tue, 30 Mar 2021 14:16:30 GMT
location
d.pub.network/ 		54 B
501 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.pub.network/location
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
214.71.188.35.bc.googleusercontent.com
Software
/
Resource Hash
2e1c86ee79328b2434b4fccdbbd26a736bd2b6f413948c1a2042d4d7a89c361f

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 30 Mar 2020 14:16:30 GMT
Access-Control-Allow-Credentials
true
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding
chunked
Content-Type
application/json
collect
www.google-analytics.com/r/ 		35 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j81&a=669732870&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&ul=en-us&de=UTF-8&dt=Hackers%20Hijack%20Routers%E2%80%99%20DNS%20to%20Spread%20Malicious%20COVID-19%20Apps&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1888292892&gjid=488645780&cid=1950450585.1585577790&tid=UA-91740-1&_gid=1364894557.1585577790&_r=1&gtm=2ou3i0&z=2095461424
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
cmpui-popup.js
static.quantcast.mgr.consensu.org/v32/ 		266 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.quantcast.mgr.consensu.org/v32/cmpui-popup.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20eb:5000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
10e73f57ed1405cdfe501a57b808fe434d5c073966be89bd7cc917e485c8bda6

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:10:18 GMT
content-encoding
gzip
last-modified
Tue, 24 Mar 2020 19:10:15 GMT
server
AmazonS3
age
1041
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
status
200
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
bIvkmNyjspfqsaGAoP4GlPswmOijB9SAoZOOA1oxsiGlGjk-4yeatg==
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfd.cloudfront.net (CloudFront)
fontawesome-webfont.woff
www.bleepstatic.com/fonts/ 		64 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200324/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

Referer
https://www.bleepstatic.com/css/redesign/font-awesome.css
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
cf-cache-status
HIT
last-modified
Thu, 23 Apr 2015 09:36:00 GMT
server
cloudflare
age
1512
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
status
200
accept-ranges
bytes
cf-ray
57c272e52b45f427-LHR
access-control-allow-origin
*
content-length
65452
pls
core.connatix.com/ Frame 0AF9 		17 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://core.connatix.com/pls?callback=jQuery32105942148473464752_1585577789990&token=83c6e833-8c07-474c-b10f-079d46320a80&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&c_v=1913_1_0_0_0&page_guid=4d663069c8bd467cb6c51585577790229&spp=1&_=1585577789991
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.134.22 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-134-22.compute-1.amazonaws.com
Software
nginx/1.15.9 (Ubuntu) /
Resource Hash
5c1e3db17bdb4e8c71da2456ab46ff43453cdc1fb3e74bc1b5b6d92effd8b2d2

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

status
200
date
Mon, 30 Mar 2020 14:16:30 GMT
content-encoding
gzip
server
nginx/1.15.9 (Ubuntu)
access-control-allow-origin
*
layers.ab5cd98fe1b9a38a4a9f.js
s7.addthis.com/static/ 		263 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 18 Sep 2019 14:16:17 GMT
server
nginx/1.15.8
etag
W/"5d823c31-41b9f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Mon, 30 Mar 2020 14:16:30 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77528
pubads_impl_2020032302.js
securepubads.g.doubleclick.net/gpt/ 		168 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032302.js?21065769
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
sffe /
Resource Hash
26fd020a6c1f169eab6b6232014e6e6d067788f63a8995b682ee77d6f41b56cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 23 Mar 2020 17:22:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
62957
x-xss-protection
0
expires
Mon, 30 Mar 2020 14:16:30 GMT
vendorlist.json
vendorlist.consensu.org/ 		95 KB
18 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vendorlist.consensu.org/vendorlist.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2156:d000:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1f71cda9ecc5006fb453c9761058c0828d30d4a7f891283718da1b545ab2afb1

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 26 Mar 2020 16:10:46 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age
338745
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Thu, 26 Mar 2020 16:00:32 GMT
server
AmazonS3
access-control-max-age
604800
access-control-allow-methods
GET
x-amz-version-id
EUWGyjsu5r7VdMzn2Ehby5QynGejxuEd
via
1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cache-control
max-age=604800
x-amz-cf-pop
FRA50-C1
content-type
application/json; charset=utf-8
x-amz-cf-id
y3gQjlk7sFHE6ImN6Bn23DrhDAEScMT8ap9oYQBOKPNYkmNawz8gsQ==
CookieAccess
api.quantcast.mgr.consensu.org/ 		30 B
596 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.quantcast.mgr.consensu.org/CookieAccess
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.224.194.97 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-97.fra2.r.cloudfront.net
Software
/
Resource Hash
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
content-encoding
gzip
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
3945be0e-31b4-4582-a229-0d7dd6bfec65
x-cache
Error from cloudfront
status
404
x-amz-apigw-id
KNTRxHvvoAMFxoA=
content-length
50
access-control-allow-origin
https://www.bleepingcomputer.com
x-amzn-trace-id
Root=1-5e81ff3e-8b757d35161cf5039cffc3ec;Sampled=0
vary
Origin
access-control-allow-methods
GET, POST
content-type
application/json
via
1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront)
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
x-amz-cf-id
fBLqQ1-YMlWYXtw43RPM3iciCOE2y3WHEKYbiKOdN8f01JNPbtP4Ag==
apstag.js
c.amazon-adsystem.com/aax2/ 		87 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
Server /
Resource Hash
ac2a58f9d55c4642121cfb6f7e213cbc882bbdd75ef171ca8a07ed982ef693ce

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Sun, 29 Mar 2020 21:53:51 GMT
content-encoding
gzip
server
Server
age
58958
etag
1dcfbf3986ee8b9c3abbc67eb808ab43
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=86400
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
DTCmS3IXznR8cKMRCOlSxihxbOPAzujchga09YVMwvtE976eUZ06VQ==
via
1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
v2
d.pub.network/floors/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.pub.network/floors/v2?key=535desktop
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
214.71.188.35.bc.googleusercontent.com
Software
/
Resource Hash
de653a4c0ef4db4ea4b8febf435c02768c3c525bbe1edf20d4db4c068904693a

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 30 Mar 2020 14:16:30 GMT
Access-Control-Allow-Credentials
true
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding
chunked
Content-Type
application/json
beacon.js
ad-delivery.net/ 		1 KB
988 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/beacon.js
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.97.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-97-120.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
null
content-encoding
gzip
last-modified
Tue, 31 Jan 2017 15:06:54 GMT
server
AmazonS3
age
584
date
Mon, 30 Mar 2020 14:06:50 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=3600
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
d9Xn97nTUWaqJf20vtToCaZwk63jwy6C83hJXfDK99RkRvT_ndgxmg==
via
1.1 32c8da10203574baccb74b8f771a7ffb.cloudfront.net (CloudFront)
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 02:29:40 GMT
content-encoding
gzip
vary
Origin
age
42411
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Thu, 05 Mar 2020 08:28:46 GMT
server
AmazonS3
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
bLL52G31HmhHsE8xQJGGmKiVlnnkqA82DxSsaXzMJKaJZxbyxbVtKw==
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
378 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&pid=gGwyLaAjQUrVz&cb=0&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_1%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_1%22%7D%2C%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_3%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
via
1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
_BmzyxEbgHl44Y73ykfq8dUlTov7FbxvOhKRQJnDvrvpeJXX9FUk6Q==
truncated
/ 		175 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		715 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
g
rtb.connatix.com/ 		368 B
397 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rtb.connatix.com/g?c_pw=834&c_ph=469&c_tk=414C33DE-F293-46CF-ABF8-135274D262E2&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&c_ivt=0&connatix_sess=ACO91dxdEuyJfRcKXtX3Skixg6db-71BWJ7NQFQjnHcn8OV2PTVVZuOfTPQgBW5VRAoh_0XQpALN9yvFSRt7ZkN_jBcMaNm5g9gjT5q_q6wb41tl_7k0WWiopPzPntsF3rI6StyED0VFBQ1wLOPh7CZCMW0D7o5pXzuSFKck58O9VR-gnHq4S-usPbz6q9pu&notServed=false&xplr=true&c_s=false&c_pl=eTqau3qD29oYq8I9Ehs-BiYR5kMQCLOKmx2ZZUxyPx6iMYW63-nT1dj61AKMRTO6ccF9KkvctxvHtmicYuoltkqfq3A3oXtljHTySM0E_AWyELhfOB6NSi9VyW5MaogV0AqOT6YpqEcCwLRwVTyraukW-EQXOs7VbrtvckHwaTCe5u63ezCzXAPN7dAmpAqS6eRC0pCx_HTSvasMZFi0IS8BviDwp_yK-_MJHjYomQY&gdpr=1&is_ccpa_b=false&med_id=639404&req_no=0&v=1&c_pt=1&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-&c_v=1913_1_0_0_0&spp=1&callback=cnxJSONP_4b25415b6ebeb5399afb1585577790591
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.202.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-202-13.compute-1.amazonaws.com
Software
nginx/1.15.9 (Ubuntu) /
Resource Hash
c7d59d646f069c41078b0ab8a42c0b5257c2e430cb18a7778a4c39e2b929f1f7

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 30 Mar 2020 14:16:31 GMT
Content-Encoding
gzip
Server
nginx/1.15.9 (Ubuntu)
Connection
keep-alive
Content-Length
209
430.jpg
i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/ 		55 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/430.jpg?mode=stretch&connatiximg=true&scale=both&height=469&width=834
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8a43626e86ef274257cbb15c087c19b31c2fc6b9b73103bcc3c6d11dd946b1ad

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
via
1.1 varnish, 1.1 varnish
age
40066
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
1, 1
accept-ranges
bytes
x-timer
S1585577791.614274,VS0,VE1
access-control-allow-origin
*
content-length
56543
x-served-by
cache-sjc10036-SJC, cache-fra19128-FRA
1.jpg
i.connatix.com/s3/connatix-uploads/d174def5-e20d-4c2f-b5b4-8295a0f5c0e5/ 		70 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-uploads/d174def5-e20d-4c2f-b5b4-8295a0f5c0e5/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
05384e529aae09f18098070cbcd81607bfa405388603eb76b723382f9fa137be

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
via
1.1 varnish, 1.1 varnish
age
40066
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
3, 1
accept-ranges
bytes
x-timer
S1585577791.614145,VS0,VE1
access-control-allow-origin
*
content-length
71527
x-served-by
cache-sjc10044-SJC, cache-fra19128-FRA
1.jpg
i.connatix.com/s3/connatix-uploads/9719a799-b66f-442f-a320-40738dd9222b/ 		43 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-uploads/9719a799-b66f-442f-a320-40738dd9222b/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a73eec63509189c5aa87b69d8e75e592753ce35d78a67415640885ea11063564

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
via
1.1 varnish, 1.1 varnish
age
40067
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
3, 1
accept-ranges
bytes
x-timer
S1585577791.615057,VS0,VE1
access-control-allow-origin
*
content-length
43625
x-served-by
cache-sjc10035-SJC, cache-fra19128-FRA
1.jpg
i.connatix.com/s3/connatix-uploads/806c820a-c804-4208-b148-800e14895703/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-uploads/806c820a-c804-4208-b148-800e14895703/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c6eb01c6597be5f791aef96132bce0fca34ea84482975537f578596e5739c2d9

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
via
1.1 varnish, 1.1 varnish
age
126639
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
2, 1
accept-ranges
bytes
x-timer
S1585577791.614991,VS0,VE1
access-control-allow-origin
*
content-length
23355
x-served-by
cache-sjc10051-SJC, cache-fra19128-FRA
1.jpg
i.connatix.com/s3/connatix-uploads/eaf5d728-2e08-4796-a180-e61286b8a28f/ 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-uploads/eaf5d728-2e08-4796-a180-e61286b8a28f/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3985138ec9f20274add57d7e909f751ea4d77e705036a95fb34a328249c735a6

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
via
1.1 varnish, 1.1 varnish
age
213181
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
2, 1
accept-ranges
bytes
x-timer
S1585577791.615046,VS0,VE1
access-control-allow-origin
*
content-length
46225
x-served-by
cache-sjc10034-SJC, cache-fra19128-FRA
1.jpg
i.connatix.com/s3/connatix-uploads/dd31e8f0-c23f-458e-b0ca-322957294e7e/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-uploads/dd31e8f0-c23f-458e-b0ca-322957294e7e/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c2b3b8e710bb657c06e9d5c969939dae7a40371f5d3210c6390e5161bfea44b6

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
via
1.1 varnish, 1.1 varnish
age
213181
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
1, 1
accept-ranges
bytes
x-timer
S1585577791.615002,VS0,VE1
access-control-allow-origin
*
content-length
53244
x-served-by
cache-sjc10047-SJC, cache-fra19128-FRA
bleeping-computerlogo-lg.png
www.bleepstatic.com/logos/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/logos/bleeping-computerlogo-lg.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
cf-cache-status
HIT
age
317663
cf-polished
origFmt=png, origSize=15281
status
200
content-disposition
inline; filename="bleeping-computerlogo-lg.webp"
cf-bgj
imgq:85
content-length
7156
last-modified
Wed, 07 Jan 2015 22:52:15 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
57c272e74858dc07-LHR
expires
Sat, 25 Apr 2020 22:02:07 GMT
0_th_1.jpg
i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/ Frame 0AF9 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/0_th_1.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
via
1.1 varnish, 1.1 varnish
age
24726827
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
1, 1
accept-ranges
bytes
x-timer
S1585577791.705285,VS0,VE1
access-control-allow-origin
*
content-length
23507
x-served-by
cache-sjc3144-SJC, cache-fra19128-FRA
av
connatix-d.openx.net/v/1.0/ Frame 0AF9
Redirect Chain
  • https://connatix-d.openx.net/v/1.0/av?auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malic...
  • https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=4ede751c4459021701811585577790592&vwd=834&vht=469&gdpr=1&gdpr_consent=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
via
1.1 google
server
OXGW/16.182.1
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=4ede751c4459021701811585577790592&vwd=834&vht=469&gdpr=1&gdpr_consent=
p3p
CP="CUR ADM OUR NOR STA NID"
status
302
access-control-allow-credentials
true
alt-svc
clear
content-length
0

Redirect headers

date
Mon, 30 Mar 2020 14:16:30 GMT
via
1.1 google
server
OXGW/16.182.1
status
302
location
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=4ede751c4459021701811585577790592&vwd=834&vht=469&gdpr=1&gdpr_consent=
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
alt-svc
clear
content-length
0
p2
sb.scorecardresearch.com/ Frame 0AF9
Redirect Chain
  • https://sb.scorecardresearch.com/p?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1585577790620&ns_st_ec=1&ns_st_sp=1&ns...
  • https://sb.scorecardresearch.com/p2?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1585577790620&ns_st_ec=1&ns_st_sp=1&n...
43 B
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p2?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1585577790620&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=30000&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_ts=1585577790622&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=1&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&c8=&c9=&cs_ucfr=0
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.74.100.205 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-74-100-205.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:30 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Expires
Mon, 01 Jan 1990 00:00:00 GMT
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Location
https://sb.scorecardresearch.com/p2?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1585577790620&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=30000&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_ts=1585577790622&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=1&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&c8=&c9=&cs_ucfr=0
Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:30 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
g
rtb.connatix.com/ 		426 B
403 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=414C33DE-F293-46CF-ABF8-135274D262E2&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&c_ivt=0&connatix_sess=ACO91dxdEuyJfRcKXtX3Skixg6db-71BWJ7NQFQjnHcn8OV2PTVVZuOfTPQgBW5VRAoh_0XQpALN9yvFSRt7ZkN_jBcMaNm5g9gjT5q_q6wb41tl_7k0WWiopPzPntsF3rI6StyED0VFBQ1wLOPh7CZCMW0D7o5pXzuSFKck58O9VR-gnHq4S-usPbz6q9pu&notServed=false&xplr=true&c_s=false&c_pl=eTqau3qD29oYq8I9Ehs-BiYR5kMQCLOKmx2ZZUxyPx6iMYW63-nT1dj61AKMRTO6ccF9KkvctxvHtmicYuoltkqfq3A3oXtljHTySM0E_AWyELhfOB6NSi9VyW5MaogV0AqOT6YpqEcCwLRwVTyraukW-EQXOs7VbrtvckHwaTCe5u63ezCzXAPN7dAmpAqS6eRC0pCx_HTSvasMZFi0IS8BviDwp_yK-_MJHjYomQY&gdpr=1&is_ccpa_b=false&med_id=639404&req_no=1&v=2&c_pt=1&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-&c_v=1913_1_0_0_0&spp=1&callback=cnxJSONP_6b1226c15d14f62127061585577790625
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.202.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-202-13.compute-1.amazonaws.com
Software
nginx/1.15.9 (Ubuntu) /
Resource Hash
550e6f0a9e642765e3364893858e8d9bbc309d57f9aa9bbae50753df3dc327b0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 30 Mar 2020 14:16:31 GMT
Content-Encoding
gzip
Server
nginx/1.15.9 (Ubuntu)
Connection
keep-alive
Content-Length
215
r
trk.connatix.com/ Frame 0AF9 		0
162 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trk.connatix.com/r?connatix_sess=ACO91dxdEuyJfRcKXtX3Skixg6db-71BWJ7NQFQjnHcn8OV2PTVVZuOfTPQgBW5VRAoh_0XQpALN9yvFSRt7ZkN_jBcMaNm5g9gjT5q_q6wb41tl_7k0WWiopPzPntsF3rI6StyED0VFBQ1wLOPh7CZCMW0D7o5pXzuSFKck58O9VR-gnHq4S-usPbz6q9pu&videoID=639404&c_pl=eTqau3qD29oYq8I9Ehs-BiYR5kMQCLOKmx2ZZUxyPx6iMYW63-nT1dj61AKMRTO6ccF9KkvctxvHtmicYuoltkqfq3A3oXtljHTySM0E_AWyELhfOB6NSi9VyW5MaogV0AqOT6YpqEcCwLRwVTyraukW-EQXOs7VbrtvckHwaTCe5u63ezCzXAPN7dAmpAqS6eRC0pCx_HTSvasMZFi0IS8BviDwp_yK-_MJHjYomQY&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-&c_v=1913_1_0_0_0&spp=1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.6.68.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-6-68-76.compute-1.amazonaws.com
Software
nginx/1.15.9 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 30 Mar 2020 14:16:30 GMT
Server
nginx/1.15.9 (Ubuntu)
Connection
keep-alive
Content-Length
0
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
258 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=4ede751c4459021701811585577790592&vwd=834&vht=469&gdpr=1&gdpr_consent=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:30 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 350E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1585079110&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1585577789951&bpp=5&bdt=389&fdt=249&idt=249&shv=r20200324&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5687104499172&frm=20&pv=2&ga_vid=1950450585.1585577790&ga_sid=1585577791&ga_hid=669732870&ga_fc=0&iag=0&icsg=2260595949182976&dssz=52&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=44713363&oid=3&pvsid=2560246634520143&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=778
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200324/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1585079110&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1585577789951&bpp=5&bdt=389&fdt=249&idt=249&shv=r20200324&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5687104499172&frm=20&pv=2&ga_vid=1950450585.1585577790&ga_sid=1585577791&ga_hid=669732870&ga_fc=0&iag=0&icsg=2260595949182976&dssz=52&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=44713363&oid=3&pvsid=2560246634520143&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=778
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Mon, 30 Mar 2020 14:16:30 GMT
server
cafe
content-length
34
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Mon, 30-Mar-2020 14:31:30 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
expires
Mon, 30 Mar 2020 14:16:30 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/ 		74 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200324/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a323f4957960c6c1cf494dc3b52e1e38a97a152bedf3b9a78df4d6b60c9d00b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1585308637081045"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
27959
x-xss-protection
0
expires
Mon, 30 Mar 2020 14:16:30 GMT
/
audit.quantcast.mgr.consensu.org/ 		80 B
487 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://audit.quantcast.mgr.consensu.org/?log=;1585577790776;BleepingComputer.com;https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F;;;;;p,off,false,,1,en,32,195,true,false,false;displayConsentUi:mandatory,;GDPR-i5ytefsunamx4djs0io2
Requested by
Host: static.quantcast.mgr.consensu.org
URL: https://static.quantcast.mgr.consensu.org/v32/cmpui-popup.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.73.111 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-73-111.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 06:32:27 GMT
via
1.1 56fad5a50ef67bd961b9722ed0931839.cloudfront.net (CloudFront)
vary
Origin
age
27844
x-cache
Hit from cloudfront
status
200
content-length
80
last-modified
Mon, 11 Jun 2018 22:07:34 GMT
server
AmazonS3
etag
"0614149d8033903db5de46d6c184bbfd"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/html
access-control-allow-origin
*
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
loBTNKmyHGYhzGXLkorUc9cKrvP3s4_6-CTkEN7S-n_3G-2GDvOWAw==
ad
ssp.lkqd.net/ Frame 0AF9 		168 B
362 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.lkqd.net/ad?pid=593&sid=1081146&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=834&height=470&dnt=[do_not_track]&gdpr=1&gdprcs=&ip=185.141.207.254&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentid=[content_id]&contenttitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&contentlength=30&contenturl=[content_url]&rnd=5e06d566062c259f38761585577790787&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.20.132.163 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx /
Resource Hash
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:31 GMT
server
nginx
status
200
content-type
application/xml; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
168
jquery.color-2.1.2.min.js
cluster-na.cdnjquery.com/color/ 		91 B
355 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cluster-na.cdnjquery.com/color/jquery.color-2.1.2.min.js?integrity=btjsonpcallback1585577790888&checksum=%7B%22cbc%22%3A0%2C%22st%22%3A2%2C%22au%22%3A%5B%5D%2C%22hau%22%3A%5B%5D%2C%22ref%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F%22%2C%22aa%22%3A3%2C%22pgid%22%3A%220d127d91-7291-11ea-8792-5a951302d2b3%22%2C%22v%22%3A1%2C%22format%22%3A%22jsonp%22%7D&o=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&csVersion=1.21.48&clearThroughOptions=undefined
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.200.100.213 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-200-100-213.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
af8d360b83f9586815aedaaf4caec2268f593eea1a384ca720cc2c0e45f059f9
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Mon, 30 Mar 2020 14:16:31 GMT
Content-Encoding
gzip
Server
nginx/1.12.1
ETag
W/"5b-I0KbOK50rXNKBL8fCrOjkWly8/Q"
X-Frame-Options
DENY
Content-Type
text/javascript; charset=utf-8
Charset
utf8
Connection
keep-alive
Content-Length
83
px.gif
ad-delivery.net/ 		43 B
386 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.39975293622418584
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.97.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-97-120.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

x-amz-version-id
null
via
1.1 32c8da10203574baccb74b8f771a7ffb.cloudfront.net (CloudFront)
last-modified
Thu, 27 Jul 2017 18:59:05 GMT
server
AmazonS3
age
26007
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache
Hit from cloudfront
content-type
image/gif
status
200
date
Mon, 30 Mar 2020 07:03:03 GMT
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
43
x-amz-cf-id
TQt_xG7WbFxBe8qViqAerB6WUrjANykihN7MskZ9u-R8KOGvbc-dIQ==
48.008759e9efe1c1b693dd.js
s7.addthis.com/static/ 		281 B
486 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/48.008759e9efe1c1b693dd.js
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 18 Sep 2019 14:16:17 GMT
server
nginx/1.15.8
etag
W/"5d823c31-119"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Mon, 30 Mar 2020 14:16:31 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
246
/
graph.facebook.com/ 		312 B
424 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?id=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_57qa0
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
21b4067726509ed110ada17d602f5d55e4b532f54dc429e31db47a19216d5a49
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
date
Mon, 30 Mar 2020 14:16:31 GMT, Mon, 30 Mar 2020 14:16:31 GMT
x-fb-rev
1001916427
alt-svc
h3-27=":443"; ma=3600
content-length
223
pragma
no-cache
x-fb-debug
BO3pVEahI5aOqRW24ZOXolWBttrd9wVJ3mT447iYHuuVqU6iMsGREoYUc5UnAzbqY7B4vNCFrTV1JXtDZdpdMQ==
x-fb-trace-id
A4X1tCaZhnt
etag
"4161c4592eba7dbcd9c09f4b3c95abdd71f092e7"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
A1aN_9aPm9ixR1XH5rxqTxr
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.12
expires
Sat, 01 Jan 2000 00:00:00 GMT
info.json
www.reddit.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reddit.com/api/info.json?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&jsonp=_ate.cbs.rcb_iid30
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.53.140 Manchester, United Kingdom, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
7f7123623c7614aff32fcb37a868c9376e627cf52b4584a56f0c97aec6fcba04
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 varnish
x-cache
MISS
status
200
x-cache-hits
0
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-length
1724
x-xss-protection
1; mode=block
x-served-by
cache-man4142-MAN
x-moose
majestic
server
snooserv
x-timer
S1585577791.201974,VS0,VE243
x-frame-options
SAMEORIGIN
vary
accept-encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
X-Moose
cache-control
private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible
IE=edge
accept-ranges
bytes
expires
-1
/
graph.facebook.com/ 		148 B
603 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?id=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_eqv80
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c6c1f15a97cb23a8fa6832a70a837283b0b7ad060a6f881ef10caa07b70d50cd
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15552000; preload
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
date
Mon, 30 Mar 2020 14:16:31 GMT, Mon, 30 Mar 2020 14:16:31 GMT
x-fb-rev
1001916427
alt-svc
h3-27=":443"; ma=3600
content-length
148
pragma
no-cache
x-fb-debug
o3eXYvK0RlptROwZACfKcLldIfd28zqxG+G3iFN4dkaS0Si7wtBn0ZYTG6Wy07LQta8zGuedZjljXQuxfRuTog==
x-fb-trace-id
DKa0RFopA9p
etag
"b4cb1bd791c0e0996d9ac79cd087216be79fb394"
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
Ay8cHptiRt3gogWRygiqgoK
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.12
expires
Sat, 01 Jan 2000 00:00:00 GMT
info.json
www.reddit.com/api/ 		126 B
669 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reddit.com/api/info.json?url=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&jsonp=_ate.cbs.rcb_1tfb0
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.53.140 Manchester, United Kingdom, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
21fe29283166098d1f145d5da7a638f78d4aa0e528145163a7caa1fc0327e12e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:31 GMT
via
1.1 varnish
x-content-type-options
nosniff
x-cache
MISS
status
200
x-cache-hits
0
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-length
126
x-xss-protection
1; mode=block
x-served-by
cache-man4142-MAN
x-moose
majestic
server
snooserv
x-timer
S1585577791.202017,VS0,VE114
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
X-Moose
cache-control
private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible
IE=edge
accept-ranges
bytes
expires
-1
tag
slckg-4znyf.ads.tremorhub.com/ad/ Frame 0AF9 		119 B
462 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://slckg-4znyf.ads.tremorhub.com/ad/tag?adCode=slckg-txvud&playerWidth=834&playerHeight=470&playerPosition=1&mediaTitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&mediaDesc=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&mediaId=639404&mediaUrl=&srcPageUrl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentLength=30&gdpr=1&gdpr_consent=&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:612b:4216:e78e:8f3d:d54e:ee23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
5616a6e1823b43919f7d1a33817cccfa1d9f30c9f10f2deb00d9c3671f91d5f0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:31 GMT
content-encoding
gzip
server
Apache-Coyote/1.1
status
200
vary
accept-encoding
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-tremorvideo-status
NO_AD
content-type
text/xml;charset=UTF-8
sodar
pagead2.googlesyndication.com/getconfig/ 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200324&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200324/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e32ca9943f71543ca9942938fabe2ffecab7eb6c6756151a47b806043b0f679b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 30 Mar 2020 14:16:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5191
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200324/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5456
x-xss-protection
0
expires
Mon, 30 Mar 2020 14:16:31 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame FE3F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Mon, 30 Mar 2020 13:57:01 GMT
expires
Tue, 30 Mar 2021 13:57:01 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1170
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
c
c.pub.network/ 		36 B
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.36.226.35.bc.googleusercontent.com
Software
/
Resource Hash
0a8007b6364db135a76db2b0194b31b3ec0bf537f61cc2adde8eb75e7785a8ee

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 30 Mar 2020 14:16:32 GMT
Access-Control-Allow-Credentials
true
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
gen_204
pagead2.googlesyndication.com/pagead/ 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200324&jk=2560246634520143&bg=!Xl2lXUVYRNLW8ydiyUACAAAAS1IAAAAMmQFktT5shQdRiiZ1JYZ_DBTyuUZpucK_M_8_mpOZSK0n3995Sc0QY2MnuOCRIdBfG_4-1ph_SCSKdWq4Cp7fDh4uwGEGeq0BEbaeGfeiWBYtbfUUQHI5ywe5XTAuk-lpd9gqmexGitg-m4Ix9WggI0x_WWO09mneDcK1SbVRyXsRpVD8bYg2p1azOZJV-UHsnYrlCQ3SUlYKBzqz4IgmBom8YfvkrxdZ7dgjtQfsVVss1EK0ZyFrv8sqWP-pXkuvcC-GAeD0ksRUBv-d8jFvEV_jYqC1OS7j7TAhZRe5qxG3HP-PAJ0zc38bKoN8ByuvbgO6kAuePmSq9kGgHFw5-t9n3rdt9fyxHswYNgy4N2P6Rxd1QvbYGb5n9coTeIAZ5V5cjwA8kdpIV7PaCEIzgkdgrnHXFhpCdYEe6sKGTrwWOm3KksVmf2fQXubVUE1dsqX5dM3vr23nBazqr4ytiS37fKXLVBI
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:31 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9
Redirect Chain
  • https://connatix-d.openx.net/v/1.0/av?auid=540193965&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malic...
  • https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193965&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193965&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=2e8fedd708e8d7042dc31585577791638&vwd=834&vht=470&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:31 GMT
via
1.1 google
server
OXGW/16.182.1
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193965&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=2e8fedd708e8d7042dc31585577791638&vwd=834&vht=470&gdpr=1&gdpr_consent=
p3p
CP="CUR ADM OUR NOR STA NID"
status
302
access-control-allow-credentials
true
alt-svc
clear
content-length
0

Redirect headers

date
Mon, 30 Mar 2020 14:16:31 GMT
via
1.1 google
server
OXGW/16.182.1
status
302
location
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193965&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=2e8fedd708e8d7042dc31585577791638&vwd=834&vht=470&gdpr=1&gdpr_consent=
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
alt-svc
clear
content-length
0
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193965&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=2e8fedd708e8d7042dc31585577791638&vwd=834&vht=470&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:31 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
482 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=3.11.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.93.211.175 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-211-175.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:31 GMT
status
200
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		730 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
8733904c6abb0cd414d306da95801fb2322bd251d83bd8ec12251355c12c88eb
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 30 Mar 2020 14:16:33 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
185.141.207.254; 185.141.207.254; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.46:80
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
e351b8fa-ed69-4b31-9a2b-53a2b1370916
Server
nginx/1.13.4
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		678 B
878 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 30 Mar 2020 14:16:31 GMT
Cache-Control
max-age=0, no-store
Server
nginx
Connection
keep-alive
Content-Length
678
Content-Type
text/plain; charset=UTF-8
cygnus
as-sec.casalemedia.com/ 		25 B
998 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%224139740e7f8b88b%22%2C%22imp%22%3A%5B%7B%22id%22%3A%224201e7f16dc2bf1%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2243116a1053f3e61%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%224478ed98d0c0e35%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2245431f9a55304c1%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22467c7e608f18ffc%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2247c1a3adfd84911%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22488601ba77b853b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%224920bafcce31916%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2250ae7690119b0bf%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2251a60ad0518df78%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2252cf7f358e06e3b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2253404a28527ff2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2254971e42305630c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-51.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c80da3fb05b51d1a5f4d55b32ba63153b2566bd02ec7c6ae177bb23d9bc992bf

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:32 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
45
Expires
Mon, 30 Mar 2020 14:16:32 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		263 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tk_flint=pbjs_lite_v3.11.0&x_source.tid=e6c0e5fd-8fdb-411e-a74a-2fc87dd33558&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.4055147891048536
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
889b25449ed7c4421f24dcdbaab62a12996ef5eef30bb30606f72e5265fc8cf5

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:31 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=13
Content-Length
263
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		263 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tk_flint=pbjs_lite_v3.11.0&x_source.tid=ac81b9ac-6e20-4d1f-9efd-a24fc545c81f&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5203459459092599
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
de71c3f98eb8aca0bc9c76d260d159ab52fc28ea9c656c35dabc49a5ee3a6e96

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:31 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=64
Content-Length
263
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		261 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tk_flint=pbjs_lite_v3.11.0&x_source.tid=71500054-c501-4e3f-a803-411ef3bb91fe&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5472522298268592
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
e798bdbe2acd4a7754674aab1a0f968a1106485346668a705751db16c0fc3e17

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:31 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=283
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		261 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tk_flint=pbjs_lite_v3.11.0&x_source.tid=9a37e591-f8ba-491a-86db-a7c0dd059f4a&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.1660474704982453
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
c7222363f4634623f0a4a098affe087281a6cae9e181d024472ff919b1d6f97f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:31 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=451
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tk_flint=pbjs_lite_v3.11.0&x_source.tid=ca75fea0-29ce-4593-a947-f9776bd8bc33&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7861172480698357
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
b69e3e4132807f6f9bac27a11b29f1f7e5c81511a91916325f5805030a7d4a64

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:31 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=422
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		261 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tk_flint=pbjs_lite_v3.11.0&x_source.tid=bca9f01b-39c0-4149-be8a-1609b162ed4b&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7892316774078489
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
09e8119dc6b96d14d9da88998a9036616ae527db8d667c941889e8f1b8f29d11

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:31 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=493
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
dmx.districtm.io/b/ 		0
262 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Mon, 30 Mar 2020 14:16:31 GMT
server
cloudflare
cf-ray
57c272eeba9fbbb8-LHR
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
v1
dmx.districtm.io/b/ 		0
32 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Mon, 30 Mar 2020 14:16:31 GMT
server
cloudflare
cf-ray
57c272eecaa2bbb8-LHR
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
prebid
ib.adnxs.com/ut/v3/ 		712 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
b7e428411f3243f6bb0b335dfe9a48e5d7d3d68102437059ad8b4409f2111dd1
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 30 Mar 2020 14:16:33 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
185.141.207.254; 185.141.207.254; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.236:80
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
311864a4-7602-432f-adcc-a1730133ea64
Server
nginx/1.13.4
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
freestar-d.openx.net/w/1.0/ 		175 B
368 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=e6c0e5fd-8fdb-411e-a74a-2fc87dd33558%2Cac81b9ac-6e20-4d1f-9efd-a24fc545c81f%2C71500054-c501-4e3f-a803-411ef3bb91fe%2C9a37e591-f8ba-491a-86db-a7c0dd059f4a%2Cca75fea0-29ce-4593-a947-f9776bd8bc33%2Cbca9f01b-39c0-4149-be8a-1609b162ed4b&nocache=1585577791740&pubcid=03f46c06-b126-4fdc-8d8a-0e4fd4bec2b1&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C300x250%2C300x600%7C300x250%2C300x600%7C728x90%7C300x250%2C300x600&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3&auid=540959250%2C540959250%2C540959250%2C540959250%2C540959250%2C540959250&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
62bfd13c73f0c8ad8b9b829c69f12fca1f974fb698b19fdeda3914fb98cf2215

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:31 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
165
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
swfIndex.php
ads.stickyadstv.com/www/delivery/ Frame 0AF9 		67 B
587 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=9531553&_fw_gdpr=1&_fw_gdpr_consent=&loc=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&_fw_us_privacy=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.197 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-197.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:32 GMT
Server
nginx
Content-Type
application/xml;charset=UTF-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
67
x-sticky-vk
1585577792140069-149
Expires
Mon, 30 Mar 2020 14:16:32 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		101 KB
17 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2560246634520143&correlator=1065080754942214&output=ldjh&impl=fifs&adsid=NT&eid=21065769%2C21062452&vrg=2020032302&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200330&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_1x1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7&prev_iu_szs=728x90%7C970x90%7C970x250%2C728x90%7C970x90%7C970x250%2C300x250%7C300x600%2C300x250%7C300x600%2C728x90%2C1x1%2C300x250%7C300x600&prev_scp=amznbid%3D2%26amznp%3D2%26bid%3D0%7Camznbid%3D2%26amznp%3D2%26bid%3D0%7Camznbid%3D2%26amznp%3D2%26bid%3D0%7Camznbid%3D2%26amznp%3D2%26bid%3D0%7Camznbid%3D2%26amznp%3D2%26bid%3D0%7Cbid%3Dtimeout%7Camznbid%3D2%26amznp%3D2%26bid%3D0&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1585079110&dt=1585577792101&dlt=1585577789563&idt=754&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C436%2C1082%2C1082%2C268%2C800%2C1082&adys=146%2C7498%2C327%2C1136%2C4818%2C8004%2C2126&adks=960084856%2C976516616%2C771041174%2C2389526111%2C4047242158%2C2635258439%2C523518761&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7&ifi=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&dssz=56&icsg=35184541966336&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1170x120%7C1200x90%7C306x250%7C306x250%7C834x90%7C1600x8005%7C306x250&msz=1170x90%7C1170x90%7C306x250%7C306x250%7C834x90%7C1600x1%7C306x250&ga_vid=1950450585.1585577790&ga_sid=1585577791&ga_hid=669732870&fws=4%2C4%2C4%2C4%2C4%2C4%2C516&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
cafe /
Resource Hash
3aad21d56d4e1abafbeadcdda378410a95a1912f837eb6347af1c5055d7d65c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:32 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
17051
x-xss-protection
0
google-lineitem-id
-2,-1,-2,-2,-2,4893662829,-1
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2,-1,-2,-2,-2,138254592126,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2020032302.js
securepubads.g.doubleclick.net/gpt/ 		67 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
sffe /
Resource Hash
a07183e063a79a699b732e200a3accdf4716cbc6e8bf8a6a709b9adba07d998d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 23 Mar 2020 17:22:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
25234
x-xss-protection
0
expires
Mon, 30 Mar 2020 14:16:32 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers
p2
sb.scorecardresearch.com/ Frame 0AF9
Redirect Chain
  • https://sb.scorecardresearch.com/p?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1585577790620&ns_st_ec=2&ns_st_sp=1&ns...
  • https://sb.scorecardresearch.com/p2?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1585577790620&ns_st_ec=2&ns_st_sp=1&n...
43 B
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p2?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1585577790620&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=pause&ns_st_po=1517&ns_st_cl=30000&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=1517&ns_st_dpt=1517&ns_st_ipt=1517&ns_st_et=1517&ns_st_det=1517&ns_st_upc=1517&ns_st_dupc=1517&ns_st_iupc=1517&ns_st_upa=1517&ns_st_dupa=1517&ns_st_iupa=1517&ns_st_lpc=1517&ns_st_dlpc=1517&ns_st_lpa=1517&ns_st_dlpa=1517&ns_st_pa=1517&ns_ts=1585577792139&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=1&ns_st_pp=1&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&c8=&c9=&cs_ucfr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.74.100.205 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-74-100-205.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:32 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Expires
Mon, 01 Jan 1990 00:00:00 GMT
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Location
https://sb.scorecardresearch.com/p2?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1585577790620&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=pause&ns_st_po=1517&ns_st_cl=30000&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=1517&ns_st_dpt=1517&ns_st_ipt=1517&ns_st_et=1517&ns_st_det=1517&ns_st_upc=1517&ns_st_dupc=1517&ns_st_iupc=1517&ns_st_upa=1517&ns_st_dupa=1517&ns_st_iupa=1517&ns_st_lpc=1517&ns_st_dlpc=1517&ns_st_lpa=1517&ns_st_dlpa=1517&ns_st_pa=1517&ns_ts=1585577792139&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=1&ns_st_pp=1&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&c8=&c9=&cs_ucfr=0
Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:32 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193960&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=02696088d3080e47c3041585577792375&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:32 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193947&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=73eff4f1ca0bd543e1661585577792450&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:32 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
tag
slckg-kqe2e.ads.tremorhub.com/ad/ Frame 0AF9 		949 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://slckg-kqe2e.ads.tremorhub.com/ad/tag?adCode=slckg-j10vm&playerWidth=834&playerHeight=470&playerPosition=1&mediaTitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&mediaDesc=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&mediaId=639404&mediaUrl=&srcPageUrl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentLength=30&gdpr=1&gdpr_consent=&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:612b:4216:e78e:8f3d:d54e:ee23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
9d60ac0d334c77a039cad6f125f940635ff0043a610271fc0729d61cc9546401

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:32 GMT
server
Apache-Coyote/1.1
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
status
403
content-language
en
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
x-tremorvideo-status
REJECTED_BY_SEAT_QPS_LIMIT
content-type
text/html;charset=utf-8
content-length
949
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&pid=5iD8qMOE8qnzi&cb=1&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:32 GMT
via
1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
UKudHLm6xRzSGQ4wyckrsiZAF2EPRDmVe14xbf4N4A2ERJ8afuMVRw==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
376 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&pid=tGbAIWE6s7egn&cb=2&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_1%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
Server /
Resource Hash
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:32 GMT
via
1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
uDJt2jvbxsrt3F-dt-sxS0OYJEKDYvAoa9NbDloFm13LhBupx3QlIQ==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&pid=Q2NX8dCyoDTYc&cb=3&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
Server /
Resource Hash
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:32 GMT
via
1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
M2R6qEZOirt59-Wm-bt4j0UEvJiF4VWWQKXraOvrL8rLaU-J5PBu3Q==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&pid=3QbESA64QEzF6&cb=4&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_1%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
Server /
Resource Hash
6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:32 GMT
via
1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
-WlchhzkOofIBVzKb3eoxYt6TPoqZNIekn2Ay2cfeUvWVPx0zoCfCQ==
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame 9C4F 		200 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4145
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:27 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame 9C4F 		200 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4145
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:27 GMT
amp-ad-exit-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame 9C4F 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-ad-exit-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d0c18b56d3b9bd3640250af1ce1e624bda890531f830d64c99d45e6c07bb349
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4176
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5728
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:06:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"36d96c2d19cb35a6"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:06:56 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame 9C4F 		92 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e17e03dc3ff1767a8d185975a2bf392068a0b2f2848503c38ceaa3f10fb0ea84
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4173
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28328
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:06:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f4788313c10056ed"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:06:59 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame 9C4F 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-fit-text-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b8ef4f3c2daa40e68de70096105302da24a586c1d75b620dff0ff579db73ba8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4164
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
1414
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ea7b1c90fec06498"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:08 GMT
amp-form-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame 9C4F 		46 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-form-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eada136c924874367d33d22fb496800b3f6f4e97f457829d2c18b5d41f1019a5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4164
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
14863
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"db7c050f8b3f760d"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:08 GMT
css
fonts.googleapis.com/ Frame 9C4F 		5 KB
764 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 30 Mar 2020 14:16:32 GMT
server
ESF
date
Mon, 30 Mar 2020 14:16:32 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 30 Mar 2020 14:16:32 GMT
truncated
/ Frame 9C4F 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8bfaf94a87a84be42ec12ce72f6c922fd22dead0b84766ce0c848a066f90497d

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012003101714470/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c2b0d171a4179bf00898c430c1c15464e528aff5762fc70a5d02184834c82eff
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
2622
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
7178
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:32:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9d3d923337ef7e9b"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:32:50 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 3C03 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssuVDAOv1hLMYzXzEmoaMgJqXbGQPm0gkqCt6zeB9BnfGQK60kBI0kKZJIx1006QGQ6mfr8tanWXTeR3Yby6EPE0b2YJWaDXSvYmNuRKJ7iuaRNm0bBaZ7YX3Yp0_39L7fuzFtCjM5WR6eUWkr5CotU46RiIdkwxOWvaMEKxxJjQ0r8CYzGp81EJ01x0-RPea0tQG49UrFoQfdFI276hC0IYpLpMJUwmg3DtROxlTDqJApnWhERDlWN3X1YaC3J3R0ppmxOvLphxW5yymhc-ehx5hhPkjbF2ovc&sai=AMfl-YSZ6htzewRbEiLUxHXVNB0hUFZljIOcMJ1WkIxxmcYvvSPt9TzLcAc5QvHsEdjyOCyFsoeCh76VQqd6yiGBYAm7KFtzWQtIxWo6g37w&sig=Cg0ArKJSzOoSiLp8tBljEAE&urlfix=1&adurl=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

timing-allow-origin
*
date
Mon, 30 Mar 2020 14:16:32 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Mon, 30 Mar 2020 14:16:32 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 3C03 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2e576f25f810ffe36e011b2bcaac420631d9e51515cc6c610adf360af39aa72f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1585308637081045"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28226
x-xss-protection
0
expires
Mon, 30 Mar 2020 14:16:32 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9C4F 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 11:08:58 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
11254
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Tue, 31 Mar 2020 11:08:58 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9C4F 		295 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 12:55:21 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
4871
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Tue, 31 Mar 2020 12:55:21 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 9C4F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CECf5QP-BXrunDJWbgAfH1JHYDMWa4vNbzvbE9voKwaGPlQEQASDHg_wBYLu-roPQCqABj5SzlwPIAQHgAgCoAwHIAwqqBMMCT9C6Gw76MTk9bsLUFIOIrK2T_9tGPuNyc56kP171pKOZiqpWG-1DXFGJAIbWc1av17S1QENCJ8JA8FQouK0FRYjxNZTg8KKbMFVaX0E8_acomx39x3nEpBD3VtRcIZGIh3XeRnhS0fbmt7OiI1S1-S63Bs5RYP0p2fQVpkbcWPpNU8ZuX_8oQMWNgQG7AeBX9IpeFJmnC6Fo2hXbRwwpULa19Uurdxbmw0Ic150YX2EaWO8Fb8dKCEAnqznffA2O9KtK9cad7gt3yR5ob8KbVqhE1CGh2WFwtn5zLc-LdHSMvcuOABYxTVHj3aR8ws8MGzY-WBeudgz3RmaJmwounIlFRuWA0Oh1Pa0oN4GqBU0kzB6bRvT6_Bu_X6w1fzGZakQ6iR-rxmbC7P41HGl_kLAPJ9VPlOw5w5KzIeRKDgZiGbHABM3_ksWmAuAEAZIFBAgEGAGSBQQIBRgEgAfZ68xoqAeOzhuoB9XJG6gHk9gbqAef2xuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQhbQF0ggJCIDhgBAQARgdgAoByAsB2BMMiBQB&sigh=nImaIqN7XVs&tpd=AGWhJmuqm_sdIw5yKDmhFj8IoYaVywsqdbf9rADv8QzYRHXuiA
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=2560246634520143&r=1x1&w=1&h=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:32 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame A810 		200 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4145
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:27 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame A810 		200 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4145
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:27 GMT
amp-ad-exit-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame A810 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-ad-exit-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d0c18b56d3b9bd3640250af1ce1e624bda890531f830d64c99d45e6c07bb349
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4176
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5728
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:06:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"36d96c2d19cb35a6"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:06:56 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame A810 		92 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e17e03dc3ff1767a8d185975a2bf392068a0b2f2848503c38ceaa3f10fb0ea84
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4173
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28328
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:06:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f4788313c10056ed"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:06:59 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame A810 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-fit-text-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b8ef4f3c2daa40e68de70096105302da24a586c1d75b620dff0ff579db73ba8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4164
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
1414
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ea7b1c90fec06498"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:08 GMT
amp-form-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame A810 		46 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-form-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eada136c924874367d33d22fb496800b3f6f4e97f457829d2c18b5d41f1019a5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4164
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
14863
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"db7c050f8b3f760d"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:08 GMT
css
fonts.googleapis.com/ Frame A810 		5 KB
718 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 30 Mar 2020 14:16:32 GMT
server
ESF
date
Mon, 30 Mar 2020 14:16:32 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 30 Mar 2020 14:16:32 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A810 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 11:08:58 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
11254
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Tue, 31 Mar 2020 11:08:58 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A810 		295 B
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 12:55:21 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
4871
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Tue, 31 Mar 2020 12:55:21 GMT
truncated
/ Frame A810 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c554411857ba507e981c050a7d2cb7f6eca2c87d2b353ab276c91a4ead59ca66

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
adview
securepubads.g.doubleclick.net/pagead/ Frame A810 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C6ArrQP-BXvWsDJWbgAfH1JHYDMWa4vNbzvbE9voKwaGPlQEQASDHg_wBYLu-roPQCqABj5SzlwPIAQHgAgCoAwHIAwqqBMcCT9B64odVDOxkTXG_FrsAr0re--p6hfBTFIXIl5tIZut-fHzZF4yjjvTldWPe4xWuRxu4k7f3L9PAYXWsmTLLjmqFwi1pFmd01k4XTWOMF7p_ICfW5r8YOt8MvIWg_U-ZnAos1JB9eQcgEuORfG6vbYQpCfiF14pcbs8AFs_qU0dYHXP-US3WeUPKlZm3fB3hEWvlAJs7LiSWZk0PSES28fv2b5Jumg5lc7Ld_66my_Aka8B-aQC2uPsxPJSaSKeB-wuqLJuNLIPzSpGuGc7A8g_6TYmXcnQeDWI6-yEnsBSC8HsRmsOWtrqDRfsluJ8-N9uiJY_9EHi0lI_FDWAS8L8HCY8iO0Zk5Sng3ZtrOu743xyEvEgJXnPOIdxIxSzWGt2MKgzFGuFKC6ghCAXGRMLlY6K3cSYLyxD-rknC3KopAGoYDKYYwATN_5LFpgLgBAGSBQQIBBgBkgUECAUYBIAH2evMaKgHjs4bqAfVyRuoB5PYG6gHn9sbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEJbLB9IICQiA4YAQEAEYHYAKAcgLAdgTDIgUAQ&sigh=zNqy-i6FfEU&tpd=AGWhJmshmHq26n8Or1B1AB_Ef3NTWaKZC7fJwpjjzqle_2PMfA
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 9C4F 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 05 Mar 2020 03:12:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
2199833
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11056
x-xss-protection
0
expires
Fri, 05 Mar 2021 03:12:39 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 9C4F 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 27 Feb 2020 08:47:06 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
2784566
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Fri, 26 Feb 2021 08:47:06 GMT
ad
ssp.lkqd.net/ Frame 0AF9 		168 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.lkqd.net/ad?pid=593&sid=1081148&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=834&height=470&dnt=[do_not_track]&gdpr=1&gdprcs=&ip=185.141.207.254&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentid=[content_id]&contenttitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&contentlength=30&contenturl=[content_url]&rnd=193d2f76c05d52baa4961585577792694&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.20.132.163 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx /
Resource Hash
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:32 GMT
server
nginx
status
200
content-type
application/xml; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
168
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame A810 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 05 Mar 2020 03:12:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
2199833
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11056
x-xss-protection
0
expires
Fri, 05 Mar 2021 03:12:39 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame A810 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 27 Feb 2020 08:47:06 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
2784566
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Fri, 26 Feb 2021 08:47:06 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 9C4F
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date
Mon, 30 Mar 2020 14:16:32 GMT
x-content-type-options
nosniff
server
safe
location
https://googleads.g.doubleclick.net/pagead/drt/si
content-type
text/html; charset=UTF-8
status
302
cache-control
private
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
246
x-xss-protection
0
arj
freestar-d.openx.net/w/1.0/ 		174 B
368 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=6900611f-3284-409c-b340-4d018315f781&nocache=1585577792786&pubcid=b9601d3a-5adf-4f0c-9201-d1ce47687700&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF&auid=540959250&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
349b867d779c9998c2ca5c3696b92977aceaad7b62b052c9084132dc6cb2adad

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:32 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
165
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
6be15a074674ed8c3ddb73fc5d6055de2916fb13e4d4e8872f1eecb4207569e5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:34 GMT
X-Proxy-Origin
185.141.207.254; 185.141.207.254; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.122:80
AN-X-Request-Uuid
8cdaf0c1-4f9e-4166-9aec-4b40dcbd23b3
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cygnus
as-sec.casalemedia.com/ 		25 B
998 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%22919a413c8622aba%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22923868394a5bbe8%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2293cd9b6cdf64701%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2294eefc5041c368b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-51.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
adf03f474cca50ccb4eee7ce02dd112f3fd42eba43f3c97fae251bbdecfc8451

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:32 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
45
Expires
Mon, 30 Mar 2020 14:16:32 GMT
v1
dmx.districtm.io/b/ 		0
162 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Mon, 30 Mar 2020 14:16:32 GMT
server
cloudflare
cf-ray
57c272f4fb22bbb8-LHR
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
fastlane.json
fastlane.rubiconproject.com/a/api/ 		263 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tk_flint=pbjs_lite_v3.11.0&x_source.tid=6900611f-3284-409c-b340-4d018315f781&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8505505389965553
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
1cd4f26a5a4950b69db8671ef9010e3dcf9c85367cfc6877a5bb57900d809dce

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:32 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=415
Content-Length
263
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ 		146 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e39e0308a3649d57f219ec13559b8dccb667a69b1cc96c40441b55c32384f1f0
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:34 GMT
X-Proxy-Origin
185.141.207.254; 185.141.207.254; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.86:80
AN-X-Request-Uuid
2315a40a-b5cf-4a1d-a1ed-0a1ff73804b2
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
146
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
483 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=3.11.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.93.211.175 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-211-175.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:32 GMT
status
200
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		678 B
878 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 30 Mar 2020 14:16:32 GMT
Cache-Control
max-age=0, no-store
Server
nginx
Connection
keep-alive
Content-Length
678
Content-Type
text/plain; charset=UTF-8
cygnus
as-sec.casalemedia.com/ 		26 B
999 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%2211222e389df6e9c6%22%2C%22imp%22%3A%5B%7B%22id%22%3A%221131bdbaa391b6f4%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221147daf2c892e27e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-51.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d921ca01b9e674d0b10e9bf64792193ec1932947ce5b9e2e6335d257b6278368

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:33 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
46
Expires
Mon, 30 Mar 2020 14:16:33 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		261 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tk_flint=pbjs_lite_v3.11.0&x_source.tid=c32cb11e-271a-4013-a615-666ce35b355a&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7894752826352345
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
9368b2884d3e5c004d03dd10e82720e78731f252ef4d272f640e131333678836

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:32 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=188
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		678 B
878 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 30 Mar 2020 14:16:32 GMT
Cache-Control
max-age=0, no-store
Server
nginx
Connection
keep-alive
Content-Length
678
Content-Type
text/plain; charset=UTF-8
v1
dmx.districtm.io/b/ 		0
33 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Mon, 30 Mar 2020 14:16:32 GMT
server
cloudflare
cf-ray
57c272f50b2dbbb8-LHR
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
prebid
ib.adnxs.com/ut/v3/ 		140 B
845 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
4f1219756a238c58135f78405285f62c8877df05dee6e824b0328840f5b46e0e
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:34 GMT
X-Proxy-Origin
185.141.207.254; 185.141.207.254; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.46:80
AN-X-Request-Uuid
ea99cce2-6b46-4731-822f-7a04eca739f8
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
140
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		146 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
79b4b47812a2dac7880fa4ac3a512b6937e69ad8a1e5570b2b7808cf65483ac0
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:34 GMT
X-Proxy-Origin
185.141.207.254; 185.141.207.254; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.177:80
AN-X-Request-Uuid
0df43a53-4fcb-4c06-986e-14445043d10b
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
146
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
freestar-d.openx.net/w/1.0/ 		175 B
368 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=c32cb11e-271a-4013-a615-666ce35b355a&nocache=1585577792798&pubcid=b9601d3a-5adf-4f0c-9201-d1ce47687700&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=300x250%2C300x600&divIds=bleepingcomputer_300x250_300x600_160x600_Right_1&auid=540959250&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
86bc9501333973846d63415526c3e11e0943a0059555f360cd888a63666511bf

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:32 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
166
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
481 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=3.11.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.93.211.175 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-211-175.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:32 GMT
status
200
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame A810
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date
Mon, 30 Mar 2020 14:16:32 GMT
x-content-type-options
nosniff
server
safe
location
https://googleads.g.doubleclick.net/pagead/drt/si
content-type
text/html; charset=UTF-8
status
302
cache-control
private
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
246
x-xss-protection
0
v1
dmx.districtm.io/b/ 		0
33 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Mon, 30 Mar 2020 14:16:32 GMT
server
cloudflare
cf-ray
57c272f57bb5bbb8-LHR
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
cygnus
as-sec.casalemedia.com/ 		26 B
999 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%221381bf4af10809ba%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22139c395ee6d04841%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22140ca2baeadc50e5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-51.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d0ddc19410586aa0e09dd9907ecc6bc4461c767c8ec3c907c4556fa97812ca8b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:33 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
46
Expires
Mon, 30 Mar 2020 14:16:33 GMT
arj
freestar-d.openx.net/w/1.0/ 		174 B
367 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=fc894264-4a0d-48c7-b261-c9d48d17981a&nocache=1585577792869&pubcid=95fa22a5-d2d6-4e79-aa64-cbfc9728d2a4&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=300x250%2C300x600&divIds=bleepingcomputer_300x250_300x600_160x600_Right_2&auid=540959250&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
c32dbaf332a2e0cda2c17d732038211f2878fc4906e378e89b5ac7c00bd55aa2

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:33 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
165
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		146 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
52da36b29a40283dfe11971f29db8ba362b9dc4cebffe269e590e0b47f861a66
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:34 GMT
X-Proxy-Origin
185.141.207.254; 185.141.207.254; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.22:80
AN-X-Request-Uuid
d982f30c-0602-40a5-8de3-bb8cc34dffe8
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
146
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		146 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
5b7a0d6d2eaa982cd98843edbc1a7619e39f0dabc5813e7cd5e9f8565ec07b2b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:34 GMT
X-Proxy-Origin
185.141.207.254; 185.141.207.254; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.15:80
AN-X-Request-Uuid
d449fd77-2e40-4deb-b336-3368311a7dc3
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
146
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
483 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=3.11.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.93.211.175 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-211-175.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:33 GMT
status
200
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		678 B
878 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 30 Mar 2020 14:16:32 GMT
Cache-Control
max-age=0, no-store
Server
nginx
Connection
keep-alive
Content-Length
678
Content-Type
text/plain; charset=UTF-8
fastlane.json
fastlane.rubiconproject.com/a/api/ 		261 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tk_flint=pbjs_lite_v3.11.0&x_source.tid=fc894264-4a0d-48c7-b261-c9d48d17981a&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7865515830953616
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
0f917dab66e17ee5dd3205b61fcd57a823a61545095992f6365d74b7cd546646

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:32 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=165
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ 		146 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
b33e8c49a8b84931d5ed279f6234d0e4a10862f06e2b3a6d2687499727e3a6ea
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:34 GMT
X-Proxy-Origin
185.141.207.254; 185.141.207.254; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.102:80
AN-X-Request-Uuid
2f25bf19-27dd-4b83-91c8-79b530399c3d
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
146
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tk_flint=pbjs_lite_v3.11.0&x_source.tid=1a50cdf9-7a09-4636-973e-2412b31ba055&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.943676533904428
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
a245b3b5537c51fab7a00563079f691116661b5daf97203131fe0ec426fb830f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:32 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=198
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
cygnus
as-sec.casalemedia.com/ 		26 B
999 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%221647874ac5477586%22%2C%22imp%22%3A%5B%7B%22id%22%3A%221654d3a8a39138c8%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-51.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
050b0d6851be7d9cae6411aa2f11a7a50001651adc82756e60612934ad5896ee

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:33 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
46
Expires
Mon, 30 Mar 2020 14:16:33 GMT
v1
dmx.districtm.io/b/ 		0
33 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Mon, 30 Mar 2020 14:16:32 GMT
server
cloudflare
cf-ray
57c272f59bd3bbb8-LHR
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
auction
tlx.3lift.com/header/ 		19 B
482 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=3.11.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.93.211.175 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-211-175.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:32 GMT
status
200
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		146 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
42a5552c5fd649396c064817d1175c0a38a4313e16108897075945e3d5c0986b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:34 GMT
X-Proxy-Origin
185.141.207.254; 185.141.207.254; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.41:80
AN-X-Request-Uuid
1eac22a0-76b1-490a-bcbf-6679908a19a7
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
146
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
freestar-d.openx.net/w/1.0/ 		175 B
368 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=1a50cdf9-7a09-4636-973e-2412b31ba055&nocache=1585577792886&pubcid=95fa22a5-d2d6-4e79-aa64-cbfc9728d2a4&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90&divIds=bleepingcomputer_728x90_320x50_InContent_1&auid=540959250&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
5f4737e1457b1e73cb1a25c98de6efc2413d83b3a065bc8167e29d5d03854808

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:33 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
166
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		678 B
878 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 30 Mar 2020 14:16:32 GMT
Cache-Control
max-age=0, no-store
Server
nginx
Connection
keep-alive
Content-Length
678
Content-Type
text/plain; charset=UTF-8
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A810 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 11:08:58 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
11254
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Tue, 31 Mar 2020 11:08:58 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A810 		295 B
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 12:55:21 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
4871
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Tue, 31 Mar 2020 12:55:21 GMT
ad
ssp.lkqd.net/ Frame 0AF9 		168 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.lkqd.net/ad?pid=593&sid=1081150&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=834&height=470&dnt=[do_not_track]&gdpr=1&gdprcs=&ip=185.141.207.254&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentid=[content_id]&contenttitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&contentlength=30&contenturl=[content_url]&rnd=2ddf52370f26151a13031585577792916&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.20.132.163 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx /
Resource Hash
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:32 GMT
server
nginx
status
200
content-type
application/xml; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
168
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
258 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193949&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=3d2b375026ddd0fca8711585577793044&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:33 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
swfIndex.php
ads.stickyadstv.com/www/delivery/ Frame 0AF9 		67 B
585 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=9531537&_fw_gdpr=1&_fw_gdpr_consent=&loc=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&_fw_us_privacy=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.197 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-197.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:33 GMT
Server
nginx
Content-Type
application/xml;charset=UTF-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
67
x-sticky-vk
1585577793134075-5
Expires
Mon, 30 Mar 2020 14:16:33 GMT
c
c.pub.network/ 		0
267 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.36.226.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 30 Mar 2020 14:16:33 GMT
Access-Control-Allow-Credentials
true
Content-Length
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
swfIndex.php
ads.stickyadstv.com/www/delivery/ Frame 0AF9 		67 B
850 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=9531569&_fw_gdpr=1&_fw_gdpr_consent=&loc=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&_fw_us_privacy=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.197 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-197.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:33 GMT
Server
nginx
Content-Type
application/xml;charset=UTF-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
67
x-sticky-vk
1585577793370039-49
Expires
Mon, 30 Mar 2020 14:16:33 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		47 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2560246634520143&correlator=1065080754942214&output=ldjh&impl=fifs&adsid=NT&eid=21065769%2C21062452%2C21064502&vrg=2020032302&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200330&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90%7C970x250&rcs=1&prev_scp=amznbid%3D2%26amznp%3D2%26bid%3D0&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1585079110&dt=1585577793483&dlt=1585577789563&idt=754&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=146&adks=960084856&ucis=8&ifi=3&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&dssz=55&icsg=35184541966336&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1170x120&msz=1170x90&psts=ABP-KfQBeomcmibJ7_T5DmQnQpC-79czw62EeaGH04IovIsZ8zIeS-c2JUs5g4Bg-KgwrPvVzzjz9IckdMnj&ga_vid=1950450585.1585577790&ga_sid=1585577791&ga_hid=669732870&fws=4&ohw=1600
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
cafe /
Resource Hash
3388c28abbd2db6c313ab948807dc9397fc3b912107ebe5b38fc25300b513ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:33 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
11274
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		48 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2560246634520143&correlator=1065080754942214&output=ldjh&impl=fifs&adsid=NT&eid=21065769%2C21062452%2C21064502&vrg=2020032302&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200330&iu_parts=15184186%2Cbleepingcomputer_300x250_300x600_160x600_Right_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&rcs=1&prev_scp=amznbid%3D2%26amznp%3D2%26bid%3D0&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1585079110&dt=1585577793599&dlt=1585577789563&idt=754&frm=20&biw=1600&bih=1200&oid=3&adxs=1082&adys=327&adks=771041174&ucis=9&ifi=4&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&dssz=55&icsg=35184541966336&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=306x250&msz=306x250&psts=ABP-KfQBeomcmibJ7_T5DmQnQpC-79czw62EeaGH04IovIsZ8zIeS-c2JUs5g4Bg-KgwrPvVzzjz9IckdMnj&ga_vid=1950450585.1585577790&ga_sid=1585577791&ga_hid=669732870&fws=4&ohw=1600
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
cafe /
Resource Hash
95027c1a7b44ca831ba59bcbd6d16b5f81d0b8311fd2b1812c9f1b3731855b9b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:34 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
11274
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
ssp.lkqd.net/ Frame 0AF9 		168 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.lkqd.net/ad?pid=593&sid=1081149&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=834&height=470&dnt=[do_not_track]&gdpr=1&gdprcs=&ip=185.141.207.254&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentid=[content_id]&contenttitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&contentlength=30&contenturl=[content_url]&rnd=636d2a197534b18537021585577793649&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.20.132.163 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx /
Resource Hash
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:33 GMT
server
nginx
status
200
content-type
application/xml; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
168
ads
securepubads.g.doubleclick.net/gampad/ 		451 B
434 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2560246634520143&correlator=1065080754942214&output=ldjh&impl=fifs&adsid=NT&eid=21065769%2C21062452%2C21064502&vrg=2020032302&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200330&iu_parts=15184186%2Cbleepingcomputer_300x250_300x600_160x600_Right_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&rcs=1&prev_scp=amznbid%3D2%26amznp%3D2%26bid%3D0&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1585079110&dt=1585577793673&dlt=1585577789563&idt=754&frm=20&biw=1600&bih=1200&oid=3&adxs=1082&adys=1136&adks=2389526111&ucis=a&ifi=5&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&dssz=55&icsg=35184541966336&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=306x250&msz=306x250&psts=ABP-KfQBeomcmibJ7_T5DmQnQpC-79czw62EeaGH04IovIsZ8zIeS-c2JUs5g4Bg-KgwrPvVzzjz9IckdMnj&ga_vid=1950450585.1585577790&ga_sid=1585577791&ga_hid=669732870&fws=4&ohw=1600
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
cafe /
Resource Hash
77adba13693124bbc41a8150f3cbeb39e22f4b5a188f902f4d46f5e95affff70
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:34 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
243
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		444 B
424 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2560246634520143&correlator=1065080754942214&output=ldjh&impl=fifs&adsid=NT&eid=21065769%2C21062452%2C21064502&vrg=2020032302&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200330&iu_parts=15184186%2Cbleepingcomputer_728x90_320x50_InContent_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&rcs=1&prev_scp=amznbid%3D2%26amznp%3D2%26bid%3D0&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1585079110&dt=1585577793683&dlt=1585577789563&idt=754&frm=20&biw=1600&bih=1200&oid=3&adxs=268&adys=4818&adks=4047242158&ucis=b&ifi=6&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&dssz=55&icsg=35184541966336&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=834x90&msz=834x90&psts=ABP-KfQBeomcmibJ7_T5DmQnQpC-79czw62EeaGH04IovIsZ8zIeS-c2JUs5g4Bg-KgwrPvVzzjz9IckdMnj&ga_vid=1950450585.1585577790&ga_sid=1585577791&ga_hid=669732870&fws=4&ohw=1600
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
cafe /
Resource Hash
8a7e078994ee66f022754596648f05da1a2484ef6cbd747d29fe131b02e60ecc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:34 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
241
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
swfIndex.php
ads.stickyadstv.com/www/delivery/ Frame 0AF9 		67 B
727 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=9531521&_fw_gdpr=1&_fw_gdpr_consent=&loc=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&_fw_us_privacy=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.197 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-197.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:34 GMT
Server
nginx
Content-Type
application/xml;charset=UTF-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
67
x-sticky-vk
1585577793853091-11
Expires
Mon, 30 Mar 2020 14:16:34 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame 24AE 		200 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4146
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:27 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame 24AE 		200 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4146
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:27 GMT
amp-ad-exit-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame 24AE 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-ad-exit-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d0c18b56d3b9bd3640250af1ce1e624bda890531f830d64c99d45e6c07bb349
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4177
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5728
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:06:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"36d96c2d19cb35a6"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:06:56 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame 24AE 		92 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e17e03dc3ff1767a8d185975a2bf392068a0b2f2848503c38ceaa3f10fb0ea84
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4174
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28328
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:06:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f4788313c10056ed"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:06:59 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame 24AE 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-fit-text-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b8ef4f3c2daa40e68de70096105302da24a586c1d75b620dff0ff579db73ba8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4165
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
1414
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ea7b1c90fec06498"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:08 GMT
amp-form-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame 24AE 		46 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-form-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eada136c924874367d33d22fb496800b3f6f4e97f457829d2c18b5d41f1019a5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4165
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
14863
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"db7c050f8b3f760d"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:08 GMT
css
fonts.googleapis.com/ Frame 24AE 		5 KB
764 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 30 Mar 2020 14:16:33 GMT
server
ESF
date
Mon, 30 Mar 2020 14:16:33 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 30 Mar 2020 14:16:33 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 24AE 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 11:08:58 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
11255
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Tue, 31 Mar 2020 11:08:58 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 24AE 		295 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 12:55:21 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
4872
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Tue, 31 Mar 2020 12:55:21 GMT
truncated
/ Frame 24AE 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8a82f914caafae00db84e2e5f76d821baa63be424490a70c5450d157ac638b76

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
adview
securepubads.g.doubleclick.net/pagead/ Frame 24AE 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CnT-hQf-BXumeIc2WgAfR-LrwD_qMqZda48Taq80KwI23ARABIMeD_AFgu76ug9AKoAGZ__rUA8gBAeACAKgDAcgDCqoEvgJP0C1hUGASpaFQm6ibFo_fukkUrhNNMhYpwaNH5Bm777Wn3eazMPQo2jLDCheB-uSYJOugukDY8FnLWhSP3Xgec25W1BcGCY-0E0T6h3vaxOdguM-GelGzwDkdbayu4Kq_EHWLBdWa_bXA9HJ96vGDK2TvCqOZI9tLj2CCGp0E5BeOB7zfGogp_St6hAT6TAnHlB5NucYwecCyxa_nTzMkrmlRbcLIdlOmEjTevaR_h4yCZ5uI1BsBLJXsPy62rDr1Fnd7pePJzlTQpzWyiOzd-fANCHtY2OHZTo_xCAslz4Af4pY2dqwCsdrTMndrfKer-PhK-SI2vm5f9jkKLad2L6WNte2M11pH58C4MGMQn1u_D3eua8XcbxoDrU_MGL15-ZyIGWPc5SDac0aCKa5_5VKd3USj9mGe8hzI_YPABOr-vpCvAuAEAZIFBAgEGAGSBQQIBRgEgAfPgIUrqAeOzhuoB9XJG6gHk9gbqAef2xuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQ6Mwr0ggJCIDhgBAQARgdgAoByAsB2BMMiBQB&sigh=zs4XBjRTF3U&tpd=AGWhJmuFMkw1SxfDiY5ScnavyKsVfLP4uUA1pZz5awESS1KE0g
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 24AE 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 05 Mar 2020 03:12:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
2199834
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11056
x-xss-protection
0
expires
Fri, 05 Mar 2021 03:12:39 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 24AE 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 27 Feb 2020 08:47:06 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
2784567
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Fri, 26 Feb 2021 08:47:06 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 24AE 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 11:08:58 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
11256
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Tue, 31 Mar 2020 11:08:58 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 24AE 		295 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 12:55:21 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
4873
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Tue, 31 Mar 2020 12:55:21 GMT
c
c.pub.network/ 		0
267 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.36.226.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 30 Mar 2020 14:16:34 GMT
Access-Control-Allow-Credentials
true
Content-Length
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
ad
ssp.lkqd.net/ Frame 0AF9 		168 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.lkqd.net/ad?pid=593&sid=1081147&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=834&height=470&dnt=[do_not_track]&gdpr=1&gdprcs=&ip=185.141.207.254&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentid=[content_id]&contenttitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&contentlength=30&contenturl=[content_url]&rnd=48d89954de19cafd34911585577794155&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.20.132.163 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx /
Resource Hash
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:34 GMT
server
nginx
status
200
content-type
application/xml; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
168
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame E38B 		200 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4147
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:27 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame E38B 		200 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4147
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:27 GMT
amp-ad-exit-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame E38B 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-ad-exit-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d0c18b56d3b9bd3640250af1ce1e624bda890531f830d64c99d45e6c07bb349
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4178
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5728
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:06:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"36d96c2d19cb35a6"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:06:56 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame E38B 		92 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e17e03dc3ff1767a8d185975a2bf392068a0b2f2848503c38ceaa3f10fb0ea84
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4175
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28328
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:06:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f4788313c10056ed"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:06:59 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame E38B 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-fit-text-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b8ef4f3c2daa40e68de70096105302da24a586c1d75b620dff0ff579db73ba8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4166
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
1414
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ea7b1c90fec06498"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:08 GMT
amp-form-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame E38B 		46 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-form-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eada136c924874367d33d22fb496800b3f6f4e97f457829d2c18b5d41f1019a5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
4166
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
14863
x-xss-protection
0
server
sffe
date
Mon, 30 Mar 2020 13:07:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"db7c050f8b3f760d"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 13:07:08 GMT
css
fonts.googleapis.com/ Frame E38B 		5 KB
764 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 30 Mar 2020 14:16:34 GMT
server
ESF
date
Mon, 30 Mar 2020 14:16:34 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 30 Mar 2020 14:16:34 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E38B 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 11:08:58 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
11256
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Tue, 31 Mar 2020 11:08:58 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E38B 		295 B
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 12:55:21 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
4873
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Tue, 31 Mar 2020 12:55:21 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/3819963007457405177/ Frame E38B 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/3819963007457405177/downsize_200k_v1?w=300&h=300
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032302.js?21065769
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f42ef526e7c9bab0ed4781c027b4c9371163e27eb5e18cfe2e10239cf8db2591
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 29 Jan 2020 18:26:50 GMT
x-content-type-options
nosniff
age
5255384
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
3805
x-xss-protection
0
last-modified
Mon, 08 Apr 2019 12:02:29 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 28 Jan 2021 18:26:50 GMT
truncated
/ Frame E38B 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
42fd2847597b5333dff068d464f740d28c206e2c0f1f526648716926fe2524bc

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
adview
securepubads.g.doubleclick.net/pagead/ Frame E38B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C5iy9Qf-BXuyiM9PX7gP03ocIrLf_mVzv6uHghgvAjbcBEAEgx4P8AWC7vq6D0AqgAZed-NkDyAEBqQJL4YefLMe0PuACAKgDAaoEzAJP0Ezd4t6ysvaM0oxYktCeO3yYVKzW9GAxM6AnMJEOZAxmv-T8Hm-CNEy72cRosAU-GgGrd7ruc4sMLxQPlwklmnLlly09aTEo5ITUtZFARicSLnVOCoEMHHtxGnUye8WmEuUPMjPy8v4aM1aCa15_KxiaI79Dw8xDJjW4vcRX44z7x2lWuTCemkmQwCzQxtnaESqVore0HSTmdZCJ9MIPTfqrpQsjOUqfmpatMFUSYSzeW5hB9GLIhwB-eqOWIWRaWn09i7zMGbFv8quP0KfzwUiXNLnri1W85pFvXm6wg9_tKcHy-hxUctbHedXDK7TDq479lDBxJy-igJY-JNFxen57Gi_Zfm57R03YgSnmuO3XkOrCevsLy6w3FwDP2tKCaBeou55hqFF-9PMIJ8EPo2HknYifPMY5J3hGh83ktpCDAhtx6Hy3SJmnKsAEnI2GyO0C4AQBkgUECAQYAZIFBAgFGASAB9HihyaoB47OG6gH1ckbqAeT2BuoB5_bG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAfIHBBDangjSCAkIgOGAEBABGB2ACgHICwHYEwyIFAGYFgE&sigh=tAhxa_eGibY&template_id=5001&tpd=AGWhJmtguDlbsHyMw2j1MV0H4BNlHJGvsvWRkohFqOfzLxDURQ
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame E38B 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 05 Mar 2020 03:12:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
2199835
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11056
x-xss-protection
0
expires
Fri, 05 Mar 2021 03:12:39 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame E38B 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 27 Feb 2020 08:47:06 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
2784568
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Fri, 26 Feb 2021 08:47:06 GMT
tag
slckg-qrmhc.ads.tremorhub.com/ad/ Frame 0AF9 		0
63 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://slckg-qrmhc.ads.tremorhub.com/ad/tag?adCode=slckg-nx3wf&playerWidth=834&playerHeight=470&playerPosition=mid-roll&mediaTitle=[media_title]&mediaId=639404&mediaUrl=&srcPageUrl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentLength=30&gdpr=1&gdpr_consent=&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:612b:4216:e78e:8f3d:d54e:ee23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
400
date
Mon, 30 Mar 2020 14:16:34 GMT
server
Apache-Coyote/1.1
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E38B 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 11:08:58 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
11256
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Tue, 31 Mar 2020 11:08:58 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E38B 		295 B
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Mar 2020 12:55:21 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
4873
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Tue, 31 Mar 2020 12:55:21 GMT
swfIndex.php
ads.stickyadstv.com/www/delivery/ Frame 0AF9 		67 B
728 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=9531505&_fw_gdpr=1&_fw_gdpr_consent=&loc=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&_fw_us_privacy=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.197 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-197.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:34 GMT
Server
nginx
Content-Type
application/xml;charset=UTF-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
67
x-sticky-vk
1585577794475025-325
Expires
Mon, 30 Mar 2020 14:16:34 GMT
c
c.pub.network/ 		0
267 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.36.226.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 30 Mar 2020 14:16:34 GMT
Access-Control-Allow-Credentials
true
Content-Length
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
ad
ssp.lkqd.net/ Frame 0AF9 		168 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.lkqd.net/ad?pid=593&sid=1081151&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=834&height=470&dnt=[do_not_track]&gdpr=1&gdprcs=&ip=185.141.207.254&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentid=[content_id]&contenttitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&contentlength=30&contenturl=[content_url]&rnd=476fde20d77ed143f5e31585577794652&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.20.132.163 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx /
Resource Hash
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:34 GMT
server
nginx
status
200
content-type
application/xml; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
168
av
connatix-d.openx.net/v/1.0/ Frame 0AF9
Redirect Chain
  • https://connatix-d.openx.net/v/1.0/av?auid=540193964&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malic...
  • https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193964&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193964&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=b8742fd5d877874609571585577794778&vwd=834&vht=470&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:34 GMT
via
1.1 google
server
OXGW/16.182.1
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193964&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=b8742fd5d877874609571585577794778&vwd=834&vht=470&gdpr=1&gdpr_consent=
p3p
CP="CUR ADM OUR NOR STA NID"
status
302
access-control-allow-credentials
true
alt-svc
clear
content-length
0

Redirect headers

date
Mon, 30 Mar 2020 14:16:34 GMT
via
1.1 google
server
OXGW/16.182.1
status
302
location
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193964&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=b8742fd5d877874609571585577794778&vwd=834&vht=470&gdpr=1&gdpr_consent=
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
alt-svc
clear
content-length
0
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193964&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=b8742fd5d877874609571585577794778&vwd=834&vht=470&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:34 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
514171
vid.springserve.com/vast/ Frame 0AF9 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.128.234.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-234-189.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b7a4851d8b9e70f31ff07675ee056944a71ad0d6d666ba2287f69aa1981e74a6

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Mar 2020 14:16:35 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/xml;charset=UTF-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
855
activeview
pagead2.googlesyndication.com/pcs/ Frame 24AE 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstVNy7iC-fJVY1Nc5PR2Dd6ne_3uT2icBHa7E9IzWD_MV4JcQmlgDMrKPq9HPzkQJOvayxzB__NEW5LR6Pre-QYsSxeB1tpvhJPvHPOnqij1JQTHJXzgfIH7R6c7A&sai=AMfl-YQJ4LiB9Crvi1xYWJgapK9ydz9vzEo13SzHVaCoocDuwpixAnc_TYGZAFbWuLxnvl-jgrrvipXIi5JCIGPCFcndNjDStsbSiyKSf5UG&sig=Cg0ArKJSzHcuZjvcbrd9EAE&id=ampim&o=436,146&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1002&mtos=0,0,1002,1002,1002&tos=0,0,1002,0,0&tfs=121&tls=1123&g=100&h=100&tt=1123&r=v&adk=960084856&avms=ampa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:35 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
c
c.pub.network/ 		0
267 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.36.226.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 30 Mar 2020 14:16:35 GMT
Access-Control-Allow-Credentials
true
Content-Length
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
activeview
pagead2.googlesyndication.com/pcs/ Frame E38B 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssE0cTlHWQeJ5hsBP2jyZSmKUwsqM62-SDtZsl5Xw-Vommjb5ln0n-BeLZSq4poZZpMVtMjzYeGml9z4D33f24-jNBTYnzgor_zjXmk4jhaAsfKAFNxi_OCAqjiTA&sai=AMfl-YQLhIpJ_-60Zxe7dWe8WKR2DUKPIF7pzm3kuCi0gBt7cbKDAyQQ4xI7eaCugxQdDb7rSeAvahdxbEENkN1Xe8TQTdpzkLAHA9i9CvTgZg&sig=Cg0ArKJSzP3xZ1Qto0ZyEAE&id=ampim&o=1082,327&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=158&tls=1158&g=100&h=100&tt=1158&r=v&adk=771041174&avms=ampa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:35 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
vpaid_029b7bdf.js
vpaid.springserve.com/production/ Frame 02B7 		448 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vpaid.springserve.com/production/vpaid_029b7bdf.js
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
AmazonS3 /
Resource Hash
015bfce79477b14313fe8b5cfb94c2786af83ec5be508e134973d6203eb439a8

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 30 Mar 2020 14:16:36 GMT
content-encoding
gzip
last-modified
Tue, 10 Mar 2020 16:23:34 GMT
server
AmazonS3
x-amz-request-id
5B3DC9BFDAB0529D
etag
"14a7eef185ed247664c008dbbb503421"
x-hw
1585577796.dop227.lo4.t,1585577796.cds238.lo4.hn,1585577796.cds079.lo4.c
content-type
application/javascript
status
200
cache-control
max-age=909459
accept-ranges
bytes
access-control-allow-origin
*
content-length
100182
x-amz-id-2
0SFrc1LEXgDE1Iy62hIS2JRnVfKQAgs6r0HOnjaXzOXSkpnzl+ZED9afjB++IYqQq3zqx/As0fk=
oath-viewability-sdk.js
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 02B7 		29 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_029b7bdf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

ats-carp-promotion
1
date
Thu, 19 Mar 2020 19:05:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
933087
status
200
strict-transport-security
max-age=15552000
content-length
7868
x-amz-id-2
58SfDErf3sYa3nGPlAuvppH5WOq5oOmdETGI2INBlBqAna7YRqhn9jr8yMgmGFTC8iQCsZp5MsA=
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 23 Jan 2018 04:39:44 GMT
server
ATS
etag
"f89c71522a28b573b7e8c681892779ce-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-request-id
991AC5361ED29058
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=1209600
x-amz-version-id
MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges
bytes
content-type
application/javascript
prebid
ib.adnxs.com/ut/v3/ Frame 02B7 		160 B
866 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_029b7bdf.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
0724d2fb5c49945c23ca2a5cbb67a7638edf60816237ff401b18ea2cf665b1f8
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:38 GMT
X-Proxy-Origin
185.141.207.254; 185.141.207.254; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.122:80
AN-X-Request-Uuid
78fc1668-462b-4f79-aa61-81c64a5f06a5
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
160
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ Frame 02B7 		160 B
865 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_029b7bdf.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
f50472a96f7832659da90c79e56af2bd967632f5e1c641294da1af12e7ae3379
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Mar 2020 14:16:38 GMT
X-Proxy-Origin
185.141.207.254; 185.141.207.254; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.85:80
AN-X-Request-Uuid
5ab2d570-a77e-4ab8-83b0-f06b54a98bf4
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
160
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
24
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 02B7 		678 B
878 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_029b7bdf.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 30 Mar 2020 14:16:36 GMT
Cache-Control
max-age=0, no-store
Server
nginx
Connection
keep-alive
Content-Length
678
Content-Type
text/plain; charset=UTF-8
bc2
bc-rtb-dub.springserve.com/ Frame 02B7 		20 B
320 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bc-rtb-dub.springserve.com/bc2?r=ef159376-8f64-484d-b706-a0cd52964101-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_029b7bdf.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 30 Mar 2020 14:16:37 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/json
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
i
vid-io.springserve.com/vd/ Frame 02B7 		0
0
index.html
cdn.districtm.io/ids/ Frame FE83 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
204
date
Mon, 30 Mar 2020 14:16:38 GMT
set-cookie
__cfduid=dac243534c9bd0ea83c60325e42200f001585577798; expires=Wed, 29-Apr-20 14:16:38 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
57c27315fa01bbb8-LHR
index.html
cdn.districtm.io/ids/ Frame 1E43 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
204
date
Mon, 30 Mar 2020 14:16:38 GMT
set-cookie
__cfduid=dac243534c9bd0ea83c60325e42200f001585577798; expires=Wed, 29-Apr-20 14:16:38 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
57c27315fa04bbb8-LHR
sync
eb2.3lift.com/ Frame 184E
Redirect Chain
  • https://eb2.3lift.com/sync?
  • https://eb2.3lift.com/sync?&ld=1
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?&ld=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.98.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-98-188.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
eb2.3lift.com
:scheme
https
:path
/sync?&ld=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
tluid=18160373722370935281
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
date
Mon, 30 Mar 2020 14:16:38 GMT
content-type
text/html; charset=utf-8
content-length
466
set-cookie
sync=CgoIgQIQndS03pIuCgoIoQEQndS03pIuCgoI4gEQndS03pIuCgoI5gEQndS03pIuCgkICRCd1LTeki4KCQg6EJ3UtN6SLgoJCAsQndS03pIuCgoIzgEQndS03pIuCgkIHxCd1LTeki4KCQhfEJ3UtN6SLg==; Max-Age=7776000; Expires=Sun, 28 Jun 2020 14:16:38 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=18160373722370935281; Max-Age=7776000; Expires=Sun, 28 Jun 2020 14:16:38 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

status
302
date
Mon, 30 Mar 2020 14:16:38 GMT
content-length
0
set-cookie
tluid=18160373722370935281; Max-Age=7776000; Expires=Sun, 28 Jun 2020 14:16:38 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location
/sync?&ld=1
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame E408 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 30 Mar 2020 14:16:38 GMT
Age
20493282
Connection
keep-alive
X-Served-By
cache-jfk8138-JFK, cache-fra19134-FRA
X-Cache
HIT, HIT
X-Cache-Hits
391291, 3307279
X-Timer
S1585577798.422949,VS0,VE0
Vary
Accept-Encoding
pd
eu-u.openx.net/w/1.0/ Frame C813
Redirect Chain
  • https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
  • https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=0abfc9ab-59c0-0e42-0327-af5d6bf8256f|1585577798
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=0abfc9ab-59c0-0e42-0327-af5d6bf8256f|1585577798; Version=1; Expires=Tue, 30-Mar-2021 14:16:38 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1585577798|mOsLgqgikin0fcmWiygu; Version=1; Expires=Tue, 14-Apr-2020 14:16:38 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.182.1
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 30 Mar 2020 14:16:38 GMT
content-type
text/html
content-length
484
content-encoding
gzip
via
1.1 google
alt-svc
clear

Redirect headers

status
302
set-cookie
i=324130ee-bd5d-01d8-1c02-a815bfecb756|1585577798; Version=1; Expires=Tue, 30-Mar-2021 14:16:38 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.182.1
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
date
Mon, 30 Mar 2020 14:16:38 GMT
content-length
0
via
1.1 google
alt-svc
clear
index.html
cdn.districtm.io/ids/ Frame BDA9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
204
date
Mon, 30 Mar 2020 14:16:38 GMT
set-cookie
__cfduid=dac243534c9bd0ea83c60325e42200f001585577798; expires=Wed, 29-Apr-20 14:16:38 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
57c273161a24bbb8-LHR
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame A99A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 30 Mar 2020 14:16:38 GMT
Age
20493282
Connection
keep-alive
X-Served-By
cache-jfk8138-JFK, cache-fra19134-FRA
X-Cache
HIT, HIT
X-Cache-Hits
391291, 3307280
X-Timer
S1585577798.465155,VS0,VE0
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 7868 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 30 Mar 2020 14:16:38 GMT
Age
20493283
Connection
keep-alive
X-Served-By
cache-jfk8138-JFK, cache-fra19134-FRA
X-Cache
HIT, HIT
X-Cache-Hits
391291, 3307281
X-Timer
S1585577799.504119,VS0,VE0
Vary
Accept-Encoding
pd
eu-u.openx.net/w/1.0/ Frame B9DF
Redirect Chain
  • https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
  • https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=0abfc9ab-59c0-0e42-0327-af5d6bf8256f|1585577798
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=0abfc9ab-59c0-0e42-0327-af5d6bf8256f|1585577798; Version=1; Expires=Tue, 30-Mar-2021 14:16:38 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1585577798|mOsLgqgikin0fcmWiygu; Version=1; Expires=Tue, 14-Apr-2020 14:16:38 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.182.1
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 30 Mar 2020 14:16:38 GMT
content-type
text/html
content-length
484
content-encoding
gzip
via
1.1 google
alt-svc
clear

Redirect headers

status
302
set-cookie
i=0abfc9ab-59c0-0e42-0327-af5d6bf8256f|1585577798; Version=1; Expires=Tue, 30-Mar-2021 14:16:38 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.182.1
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
date
Mon, 30 Mar 2020 14:16:38 GMT
content-length
0
via
1.1 google
alt-svc
clear
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame A1B5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 30 Mar 2020 14:16:38 GMT
Age
20493283
Connection
keep-alive
X-Served-By
cache-jfk8138-JFK, cache-fra19134-FRA
X-Cache
HIT, HIT
X-Cache-Hits
391291, 3307282
X-Timer
S1585577799.545175,VS0,VE0
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 97D0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 30 Mar 2020 14:16:38 GMT
Age
20493283
Connection
keep-alive
X-Served-By
cache-jfk8138-JFK, cache-fra19134-FRA
X-Cache
HIT, HIT
X-Cache-Hits
391291, 3307283
X-Timer
S1585577799.584215,VS0,VE0
Vary
Accept-Encoding
sync
eb2.3lift.com/ Frame 75AB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.98.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-98-188.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
eb2.3lift.com
:scheme
https
:path
/sync?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
tluid=18160373722370935281
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
date
Mon, 30 Mar 2020 14:16:38 GMT
content-type
text/html; charset=utf-8
content-length
466
set-cookie
sync=CgoIgQIQnNS03pIuCgoIoQEQnNS03pIuCgoI4gEQnNS03pIuCgoI5gEQnNS03pIuCgkICRCc1LTeki4KCQg6EJzUtN6SLgoJCAsQnNS03pIuCgoIzgEQnNS03pIuCgkIHxCc1LTeki4KCQhfEJzUtN6SLg==; Max-Age=7776000; Expires=Sun, 28 Jun 2020 14:16:38 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=18160373722370935281; Max-Age=7776000; Expires=Sun, 28 Jun 2020 14:16:38 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate
usync.html
eus.rubiconproject.com/ Frame 54C0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.78.125 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified
Wed, 04 Mar 2020 22:48:14 GMT
Content-Encoding
gzip
Content-Length
7619
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=24057
Expires
Mon, 30 Mar 2020 20:57:38 GMT
Date
Mon, 30 Mar 2020 14:16:41 GMT
Connection
keep-alive
Vary
Accept-Encoding
sync
eb2.3lift.com/ Frame 839E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.98.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-98-188.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
eb2.3lift.com
:scheme
https
:path
/sync?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
tluid=18160373722370935281
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
date
Mon, 30 Mar 2020 14:16:38 GMT
content-type
text/html; charset=utf-8
content-length
466
set-cookie
sync=CgoIgQIQnNS03pIuCgoIoQEQnNS03pIuCgoI4gEQnNS03pIuCgoI5gEQnNS03pIuCgkICRCc1LTeki4KCQg6EJzUtN6SLgoJCAsQnNS03pIuCgoIzgEQnNS03pIuCgkIHxCc1LTeki4KCQhfEJzUtN6SLg==; Max-Age=7776000; Expires=Sun, 28 Jun 2020 14:16:38 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=18160373722370935281; Max-Age=7776000; Expires=Sun, 28 Jun 2020 14:16:38 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate
sync
eb2.3lift.com/ Frame 84BB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.98.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-98-188.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
eb2.3lift.com
:scheme
https
:path
/sync?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
tluid=18160373722370935281
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
date
Mon, 30 Mar 2020 14:16:38 GMT
content-type
text/html; charset=utf-8
content-length
466
set-cookie
sync=CgoIgQIQoNS03pIuCgoIoQEQoNS03pIuCgoI4gEQoNS03pIuCgoI5gEQoNS03pIuCgkICRCg1LTeki4KCQg6EKDUtN6SLgoJCAsQoNS03pIuCgoIzgEQoNS03pIuCgkIHxCg1LTeki4KCQhfEKDUtN6SLg==; Max-Age=7776000; Expires=Sun, 28 Jun 2020 14:16:38 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=18160373722370935281; Max-Age=7776000; Expires=Sun, 28 Jun 2020 14:16:38 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate
index.html
cdn.districtm.io/ids/ Frame 378C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
204
date
Mon, 30 Mar 2020 14:16:38 GMT
set-cookie
__cfduid=dac243534c9bd0ea83c60325e42200f001585577798; expires=Wed, 29-Apr-20 14:16:38 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
57c273169ae7bbb8-LHR
pd
eu-u.openx.net/w/1.0/ Frame 4841 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=0abfc9ab-59c0-0e42-0327-af5d6bf8256f|1585577798
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=0abfc9ab-59c0-0e42-0327-af5d6bf8256f|1585577798; Version=1; Expires=Tue, 30-Mar-2021 14:16:38 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1585577798|mOsLgqgikin0fcmWiygu; Version=1; Expires=Tue, 14-Apr-2020 14:16:38 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.182.1
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 30 Mar 2020 14:16:38 GMT
content-type
text/html
content-length
484
content-encoding
gzip
via
1.1 google
alt-svc
clear
sync
eb2.3lift.com/ Frame 6274 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.98.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-98-188.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
eb2.3lift.com
:scheme
https
:path
/sync?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
tluid=18160373722370935281
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
date
Mon, 30 Mar 2020 14:16:38 GMT
content-type
text/html; charset=utf-8
content-length
466
set-cookie
sync=CgoIgQIQq9S03pIuCgoIoQEQq9S03pIuCgoI4gEQq9S03pIuCgoI5gEQq9S03pIuCgkICRCr1LTeki4KCQg6EKvUtN6SLgoJCAsQq9S03pIuCgoIzgEQq9S03pIuCgkIHxCr1LTeki4KCQhfEKvUtN6SLg==; Max-Age=7776000; Expires=Sun, 28 Jun 2020 14:16:38 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=18160373722370935281; Max-Age=7776000; Expires=Sun, 28 Jun 2020 14:16:38 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate
index.html
cdn.districtm.io/ids/ Frame C262 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
204
date
Mon, 30 Mar 2020 14:16:38 GMT
set-cookie
__cfduid=dac243534c9bd0ea83c60325e42200f001585577798; expires=Wed, 29-Apr-20 14:16:38 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
57c27316aaefbbb8-LHR
pd
eu-u.openx.net/w/1.0/ Frame 1CE3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=0abfc9ab-59c0-0e42-0327-af5d6bf8256f|1585577798
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=0abfc9ab-59c0-0e42-0327-af5d6bf8256f|1585577798; Version=1; Expires=Tue, 30-Mar-2021 14:16:38 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1585577798|mOsLgqgikin0fcmWiygu; Version=1; Expires=Tue, 14-Apr-2020 14:16:38 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.182.1
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 30 Mar 2020 14:16:38 GMT
content-type
text/html
content-length
484
content-encoding
gzip
via
1.1 google
alt-svc
clear
pd
eu-u.openx.net/w/1.0/ Frame 617D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.11.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=0abfc9ab-59c0-0e42-0327-af5d6bf8256f|1585577798
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=0abfc9ab-59c0-0e42-0327-af5d6bf8256f|1585577798; Version=1; Expires=Tue, 30-Mar-2021 14:16:38 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1585577798|mOsLgqgikin0fcmWiygu; Version=1; Expires=Tue, 14-Apr-2020 14:16:38 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.182.1
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 30 Mar 2020 14:16:38 GMT
content-type
text/html
content-length
484
content-encoding
gzip
via
1.1 google
alt-svc
clear
av
connatix-d.openx.net/v/1.0/ Frame 0AF9
Redirect Chain
  • https://connatix-d.openx.net/v/1.0/av?auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malic...
  • https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=ad0c12ae84f0776f071a1585577798889&vwd=834&vht=470&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:38 GMT
via
1.1 google
server
OXGW/16.182.1
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=ad0c12ae84f0776f071a1585577798889&vwd=834&vht=470&gdpr=1&gdpr_consent=
p3p
CP="CUR ADM OUR NOR STA NID"
status
302
access-control-allow-credentials
true
alt-svc
clear
content-length
0

Redirect headers

date
Mon, 30 Mar 2020 14:16:38 GMT
via
1.1 google
server
OXGW/16.182.1
status
302
location
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=ad0c12ae84f0776f071a1585577798889&vwd=834&vht=470&gdpr=1&gdpr_consent=
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
alt-svc
clear
content-length
0
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=ad0c12ae84f0776f071a1585577798889&vwd=834&vht=470&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:38 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
ad
ssp.lkqd.net/ Frame 0AF9 		168 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.lkqd.net/ad?pid=593&sid=1081146&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=834&height=470&dnt=[do_not_track]&gdpr=1&gdprcs=&ip=185.141.207.254&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentid=[content_id]&contenttitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&contentlength=30&contenturl=[content_url]&rnd=6019bcf729cc8b512f621585577799010&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.20.132.163 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx /
Resource Hash
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:39 GMT
server
nginx
status
200
content-type
application/xml; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
168
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193965&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=c29aa2db9475793ddd7b1585577799134&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:39 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193960&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=6bb365696b2662cdc5201585577799226&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:39 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193947&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=a476242ea46e8ddb97881585577799375&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:39 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
ad
ssp.lkqd.net/ Frame 0AF9 		168 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.lkqd.net/ad?pid=593&sid=1081148&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=834&height=470&dnt=[do_not_track]&gdpr=1&gdprcs=&ip=185.141.207.254&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentid=[content_id]&contenttitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&contentlength=30&contenturl=[content_url]&rnd=d095cfc10751c0555d4b1585577799505&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.20.132.163 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx /
Resource Hash
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:39 GMT
server
nginx
status
200
content-type
application/xml; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
168
tracking.png
trk.connatix.com/ Frame 0AF9 		0
0
ad
ssp.lkqd.net/ Frame 0AF9 		168 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.lkqd.net/ad?pid=593&sid=1081150&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=834&height=470&dnt=[do_not_track]&gdpr=1&gdprcs=&ip=185.141.207.254&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentid=[content_id]&contenttitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&contentlength=30&contenturl=[content_url]&rnd=276ce5e6ef53f838487b1585577799630&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.20.132.163 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx /
Resource Hash
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:39 GMT
server
nginx
status
200
content-type
application/xml; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
168
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193949&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=329e017ee2a2ba505a311585577799752&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:39 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
ad
ssp.lkqd.net/ Frame 0AF9 		168 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.lkqd.net/ad?pid=593&sid=1081149&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=834&height=470&dnt=[do_not_track]&gdpr=1&gdprcs=&ip=185.141.207.254&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentid=[content_id]&contenttitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&contentlength=30&contenturl=[content_url]&rnd=ebaf7eb975b8ffdd21ce1585577799829&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.20.132.163 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx /
Resource Hash
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:39 GMT
server
nginx
status
200
content-type
application/xml; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
168
ad
ssp.lkqd.net/ Frame 0AF9 		168 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.lkqd.net/ad?pid=593&sid=1081147&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=834&height=470&dnt=[do_not_track]&gdpr=1&gdprcs=&ip=185.141.207.254&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentid=[content_id]&contenttitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&contentlength=30&contenturl=[content_url]&rnd=dc98d293fb739a82d17d1585577799961&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.20.132.163 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx /
Resource Hash
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:40 GMT
server
nginx
status
200
content-type
application/xml; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
168
ad
ssp.lkqd.net/ Frame 0AF9 		168 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.lkqd.net/ad?pid=593&sid=1081151&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=834&height=470&dnt=[do_not_track]&gdpr=1&gdprcs=&ip=185.141.207.254&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&pageurl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&contentid=[content_id]&contenttitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&contentlength=30&contenturl=[content_url]&rnd=4e834b0f62d3334c7d941585577800089&schain=1.0,1!connatix.com,102734,1,,,,
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.20.132.163 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx /
Resource Hash
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Mar 2020 14:16:40 GMT
server
nginx
status
200
content-type
application/xml; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
168
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193964&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=44c47e83a4a26a5c2ba91585577800216&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:40 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=7e199bf3158b8351c1451585577800316&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:40 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193965&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=69c548ac5560ea2292541585577800388&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:40 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193960&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=fca01f61998992e3037d1585577800474&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:40 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193947&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=e2550224455c2d5d61dc1585577800566&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:40 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
g
rtb.connatix.com/ 		113 B
306 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=414C33DE-F293-46CF-ABF8-135274D262E2&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&c_ivt=0&connatix_sess=ACO91dxdEuyJfRcKXtX3Skixg6db-71BWJ7NQFQjnHcn8OV2PTVVZuOfTPQgBW5VRAoh_0XQpALN9yvFSRt7ZkN_jBcMaNm5g9gjT5q_q6wb41tl_7k0WWiopPzPntsF3rI6StyED0VFBQ1wLOPh7CZCMW0D7o5pXzuSFKck58O9VR-gnHq4S-usPbz6q9pu&notServed=false&xplr=true&c_s=false&c_pl=eTqau3qD29oYq8I9Ehs-BiYR5kMQCLOKmx2ZZUxyPx6iMYW63-nT1dj61AKMRTO6ccF9KkvctxvHtmicYuoltkqfq3A3oXtljHTySM0E_AWyELhfOB6NSi9VyW5MaogV0AqOT6YpqEcCwLRwVTyraukW-EQXOs7VbrtvckHwaTCe5u63ezCzXAPN7dAmpAqS6eRC0pCx_HTSvasMZFi0IS8BviDwp_yK-_MJHjYomQY&gdpr=1&is_ccpa_b=false&med_id=639404&req_no=2&v=1&c_pt=1&c_f=[{id:14417,r:1,i:0,f:4},{id:14424,r:2,i:0,f:5.38},{id:14442,r:4,i:0,f:6.76},{id:14449,r:1,i:0,f:4.04},{id:14451,r:1,i:0,f:4.22},{id:14547,r:4,i:0,f:4.2},{id:14554,r:1,i:0,f:3.65},{id:15979,r:1,i:0,f:4.01},{id:16156,r:1,i:0}]&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-&c_v=1913_1_0_0_0&spp=1&callback=cnxJSONP_44ca8b7826c1575be8111585577800595
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.202.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-202-13.compute-1.amazonaws.com
Software
nginx/1.15.9 (Ubuntu) /
Resource Hash
c8d16219ccba116868fa2823d0c865deaee346880575c45a0ed15db760f894f2

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 30 Mar 2020 14:16:40 GMT
Content-Encoding
gzip
Server
nginx/1.15.9 (Ubuntu)
Connection
keep-alive
Content-Length
118
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193949&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=7ec7933afeab58e8c3ff1585577800856&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:40 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193964&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=81bcccd9bc2e26e005791585577800961&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:41 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193942&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=ad9da706de392a3a8d5f1585577801053&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:41 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193965&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=459656ca744c0114f5331585577801273&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:41 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193960&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=bb240d0b8387ba4a24bf1585577801350&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:41 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193947&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=10d08f5a4c7d77cde71e1585577801430&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:41 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193949&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=a01b089361ac62d197dd1585577801529&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:41 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193964&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=ca9c0d90f2382c53c4661585577801651&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:41 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193947&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=fc4da5ba81d7144420cf1585577801738&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:41 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193947&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=6f5e0574c928734781271585577801834&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:41 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193947&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=6efbc358eec9bad669cb1585577801968&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:42 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
av
connatix-d.openx.net/v/1.0/ Frame 0AF9 		48 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://connatix-d.openx.net/v/1.0/av?auid=540193947&schain=1.0,1!connatix.com,102734,1,,,,&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-19-apps%2F&cb=7654c60af9d929153abe1585577802052&vwd=834&vht=470&gdpr=1&gdpr_consent=
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Origin
https://www.bleepingcomputer.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Mar 2020 14:16:42 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
text/xml
alt-svc
clear
content-length
56
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
vid-io.springserve.com
URL
https://vid-io.springserve.com/vd/i?suuid=ef159376&ps_id=514171&batch=1
Domain
trk.connatix.com
URL
https://trk.connatix.com/tracking.png?c_rpobidMeta=[{id:15447,c_wt:3065,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22}]&cb=c29f99f2713eed6767841585577799588&c_pl=eTqau3qD29oYq8I9Ehs-BiYR5kMQCLOKmx2ZZUxyPx6iMYW63-nT1dj61AKMRTO6ccF9KkvctxvHtmicYuoltkqfq3A3oXtljHTySM0E_AWyELhfOB6NSi9VyW5MaogV0AqOT6YpqEcCwLRwVTyraukW-EQXOs7VbrtvckHwaTCe5u63ezCzXAPN7dAmpAqS6eRC0pCx_HTSvasMZFi0IS8BviDwp_yK-_MJHjYomQY&c_v=1913_1_0_0_0&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-hijack-routers-dns-to-spread-malicious-covid-&xplt=false&spp=1

Verdicts & Comments Add Verdict or Comment

154 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| freestar object| apd_options function| gtag object| dataLayer object| adsbygoogle object| google_tag_manager object| elem object| scpt function| __cmp object| google_js_reporting_queue number| google_srt object| google_ad_modifications object| google_logging_queue object| ggeac boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots boolean| google_apltlad boolean| _gfp_p_ function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map object| google_t12n_vars function| Blazy object| fixto function| validate_comment_box_not_empty function| cz_strip_tags function| cz_br2nl function| editForm string| loginhash boolean| main_nav_hide_flag number| scrollTop string| main_nav_hide_timer function| call_main_nav_hide number| cz_header_pos number| prevScrollTop object| jQuery111109026359733837559 string| GoogleAnalyticsObject function| ga function| loadDeferredStyles function| raf boolean| fifabAlready function| fi_fab object| cnxUmm object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval object| __core-js_shared__ object| core function| __uspapi function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| addthis_share object| addthis_config function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_jobrunner object| google_persistent_state_async object| google_iframe_oncopy undefined| _ object| fsdata function| load_script object| googletag object| fsprebid object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id string| cnxPageGuid number| spp object| cnxJSONP_5f1992afb010cf17c60a1585577789995 object| oattr object| closure_memoize_cache_ boolean| __@@##MUH function| __cmpui object| _atw object| apstag function| _slicedToArray function| _nonIterableRest function| _iterableToArrayLimit function| _arrayWithHoles function| _typeof function| ownKeys function| _objectSpread function| _defineProperty object| _0x1ae3 function| _0x2d13 object| BT object| BT_PAGEVIEW_MAP object| blockthrough object| BT_RETRY object| BT_REDIRECT_RULES function| fsprebidChunk object| _pbjsGlobals boolean| apstagLOADED string| btID object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb function| btjsonpcallback1585577790888 string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks object| cnxJSONP_4b25415b6ebeb5399afb1585577790591 object| cnxJSONP_6b1226c15d14f62127061585577790625 object| GoogleGcLKhOms object| google_image_requests object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP object| MoatSuperV26 object| cnxJSONP_44ca8b7826c1575be8111585577800595 function| cnxAddEventListener

0 Cookies

9 Console Messages

Source Level URL
Text
console-api warning URL: https://quantcast.mgr.consensu.org/cmp.js(Line 1)
Message:
Dependency check failed for Publisher Purpose Legitimate Interest IDs: Publisher Purpose Legitimate Interest IDs must be an array containing only purpose IDs contained in the Publisher Purpose IDs array, the following purpose IDs will be ignored: 1, 4, 5
console-api warning URL: https://static.quantcast.mgr.consensu.org/v32/cmpui-popup.js(Line 1)
Message:
Unable to get NonIab Vendor list.
console-api log URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 1)
Message:
Video gallery initializing
console-api error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032302.js?21065769(Line 6)
Message:
Exception in queued GPT command TypeError: Cannot read property 'getItem' of null
console-api info URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js(Line 407)
Message:
Powered by AMP ⚡ HTML – Version 2003101714470 https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
console-api info URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js(Line 407)
Message:
Powered by AMP ⚡ HTML – Version 2003101714470 https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
console-api info URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js(Line 407)
Message:
Powered by AMP ⚡ HTML – Version 2003101714470 https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
console-api info URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js(Line 407)
Message:
Powered by AMP ⚡ HTML – Version 2003101714470 https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
console-api warning URL: https://cdns.connatix.com/p/1913/min/connatix.renderer.infeed.min_dc.js(Line 2)
Message:
AdStopped

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.stickyadstv.com
adservice.google.com
adservice.google.de
api.quantcast.mgr.consensu.org
as-sec.casalemedia.com
audit.quantcast.mgr.consensu.org
bc-rtb-dub.springserve.com
c.amazon-adsystem.com
c.pub.network
cdn-ssl.vidible.tv
cdn.ampproject.org
cdn.connatix.com
cdn.districtm.io
cdns.connatix.com
ck.connatix.com
cluster-na.cdnjquery.com
connatix-d.openx.net
core.connatix.com
cse.google.com
d.pub.network
dmx.districtm.io
eb2.3lift.com
ecdn.analysis.fi
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
googleads.g.doubleclick.net
graph.facebook.com
i.connatix.com
ib.adnxs.com
pagead2.googlesyndication.com
quantcast.mgr.consensu.org
rtb.connatix.com
s7.addthis.com
s9.addthis.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
slckg-4znyf.ads.tremorhub.com
slckg-kqe2e.ads.tremorhub.com
slckg-qrmhc.ads.tremorhub.com
ssp.lkqd.net
static.quantcast.mgr.consensu.org
tlx.3lift.com
tpc.googlesyndication.com
trk.connatix.com
v1.addthisedge.com
vendorlist.consensu.org
vid-io.springserve.com
vid.springserve.com
vpaid.springserve.com
web.hb.ad.cpe.dotomi.com
www.bleepingcomputer.com
www.bleepstatic.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.reddit.com
z.moatads.com
trk.connatix.com
vid-io.springserve.com
104.109.78.125
104.16.68.69
104.20.59.209
104.26.13.6
104.74.100.205
108.128.234.189
13.224.194.97
13.225.73.111
13.226.155.104
143.204.90.242
143.204.97.120
146.20.132.163
151.101.114.217
151.101.13.108
151.101.14.217
172.217.16.194
172.217.18.166
178.79.175.86
185.33.220.145
185.33.223.80
199.232.53.140
23.210.248.44
2600:1f18:612b:4216:e78e:8f3d:d54e:ee23
2600:9000:20eb:5000:9:46dc:4700:93a1
2600:9000:2156:d000:1:af78:4c0:93a1
2600:9000:21f3:6200:9:46dc:4700:93a1
2606:4700:20::681a:18b
2a00:1288:f03d:1fa::2000
2a00:1450:4001:800::2008
2a00:1450:4001:808::200a
2a00:1450:4001:814::2003
2a00:1450:4001:815::200e
2a00:1450:4001:816::2002
2a00:1450:4001:81b::2001
2a00:1450:4001:81d::200e
2a00:1450:4001:820::2002
2a00:1450:4001:820::2004
2a00:1450:4001:821::2001
2a02:fa8:8806:12::1430
2a03:2880:f01c:800e:face:b00c:0:2
34.200.100.213
34.95.120.147
35.188.71.214
35.226.36.58
50.16.134.22
52.18.86.70
52.206.202.13
52.57.98.188
52.6.68.76
54.93.211.175
69.16.175.42
69.173.144.140
95.101.185.197
95.101.185.246
95.101.185.51
015bfce79477b14313fe8b5cfb94c2786af83ec5be508e134973d6203eb439a8
020e567f654a6c0dc4b827887b79dd5628f585dc27c5abdf17dbbde6ab920b82
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
050b0d6851be7d9cae6411aa2f11a7a50001651adc82756e60612934ad5896ee
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05384e529aae09f18098070cbcd81607bfa405388603eb76b723382f9fa137be
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0724d2fb5c49945c23ca2a5cbb67a7638edf60816237ff401b18ea2cf665b1f8
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080
09e8119dc6b96d14d9da88998a9036616ae527db8d667c941889e8f1b8f29d11
0a8007b6364db135a76db2b0194b31b3ec0bf537f61cc2adde8eb75e7785a8ee
0c07e673ceea9740617380e286fbe77a9c10204660d33fac73ec0fdb348fcb7e
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f
0f917dab66e17ee5dd3205b61fcd57a823a61545095992f6365d74b7cd546646
10e73f57ed1405cdfe501a57b808fe434d5c073966be89bd7cc917e485c8bda6
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019
19e1dbba639ba68ceb71cdada9621e11d0aec6edba410971f1937d6cc4935b32
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1cd4f26a5a4950b69db8671ef9010e3dcf9c85367cfc6877a5bb57900d809dce
1f32de77da27cde4c43807033e98fcf44e498fcf6a91a6ed7fae231d6ed03cf8
1f71cda9ecc5006fb453c9761058c0828d30d4a7f891283718da1b545ab2afb1
21b4067726509ed110ada17d602f5d55e4b532f54dc429e31db47a19216d5a49
21fe29283166098d1f145d5da7a638f78d4aa0e528145163a7caa1fc0327e12e
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b
23aca4890fe8b2728dcab78ee9f3b9614cd6cdb0dab2b785d2f8d2d666247cac
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
26fd020a6c1f169eab6b6232014e6e6d067788f63a8995b682ee77d6f41b56cd
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
2dda7ea92135dcf21660d4d79391d303fc38f6a6524ae74bbe2986f1d2e990d5
2e1c86ee79328b2434b4fccdbbd26a736bd2b6f413948c1a2042d4d7a89c361f
2e576f25f810ffe36e011b2bcaac420631d9e51515cc6c610adf360af39aa72f
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd
326436aa8a01d063bd93a19a156330d175e2805688e03959bece5246db080ac5
32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9
3388c28abbd2db6c313ab948807dc9397fc3b912107ebe5b38fc25300b513ab6
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590
349b867d779c9998c2ca5c3696b92977aceaad7b62b052c9084132dc6cb2adad
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3985138ec9f20274add57d7e909f751ea4d77e705036a95fb34a328249c735a6
3aad21d56d4e1abafbeadcdda378410a95a1912f837eb6347af1c5055d7d65c7
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382
3d0c18b56d3b9bd3640250af1ce1e624bda890531f830d64c99d45e6c07bb349
3ec121f4a397ce4d83457da94acc1da7de859966389ab40b7a50ab90a5ff26e4
42a5552c5fd649396c064817d1175c0a38a4313e16108897075945e3d5c0986b
42fd2847597b5333dff068d464f740d28c206e2c0f1f526648716926fe2524bc
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
4f1219756a238c58135f78405285f62c8877df05dee6e824b0328840f5b46e0e
52da36b29a40283dfe11971f29db8ba362b9dc4cebffe269e590e0b47f861a66
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
550e6f0a9e642765e3364893858e8d9bbc309d57f9aa9bbae50753df3dc327b0
5616a6e1823b43919f7d1a33817cccfa1d9f30c9f10f2deb00d9c3671f91d5f0
58f598cb4a5fc9cc01e87e4efb8a626e494a7a20024fbfcadfd1811055951dbb
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6
5b7a0d6d2eaa982cd98843edbc1a7619e39f0dabc5813e7cd5e9f8565ec07b2b
5c1e3db17bdb4e8c71da2456ab46ff43453cdc1fb3e74bc1b5b6d92effd8b2d2
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5f4737e1457b1e73cb1a25c98de6efc2413d83b3a065bc8167e29d5d03854808
6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84
62bfd13c73f0c8ad8b9b829c69f12fca1f974fb698b19fdeda3914fb98cf2215
6770479ab4ceac8510e65132c5ef5d8dea924680ab26843fdb1c56f276d61a9e
67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6be15a074674ed8c3ddb73fc5d6055de2916fb13e4d4e8872f1eecb4207569e5
6c3a4f8211d703d19a0eb79db9b2164e6ed88180e6a7ca7883d216c920ff3219
6d23d10111755a12c87198df1c71cce449de31eca9643030c6327a2157f9bd86
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144
6ebee3fab4fdb2f178afd3d4a64d03c44b658f81ead11e46b46a5ad5b7b16663
721f205f2cafac9f9eaf483d8bd50ace4d4273b6b81cf86e9b2fb12c7136296e
730bfff26abc95bea2467f53e7d88821e991530afe15737608f5972b45f97abd
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
74db3eb5dd675696fef5b98ed8f6b659e9b15053923763a5f21abf4eec93cbd9
77adba13693124bbc41a8150f3cbeb39e22f4b5a188f902f4d46f5e95affff70
79b4b47812a2dac7880fa4ac3a512b6937e69ad8a1e5570b2b7808cf65483ac0
7b0ba976f51ee59161622fc7d364c35985343adca90a2f5045e1dbb227f6bd3a
7b8ef4f3c2daa40e68de70096105302da24a586c1d75b620dff0ff579db73ba8
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e
7f7123623c7614aff32fcb37a868c9376e627cf52b4584a56f0c97aec6fcba04
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b
86bc9501333973846d63415526c3e11e0943a0059555f360cd888a63666511bf
8733904c6abb0cd414d306da95801fb2322bd251d83bd8ec12251355c12c88eb
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e
889b25449ed7c4421f24dcdbaab62a12996ef5eef30bb30606f72e5265fc8cf5
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8a43626e86ef274257cbb15c087c19b31c2fc6b9b73103bcc3c6d11dd946b1ad
8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3
8a7e078994ee66f022754596648f05da1a2484ef6cbd747d29fe131b02e60ecc
8a82f914caafae00db84e2e5f76d821baa63be424490a70c5450d157ac638b76
8bfaf94a87a84be42ec12ce72f6c922fd22dead0b84766ce0c848a066f90497d
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9368b2884d3e5c004d03dd10e82720e78731f252ef4d272f640e131333678836
942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339
95027c1a7b44ca831ba59bcbd6d16b5f81d0b8311fd2b1812c9f1b3731855b9b
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9d60ac0d334c77a039cad6f125f940635ff0043a610271fc0729d61cc9546401
a07183e063a79a699b732e200a3accdf4716cbc6e8bf8a6a709b9adba07d998d
a1af15b17fd7099b2d3a81a8b3aeffd94b26d2c1a58489c3903e11ec5a4896d3
a245b3b5537c51fab7a00563079f691116661b5daf97203131fe0ec426fb830f
a323f4957960c6c1cf494dc3b52e1e38a97a152bedf3b9a78df4d6b60c9d00b6
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
a73eec63509189c5aa87b69d8e75e592753ce35d78a67415640885ea11063564
ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
ac2a58f9d55c4642121cfb6f7e213cbc882bbdd75ef171ca8a07ed982ef693ce
ad4d57b8c2ac583a0b890f4bd88990ecbe76a7e1463f2508dd7cde85fa55aad9
adf03f474cca50ccb4eee7ce02dd112f3fd42eba43f3c97fae251bbdecfc8451
af8d360b83f9586815aedaaf4caec2268f593eea1a384ca720cc2c0e45f059f9
affd87461f2babd57a2f7aec75e9193e8e71a377e8249a02c95a5f43326e289e
b33e8c49a8b84931d5ed279f6234d0e4a10862f06e2b3a6d2687499727e3a6ea
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad
b5770296964d94c22c5e1910d596ad954432f78031b3a2911e9e4fea39a9e839
b69e3e4132807f6f9bac27a11b29f1f7e5c81511a91916325f5805030a7d4a64
b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad
b765a8fc0b34c6f9698d83c9cbc215b7d39f9a140856e86a41c69f29027dd329
b7a4851d8b9e70f31ff07675ee056944a71ad0d6d666ba2287f69aa1981e74a6
b7e428411f3243f6bb0b335dfe9a48e5d7d3d68102437059ad8b4409f2111dd1
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc73cc3b5fbc98895f0b459237df3d9aa111098c787650e72cda7eadf27388df
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e
c2b0d171a4179bf00898c430c1c15464e528aff5762fc70a5d02184834c82eff
c2b3b8e710bb657c06e9d5c969939dae7a40371f5d3210c6390e5161bfea44b6
c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae
c32dbaf332a2e0cda2c17d732038211f2878fc4906e378e89b5ac7c00bd55aa2
c3dc801f28e8d12c45aeebe900178050e25dc0ec56fe996821119a923df6ead8
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
c554411857ba507e981c050a7d2cb7f6eca2c87d2b353ab276c91a4ead59ca66
c6c1f15a97cb23a8fa6832a70a837283b0b7ad060a6f881ef10caa07b70d50cd
c6eb01c6597be5f791aef96132bce0fca34ea84482975537f578596e5739c2d9
c7222363f4634623f0a4a098affe087281a6cae9e181d024472ff919b1d6f97f
c7d59d646f069c41078b0ab8a42c0b5257c2e430cb18a7778a4c39e2b929f1f7
c80da3fb05b51d1a5f4d55b32ba63153b2566bd02ec7c6ae177bb23d9bc992bf
c8d16219ccba116868fa2823d0c865deaee346880575c45a0ed15db760f894f2
c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d
d0ddc19410586aa0e09dd9907ecc6bc4461c767c8ec3c907c4556fa97812ca8b
d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a
d44b93a0af159f0d547d7ec89e9227a5667ce1171bc630e6fbf79dae0e596e2d
d79d851441af70ad9f139807a9cd6abd7524102f211eb8d6c23a544d59b474a1
d7b605011a999f5b4dea5ae27d4db211fdb9832daaf6bf50bf942f8d126b5b5d
d921ca01b9e674d0b10e9bf64792193ec1932947ce5b9e2e6335d257b6278368
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
de653a4c0ef4db4ea4b8febf435c02768c3c525bbe1edf20d4db4c068904693a
de71c3f98eb8aca0bc9c76d260d159ab52fc28ea9c656c35dabc49a5ee3a6e96
e17e03dc3ff1767a8d185975a2bf392068a0b2f2848503c38ceaa3f10fb0ea84
e32ca9943f71543ca9942938fabe2ffecab7eb6c6756151a47b806043b0f679b
e39e0308a3649d57f219ec13559b8dccb667a69b1cc96c40441b55c32384f1f0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85
e798bdbe2acd4a7754674aab1a0f968a1106485346668a705751db16c0fc3e17
eada136c924874367d33d22fb496800b3f6f4e97f457829d2c18b5d41f1019a5
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34
ee9b2fe75e3a5637b840957e2f9aefedb394224a1846a731ad7ead76abf91d58
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3d32ea9a9fa05f8170d164890b55e15ce39157bb9ae7e96b047c1996d22a8b
f42ef526e7c9bab0ed4781c027b4c9371163e27eb5e18cfe2e10239cf8db2591
f50472a96f7832659da90c79e56af2bd967632f5e1c641294da1af12e7ae3379
f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3
fa367d459d8a6e0e561310bffc233bcd6193fe984ecd62c34d87e6d2bbdf358b
fdc625fa4f207390f0a4a7626300f3fceb1847582c1bef3ab0de3e22fab03573