threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/kjUJpKQBa7
Effective URL:
https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Submission: On April 14 via api (April 14th 2021, 1:10:08 pm UTC) from US

Summary HTTP 147 Redirects Behaviour Indicators

Summary

This website contacted 37 IPs in 4 countries across 29 domains to perform 147 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 10th 2020. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
18	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
3	99.84.156.100 99.84.156.100	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700:303... 2606:4700:3036::6815:3f46	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
8	2600:9000:214... 2600:9000:214f:b600:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2600:9000:20e... 2600:9000:20e8:5200:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
7	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
3	99.84.153.196 99.84.153.196	16509 (AMAZON-02) (AMAZON-02)
1 17	151.101.14.137 151.101.14.137	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1	2600:9000:20e... 2600:9000:20e8:e000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.113.140 151.101.113.140	54113 (FASTLY) (FASTLY)
9	3.140.99.218 3.140.99.218	16509 (AMAZON-02) (AMAZON-02)
10	52.31.191.243 52.31.191.243	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
2	2a00:1450:401... 2a00:1450:4017:80c::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2016	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400f:13::a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:3c::a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::8a	15169 (GOOGLE) (GOOGLE)
147	37

2 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.84.156.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-156-100.txl52.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3036::6815:3f46 (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:214f:b600:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:20e8:5200:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f162.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.84.153.196 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-153-196.txl52.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 151.101.14.137 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lit.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20e8:e000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (United States)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 3.140.99.218 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-140-99-218.us-east-2.compute.amazonaws.com

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.31.191.243 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-191-243.eu-west-1.compute.amazonaws.com

s.srvsynd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4017:80c::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400f:13::a (Ireland) 1 redirects

ASN15169 (GOOGLE, US)

r5---sn-5go7yner.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:3c::a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r5---sn-4g5e6nzl.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::8a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

s.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	threatpost.com threatpost.com assets.threatpost.com media.threatpost.com	775 KB
26	connatix.com 1 redirects cd.connatix.com cds.connatix.com capi.connatix.com lit.connatix.com vid.connatix.com img.connatix.com	2 MB
13	doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net pubads.g.doubleclick.net googleads.g.doubleclick.net	142 KB
10	srvsynd.com s.srvsynd.com	42 KB
9	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	43 KB
9	google.com www.google.com adservice.google.com	20 KB
7	gstatic.com www.gstatic.com csi.gstatic.com	1 MB
7	admetricspro.com qd.admetricspro.com	320 KB
3	google-analytics.com www.google-analytics.com	20 KB
3	amazon-adsystem.com c.amazon-adsystem.com	35 KB
3	adlightning.com tagan.adlightning.com	53 KB
2	googlevideo.com 1 redirects r5---sn-5go7yner.googlevideo.com r5---sn-4g5e6nzl.googlevideo.com	1 KB
2	googleapis.com imasdk.googleapis.com	303 KB
2	t.co t.co	915 B
1	youtube.com s.youtube.com
1	ggpht.com yt3.ggpht.com	3 KB
1	ytimg.com i.ytimg.com	9 KB
1	twitter.com analytics.twitter.com	651 B
1	2mdn.net s0.2mdn.net	17 KB
1	reddit.com www.reddit.com	1 KB
1	linkedin.com www.linkedin.com
1	facebook.com graph.facebook.com	599 B
1	google.de www.google.de	505 B
1	quantcount.com rules.quantcount.com quantcount.com Failed	356 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	quantserve.com secure.quantserve.com	9 KB
1	googletagmanager.com www.googletagmanager.com	52 KB
1	kasperskycontenthub.com kasperskycontenthub.com	398 B
1	googletagservices.com www.googletagservices.com	21 KB
147	29

	Domain	Requested by
17	threatpost.com	t.co threatpost.com
10	s.srvsynd.com	tagan.adlightning.com s.srvsynd.com
10	media.threatpost.com	threatpost.com
9	vid.connatix.com	cd.connatix.com
9	capi.connatix.com	cd.connatix.com
8	assets.threatpost.com	threatpost.com assets.threatpost.com
7	pagead2.googlesyndication.com	srcdoc tpc.googlesyndication.com
7	qd.admetricspro.com	threatpost.com qd.admetricspro.com
6	www.google.com	threatpost.com tagan.adlightning.com www.gstatic.com www.google.com
5	googleads.g.doubleclick.net
5	pubads.g.doubleclick.net	imasdk.googleapis.com
5	www.gstatic.com	www.google.com
3	adservice.google.com	imasdk.googleapis.com
3	img.connatix.com	threatpost.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com threatpost.com
3	cds.connatix.com	threatpost.com tagan.adlightning.com cd.connatix.com
3	c.amazon-adsystem.com	qd.admetricspro.com c.amazon-adsystem.com
3	tagan.adlightning.com	threatpost.com tagan.adlightning.com
2	tpc.googlesyndication.com	imasdk.googleapis.com tpc.googlesyndication.com
2	csi.gstatic.com	imasdk.googleapis.com
2	imasdk.googleapis.com	cd.connatix.com imasdk.googleapis.com
2	securepubads.g.doubleclick.net	www.googletagservices.com tagan.adlightning.com
2	t.co	threatpost.com
1	s.youtube.com	blank
1	r5---sn-4g5e6nzl.googlevideo.com
1	r5---sn-5go7yner.googlevideo.com	1 redirects
1	yt3.ggpht.com
1	i.ytimg.com
1	analytics.twitter.com	tagan.adlightning.com
1	s0.2mdn.net	imasdk.googleapis.com
1	lit.connatix.com	cd.connatix.com
1	www.reddit.com	threatpost.com
1	www.linkedin.com	threatpost.com
1	graph.facebook.com	threatpost.com
1	www.google.de	threatpost.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	rules.quantcount.com	secure.quantserve.com
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.googletagmanager.com	threatpost.com
1	kasperskycontenthub.com	threatpost.com
1	cd.connatix.com	1 redirects
1	www.googletagservices.com	threatpost.com
0	quantcount.com Failed	secure.quantserve.com
147	44

This site contains no links.

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
threatpost.com DigiCert SHA2 Secure Server CA	`2020-06-10` - `2021-06-15`	a year	crt.sh
*.adlightning.com Amazon	`2020-07-22` - `2021-08-22`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-10` - `2021-08-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
assets.threatpost.com Amazon	`2021-02-04` - `2022-03-05`	a year	crt.sh
media.threatpost.com Amazon	`2021-02-04` - `2022-03-05`	a year	crt.sh
www.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2020-09-29` - `2021-10-19`	a year	crt.sh
kasperskycontenthub.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2021-06-09`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-02-10` - `2021-05-10`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2021-02-17` - `2021-08-16`	6 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-07-06`	6 months	crt.sh
srvsynd.com R3	`2021-04-05` - `2021-07-04`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
edgestatic.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.googleusercontent.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.c.docs.google.com GTS CA 1O1	`2021-04-06` - `2021-06-15`	2 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Frame ID: 045AEECB91441F3662AA9AFD7B1EB561
Requests: 86 HTTP requests in this frame

Frame: https://cds.connatix.com/p/113303/connatix.player.dc.js
Frame ID: 46907C813C4E7DDB65A01466E3F90AB0
Requests: 25 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&theme=light&size=normal&cb=6z2ffsok31b8
Frame ID: F9E4999CADBBC8E98408492B621123D3
Requests: 5 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=iwg2wma2d0p3
Frame ID: EC432C907D51DB7483A566A56727E85A
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.451.0_en.html
Frame ID: 686BC861E98C0B618B9DB69D28A06E12
Requests: 20 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 5B9100B06C5188D2350DBE1DF87119D9
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: CB9E5C4B537A5BE5642451CBF9EBA1D8
Requests: 1 HTTP requests in this frame

Frame: blob://https://threatpost.com/d7b44da2-8a69-41ae-9277-9b3029f7ea9b
Frame ID: 20BB2AD23E2B5286CC65C6ABCE676A63
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Frame ID: 8141817AC8BF304A24FF92DFF515685F
Requests: 3 HTTP requests in this frame

Frame: https://s.youtube.com/api/stats/playback?ns=yt&fexp=44729226%2C44730464&el=adunit&cpn=ZvldhD4uCkCYWWuT&docid=PTCwR0AZC28&ver=2&cmt=0.164&fmt=18&rt=0.000&adformat=2_2_1&euri=https%3A%2F%2Fthreatpost.com%2F&len=48.205&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=89.0.4389.72&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop&mos=1&volume=0&delay=28&rtn=10
Frame ID: BCB2147E16D4D7F64AF6E8D730C686A4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/kjUJpKQBa7 Page URL
https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/13... Page URL

Page Statistics

147
Requests

98 %
HTTPS

69 %
IPv6

29
Domains

44
Subdomains

37
IPs

4
Countries

4829 kB
Transfer

12546 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/kjUJpKQBa7 Page URL
https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://cd.connatix.com/connatix.player.js HTTP 302
https://cds.connatix.com/p/113303/connatix.player.dc.js

Request Chain 130

https://r5---sn-5go7yner.googlevideo.com/videoplayback?expire=1618434574&ei=jul2YJmTBYnTgAeV8qfgDw&ip=31.13.191.162&id=3d30b04740190b6f&itag=22&source=youtube&requiressl=yes&mh=3a&mm=31&mn=sn-5go7yner&ms=au&mv=m&mvi=5&pl=24&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=48.251&lmt=1607209988344806&mt=1618405740&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAOs01dI8WYHsbAaa386G-4fnxm5CF1JbCUH9wx1BdWTZAiEA1IQ9Dyr7-KZJjTx0kX6A3LDVfcffMaeW8Q-M8UmhSDs=&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhALmvsOEdfPflpkRJm0n1lOsX4nOVkQnJ6HhybUTz7rULAiEAyBC5mwtS2qLOGpU0zq8myM9eDNqxWqSA6Yw9-sf4zAQ=&cpn=ZvldhD4uCkCYWWuT HTTP 302
https://r5---sn-4g5e6nzl.googlevideo.com/videoplayback?expire=1618434574&ei=jul2YJmTBYnTgAeV8qfgDw&ip=31.13.191.162&id=3d30b04740190b6f&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=48.251&lmt=1607209988344806&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAOs01dI8WYHsbAaa386G-4fnxm5CF1JbCUH9wx1BdWTZAiEA1IQ9Dyr7-KZJjTx0kX6A3LDVfcffMaeW8Q-M8UmhSDs=&cpn=ZvldhD4uCkCYWWuT&redirect_counter=1&rm=sn-5gold76&req_id=7b52e80378ab36e2&cms_redirect=yes&ipbypass=yes&mh=3a&mip=2a01:4f8:192:5414::2&mm=31&mn=sn-4g5e6nzl&ms=au&mt=1618405740&mv=m&mvi=5&pl=47&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgPwleEpzayPTe-1Y4bplJVC7jRnIz25v109SOIUsrL9kCIQDIxYDGJ8X5qNpO1vvfHWK_Cfn__248KMQLcP5tH8UmCQ%3D%3D

147 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 kjUJpKQBa7
t.co/ 469 B
547 B 290ms
178ms Document
text/html 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/kjUJpKQBa7

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

:method: GET
:authority: t.co
:scheme: https
:path: /kjUJpKQBa7
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 240
content-type: text/html; charset=utf-8
date: Wed, 14 Apr 2021 13:09:28 GMT
expires: Wed, 14 Apr 2021 13:14:27 GMT
server: tsa_o
set-cookie: muc=f9de2a9f-e46c-4d1a-ba4a-b831c1ee8ec4; Max-Age=63072000; Expires=Fri, 14 Apr 2023 13:09:27 GMT; Domain=t.co; Secure; SameSite=None
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: e520069149c110837e8c55c182aece54
x-response-time: 123
x-xss-protection: 0

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/ 78 KB
20 KB 645ms
236ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Requested by

Host: t.co
URL: https://t.co/kjUJpKQBa7

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

ec82f25728a7476081da09d7f86ff7cc2b224ea14a7f0ce66b4400adae77f868

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatpost.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://t.co/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://t.co/

Response headers

Server: nginx
Date: Wed, 14 Apr 2021 13:09:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/131373>; rel="alternate"; type="application/json" <https://threatpost.com/?p=131373>; rel=shortlink
X-Frame-Options: SAMEORIGIN
X-Debug-Auth: off
X-Request-Host: threatpost.com
x-cache-hit: HIT
Content-Encoding: gzip

GET
H/1.1 200
OK main.css
threatpost.com/wp-content/themes/threatpost-2018/assets/css/ 253 KB
39 KB 504ms
236ms Stylesheet
text/css 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 41f3222c29889fb48f5dca1d481858e5339a759655510c256ef4edf56c80f7f5

Request headers

Referer: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:29 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:54:17 GMT
Server: nginx
ETag: W/"60769fa9-3f2b8"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 21 Apr 2021 13:09:29 GMT

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 40 KB
14 KB 215ms
77ms Script
application/javascript 99.84.156.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-100.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31209c189808e0c841cff83b2fcef3b579ba910ed974b2b1ea98a750ecd0f8f2

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: _KBqbTOdvu1a.yGdi20JiSrAyFWTXLue
content-encoding: gzip
etag: "6e33dbdb59b4930592e70d0a155dee1b"
age: 2540
x-cache: Hit from cloudfront
content-length: 14236
x-amz-meta-git_commit: 49c6f47
last-modified: Tue, 13 Apr 2021 23:23:13 GMT
server: AmazonS3
date: Wed, 14 Apr 2021 12:34:20 GMT
content-type: application/javascript
via: 1.1 2d69f677a4a0e3e7eefdf9d24bd43661.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-amz-cf-id: yW1PfIv5FxDAPXnN8AnvpXuynBSq0QR71Kw-Ui2Z8Fb74ijEl3GLMw==

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 25 KB
3 KB 39ms
19ms Script
application/javascript 2606:4700:3036::6815:3f46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:3f46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbc688ea0af0051ff5a2e638a07cc36980f10deef3e1d0bdd069811768c6fe30

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 134
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09721956e60000074615361000000001
last-modified: Fri, 05 Mar 2021 17:45:49 GMT
server: cloudflare
etag: W/"626e-5bccda7913385-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Fpya8qrrTDNVwhkwRJ6B4HRRInLXenejz2wqD3eNaildx43yw%2Bn3z%2BGX2ZVuwVKQNk0y51dMHZabOKVsclv%2FAlYLeW1l2oCDTAw0L0J3zVUYbYOAr8mr3In5FobAc1Lh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 63fd2b37db8d0746-FRA
expires: Wed, 14 Apr 2021 13:10:14 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 62 KB
21 KB 40ms
16ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11ff711cf78ebfa3c9e8bd545ebe64513c66927edc75a6b0828e4e886c2fa0a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "842 / 945 of 1000 / last-modified: 1618398539"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20925
x-xss-protection: 0
expires: Wed, 14 Apr 2021 13:09:28 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 305 KB
82 KB 53ms
33ms Script
application/javascript 2606:4700:3036::6815:3f46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:3f46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73339d824e344121a3039b2e0e9c9353fb8132e005bb6d53249814c213520d5d

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 522
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09721956e60000074638a21000000001
last-modified: Tue, 06 Oct 2020 19:53:29 GMT
server: cloudflare
etag: W/"4c426-5b105f3f297c7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=v7Tg1TH4g48nzg5gTHG3kmKTnKhSNXMhezKWWNCGPK6%2B%2BIC9yxc4SKJWHgu0UI7a7MxMo1MMqyqT8iM1iqLHbuVFHHPx%2BiZfrt5To2AXwyl3AmQ7aNl2qmXLxUHgdYJq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 63fd2b37db8f0746-FRA
expires: Wed, 14 Apr 2021 13:10:14 GMT

GET
H2 200 uspcmp.js Show response
qd.admetricspro.com/js/threatpost/ 148 KB
55 KB 50ms
31ms Script
application/javascript 2606:4700:3036::6815:3f46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:3f46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 522
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09721956e6000007463d012000000001
last-modified: Sat, 08 Aug 2020 22:40:07 GMT
server: cloudflare
etag: W/"24e50-5ac65673cef1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AWMNLkg4ehlO9qu8%2BYpAt4gvmLhMh0EuR0ONFJTN3QYymlHHB7JLHCuaY1IXaTeR2iQY2hYxugaXik7RUIHWLrF3FahXRU5Uqm5CLFDIf69h%2B7JPPYczgrLfS6cNP15z"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 63fd2b37db910746-FRA
expires: Wed, 14 Apr 2021 13:10:13 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 275 B
867 B 37ms
18ms Script
application/javascript 2606:4700:3036::6815:3f46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:3f46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 496
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09721956e60000074618135000000001
last-modified: Sat, 08 Feb 2020 20:49:18 GMT
server: cloudflare
etag: W/"113-59e16a3cfb471-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JA5zrgoO%2FLk1qK25VdW06WtoBOJBqNJnRLYMakkz5HoG5u3ZB8qldWTDyhVwGH%2F8xF1QoVwNzbW59B68LqHgE4mdMWTXIfE1s%2BdlZwGGlSo0KYbQ%2BY7czSo0rfyg7WSx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 63fd2b37db920746-FRA
expires: Wed, 14 Apr 2021 13:10:13 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 505 KB
140 KB 61ms
42ms Script
application/javascript 2606:4700:3036::6815:3f46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:3f46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab09814addb95f1753755def0c6f218e5b6e35ad6304225e08454c413cfc258a

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 481
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09721956e6000007461a178000000001
last-modified: Sun, 31 Jan 2021 19:19:37 GMT
server: cloudflare
etag: W/"7e597-5ba371e468061-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BHUahoX2NQ2zCw1eGqhI7ukmcDdd8M6doPYEzqV6fHUuLCzV6fezzBRMUFlixRCVgAvGi3qUNkpGstaJ7KfiqM38I8b7TqCKJ0K%2Buy%2FWsP%2F5%2FRCsUYz%2BJE%2B7FH7%2BpXpV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 63fd2b37db930746-FRA
expires: Wed, 14 Apr 2021 13:10:13 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 33 KB
9 KB 39ms
20ms Script
application/javascript 2606:4700:3036::6815:3f46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:3f46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: babae61c6d25e5b1d8b4eff05aae6f78816bcb24d5c7274ac2364882855edb10

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 495
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09721956e70000074638048000000001
last-modified: Wed, 10 Mar 2021 23:01:13 GMT
server: cloudflare
etag: W/"82c3-5bd36a4c74ba2-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=I%2FrA2EsuT%2BS9LpXDMdV%2FliFQdzpqRkf%2BXTPvK6FysX1RNRhjOTPUd4a0Ss%2FTmy0fOXsVnBVLs4Q%2BHq6J%2FmwuitT%2BaKvhjRJi%2Fjc4eOSDVTBGd7IMxSmQ3pLB4oO0XcFK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 63fd2b37db940746-FRA
expires: Wed, 14 Apr 2021 13:10:14 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 94 KB
19 KB 395ms
372ms Stylesheet
text/css 2600:9000:214f:b600:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e73ce88a

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:b600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

72eaaf36ecf9e2e0757d5154ce285d44296ee79b32ea122953df2a1133c6f2fb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:29 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-length: 19117
x-cache-hit: HIT
last-modified: Mon, 12 Apr 2021 15:16:14 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: 5G1J_NYUQbjYQGjghCg1DoFrYzSvXPKWVVyy_RaYczZ4Uzbl2Bi9kw==
expires: Wed, 14 Apr 2021 21:06:58 GMT

GET
H/1.1 200
OK jquery-1.12.4-wp.js Show response
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 95 KB
37 KB 402ms
135ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

Referer: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:29 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:54:14 GMT
Server: nginx
ETag: W/"60769fa6-17a56"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 21 Apr 2021 13:09:29 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 177 KB
55 KB 390ms
367ms Script
application/x-javascript 2600:9000:214f:b600:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/themes/threatpost-2018/assets/js/main.js,wp-content/themes/threatpost-2018/assets/js/loadmore.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=e73ce88a

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:b600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b0209d39595432d762f6ba2a81dc0bffa6a6e1ed9021ba24ffa06c3c7e4bcb02

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:29 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-length: 56256
x-cache-hit: HIT
last-modified: Mon, 12 Apr 2021 15:16:15 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: TEgHW_xIqbrmP0wFw3NhvfveV5fsL_p8_f0nwTNffq2gVaTc9rVuXw==
expires: Wed, 14 Apr 2021 21:07:01 GMT

GET
H2 200 shutterstock_163066760.jpg
media.threatpost.com/wp-content/uploads/sites/103/2014/06/07021426/ 231 KB
232 KB 63ms
29ms Image
image/jpeg 2600:9000:20e8:5200:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2014/06/07021426/shutterstock_163066760.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:5200:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ec2fc16e01b6a4bddae03194e09881cb6a1571139b788163aa64b8b6ec5efba5

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:08:58 GMT
via: 1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront), 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
last-modified: Mon, 02 Jul 2018 23:22:18 GMT
server: AmazonS3
age: 32
etag: "dc138f78525c3b84a9b0056c094e725a"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, TXL52-C1
accept-ranges: bytes
content-length: 236699
x-amz-cf-id: D2rjJ1OUTEoisg2s_Ta4FrCuYjsPsEIO5SIVpyT2eS2l2wus14fkzw==
expires: Tue, 02 Jul 2019 23:22:17 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 280ms
279ms Script
application/x-javascript 2600:9000:214f:b600:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/jquery.json.min.js&ver=e73ce88a

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:b600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:29 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-length: 926
x-cache-hit: HIT
last-modified: Mon, 12 Apr 2021 15:16:12 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: hGhxlyq9U4LrMYoPNw6KimuXGv7ltyrx3gziAZYDgo6V1gOWQGMQLA==
expires: Wed, 14 Apr 2021 21:06:58 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 34 KB
12 KB 406ms
138ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.4.17.15
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838

Request headers

Referer: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:29 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:54:15 GMT
Server: nginx
ETag: W/"60769fa7-88c2"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 21 Apr 2021 13:09:29 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 7 KB
3 KB 276ms
276ms Script
application/x-javascript 2600:9000:214f:b600:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/conditional_logic.min.js&ver=e73ce88a

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:b600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:29 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-length: 2685
x-cache-hit: HIT
last-modified: Mon, 12 Apr 2021 15:16:12 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: WLZAVSEt1luEFoJSc5h-FXjVeTi8unk2Gzrj_G-F_WcGxuAqn1sOwQ==
expires: Wed, 14 Apr 2021 21:06:58 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 5 KB
2 KB 285ms
283ms Script
application/x-javascript 2600:9000:214f:b600:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/placeholders.jquery.min.js&ver=e73ce88a

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:b600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:30 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-length: 1747
x-cache-hit: HIT
last-modified: Mon, 12 Apr 2021 15:16:12 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: 915TT3QUkpIQRddgCc8J-9hPFphon_AIPL7BEmiktlUBYWeMghEiAg==
expires: Wed, 14 Apr 2021 21:06:58 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
972 B 39ms
18ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=5.7

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fe81e776d459f15b4daef2ea548d3150a761c08d33c3013df60d929775548092

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Wed, 14 Apr 2021 13:09:29 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 1 KB
1 KB 285ms
283ms Script
application/x-javascript 2600:9000:214f:b600:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/js/wp-embed.min.js&ver=e73ce88a

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:b600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:30 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-length: 765
x-cache-hit: HIT
last-modified: Tue, 09 Mar 2021 20:32:23 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: 5N2dewZ5IZ6ty5PYGr0OBG2X0zfNfNxvmHeom5Fb9VLigRWdxeTUeA==
expires: Wed, 14 Apr 2021 21:07:01 GMT

GET
H2 200 b-49c6f47-67be9a36.js Show response
tagan.adlightning.com/math-aids-threatpost/ 69 KB
23 KB 80ms
79ms Script
application/javascript 99.84.156.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-49c6f47-67be9a36.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-100.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 178f058426830d14a05750625b5f6750efc3cb905e25899209cde01fcd4877af

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 18:34:38 GMT
content-encoding: gzip
age: 758092
x-cache: Hit from cloudfront
content-length: 23203
x-amz-meta-git_commit: 49c6f47
last-modified: Mon, 05 Apr 2021 18:33:10 GMT
server: AmazonS3
etag: "a932a716635a0bdbfeda3195fd6261d6"
x-amz-version-id: NW9xaMZs.szhdoIzks3cD5Qpn1RWVACw
via: 1.1 2d69f677a4a0e3e7eefdf9d24bd43661.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 4InKqCGsmY1C4jJs6wig5_CHsMt_R29XU6KLUqa5ynhJBxHE8H8Zmg==

GET
H2 200 bl-d02cc15-94c23495.js Show response
tagan.adlightning.com/math-aids-threatpost/ 51 KB
16 KB 107ms
105ms Script
application/javascript 99.84.156.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-d02cc15-94c23495.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-100.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e51abf8c34e6839bad4c445ce7e35e0cb44508998ad67c194ef08ce081f19d39

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 23:24:04 GMT
content-encoding: gzip
age: 49526
x-cache: Hit from cloudfront
content-length: 15643
x-amz-meta-git_commit: d02cc15
last-modified: Tue, 13 Apr 2021 23:22:18 GMT
server: AmazonS3
etag: "fcbcc895b33c18dff5cf63228426af57"
x-amz-version-id: d4K9zEpySs.TPiTMlNh.mJV.VvzrEdtm
via: 1.1 2d69f677a4a0e3e7eefdf9d24bd43661.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: OgGUwpZcLcFZiKAoBpwfuAQxO_0N_fC3M_KRcVbPuJTUpQheV2drIw==

GET
H2 200 pubads_impl_2021040804.js Show response
securepubads.g.doubleclick.net/gpt/ 296 KB
104 KB 203ms
70ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040804.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

sffe /

Resource Hash

bf97ea16fc6f3ed219404e08367a661cc6964d6bd9a40872e26453976df761e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 14 Apr 2021 13:09:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 08 Apr 2021 19:24:37 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106480
x-xss-protection: 0
expires: Wed, 14 Apr 2021 13:09:29 GMT

GET
H2 200 vendor-list.json
qd.admetricspro.com/js/cmp2/ 286 KB
31 KB 172ms
157ms XHR
application/json 2606:4700:3036::6815:3f46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:3f46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:29 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0972195a6000004eb5890d3000000001
last-modified: Tue, 06 Oct 2020 19:31:27 GMT
server: cloudflare
etag: W/"4773b-5b105a5302c6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AD%2Bal%2BhPeGLYqgfB2FEPX%2B0FMo3oujYDby331cIatjQTH80WJ48ZZ7crJ59B6CCBFC3hT9%2BUKUew5ZaGiXrsPXGtCNQgHUUDU5xMj5olDiBadKvqHSd886KK9HTuvI9U"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 63fd2b3d6ddb4eb5-FRA
expires: Wed, 14 Apr 2021 13:19:29 GMT

GET
H2 200 apstag.js
c.amazon-adsystem.com/aax2/ 119 KB
31 KB 248ms
103ms Script
application/javascript 99.84.153.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.153.196 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-153-196.txl52.r.cloudfront.net
Software: Server /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 12:54:49 GMT
content-encoding: gzip
server: Server
age: 880
etag: 9e0e0829d91a39f75ba9ebfdbaf1f5a9
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 df2b5b3f847bbe9ad7f475c0831bcc3a.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: 11GrZ4vbIcrQ20hh8BdcRvzkMaiC0j9l
x-amz-cf-id: 2QFNM8tEf0CJyPMNBprkRbn56q0dSsI5UDQHdRYuTJpL6rMzQqIfhw==

GET
H2

200

connatix.player.dc.js
cds.connatix.com/p/113303/ Frame 4690
Redirect Chain

https://cd.connatix.com/connatix.player.js
https://cds.connatix.com/p/113303/connatix.player.dc.js

1013 KB
221 KB

56ms
55ms

Script
application/javascript

151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/113303/connatix.player.dc.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:30 GMT
content-encoding: br
last-modified: Wed, 14 Apr 2021 12:11:27 GMT
age: 2895
etag: "dde7d333d801878bcad632e88483cfed"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 225885

Redirect headers

location: https://cds.connatix.com/p/113303/connatix.player.dc.js
date: Wed, 14 Apr 2021 13:09:30 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
age: 0
accept-ranges: bytes
content-length: 0
retry-after: 0

GET
H/1.1 200
OK /
kasperskycontenthub.com/ 0
398 B 535ms
133ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=828845315&back=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 14 Apr 2021 13:09:30 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: HIT
Transfer-Encoding: chunked
X-Debug-Auth: off
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Request-Host: kasperskycontenthub.com
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 162 KB
52 KB 36ms
15ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5c27bdc929b400a819e3dbc5ca7b78f1eab5b2b7d884b5c33c7792a82b73b959

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52321
x-xss-protection: 0
last-modified: Wed, 14 Apr 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 14 Apr 2021 13:09:29 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 13 KB
5 KB 922ms
133ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:30 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:54:16 GMT
Server: nginx
ETag: W/"60769fa8-3496"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 21 Apr 2021 13:09:30 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 13 KB
5 KB 916ms
134ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:30 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:54:10 GMT
Server: nginx
ETag: W/"60769fa2-3496"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 21 Apr 2021 13:09:30 GMT

GET
H/1.1 200
OK logo.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 919ms
135ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:30 GMT
Last-Modified: Wed, 14 Apr 2021 07:54:15 GMT
Server: nginx
ETag: "60769fa7-4a32"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 18994
Expires: Wed, 21 Apr 2021 13:09:30 GMT

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 492ms
238ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:30 GMT
Last-Modified: Wed, 14 Apr 2021 07:54:16 GMT
Server: nginx
ETag: "60769fa8-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20900
Expires: Thu, 14 Apr 2022 13:09:30 GMT

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 491ms
235ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:30 GMT
Last-Modified: Wed, 14 Apr 2021 07:54:16 GMT
Server: nginx
ETag: "60769fa8-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20680
Expires: Thu, 14 Apr 2022 13:09:30 GMT

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 502ms
239ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:30 GMT
Last-Modified: Wed, 14 Apr 2021 07:54:16 GMT
Server: nginx
ETag: "60769fa8-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20920
Expires: Thu, 14 Apr 2022 13:09:30 GMT

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 400ms
134ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:30 GMT
Last-Modified: Wed, 14 Apr 2021 07:54:10 GMT
Server: nginx
ETag: "60769fa2-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20884
Expires: Thu, 14 Apr 2022 13:09:30 GMT

GET
H/1.1 200
OK museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 507ms
239ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:30 GMT
Last-Modified: Wed, 14 Apr 2021 07:54:16 GMT
Server: nginx
ETag: "60769fa8-5bac"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 23468
Expires: Thu, 14 Apr 2022 13:09:30 GMT

GET
H/1.1 200
OK mail-plane-light.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
722 B 804ms
133ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:30 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:54:16 GMT
Server: nginx
ETag: W/"60769fa8-33c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 21 Apr 2021 13:09:30 GMT

GET
H/1.1 200
OK twitter-blue.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
847 B 809ms
134ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:30 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:54:16 GMT
Server: nginx
ETag: W/"60769fa8-364"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 21 Apr 2021 13:09:30 GMT

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 504ms
238ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:30 GMT
Last-Modified: Wed, 14 Apr 2021 07:54:16 GMT
Server: nginx
ETag: "60769fa8-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 15820
Expires: Thu, 14 Apr 2022 13:09:30 GMT

GET
H2 200 Tara-headshot.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/08/15114841/ 13 KB
13 KB 17ms
14ms Image
image/jpeg 2600:9000:20e8:5200:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/08/15114841/Tara-headshot.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:5200:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89ce08431545cd3c6d42419d99ee0152027a68c1d0c7c82838cc9a51d9d52451

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 02:43:05 GMT
via: 1.1 e8b17f734954ee4d46d26cf302323482.cloudfront.net (CloudFront), 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
last-modified: Fri, 17 Aug 2018 16:22:08 GMT
server: AmazonS3
age: 5307986
etag: "dee18dfeea6de13bec60c1e5237eb723"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, TXL52-C1
accept-ranges: bytes
content-length: 13097
x-amz-cf-id: vAD9ebhPxvjSVmXrwOTd_Q34wUeN3m_KGoE5IOUoUT5Qk3kfgK8sJA==
expires: Sat, 17 Aug 2019 16:22:07 GMT

GET
H2 200 2021-podcast-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/01/08132547/ 24 KB
25 KB 19ms
16ms Image
image/jpeg 2600:9000:20e8:5200:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/08132547/2021-podcast-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:5200:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 519085a0b4ae43798324a00d036f57c53bb0b62f20e7f9b9fc4402c0e3518663

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 04 Feb 2021 01:22:49 GMT
via: 1.1 16dc09493f48bbc1fd2cdd6e175a94f7.cloudfront.net (CloudFront), 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
last-modified: Fri, 08 Jan 2021 18:25:51 GMT
server: AmazonS3
age: 6004002
etag: "a27c4ffa8de97cfaaa30db02958dbcb9"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, TXL52-C1
accept-ranges: bytes
content-length: 24725
x-amz-cf-id: LHV8jruo4qZRJ6E_-x3FA3F7pQbRNS23X4R6ulLzIAPqq95tX7aSgA==
expires: Sat, 08 Jan 2022 18:25:50 GMT

GET
H2 200 ransomware-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/10/14114608/ 22 KB
22 KB 20ms
18ms Image
image/jpeg 2600:9000:20e8:5200:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/10/14114608/ransomware-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:5200:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c6c4147f80da55b9177793bae26fb3124c29c619ba0029896e98af3038eff0c4

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Feb 2021 08:15:09 GMT
via: 1.1 8d31bbd9d6638cdacab37047b8045da4.cloudfront.net (CloudFront), 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
last-modified: Wed, 14 Oct 2020 15:46:12 GMT
server: AmazonS3
age: 5892862
etag: "ece4d3c40b67b0f0839f7ed23b15e0df"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, TXL52-C1
accept-ranges: bytes
content-length: 22053
x-amz-cf-id: -44okvgHy3GTroYtRggeWr-VnK63qcdalYU3mnsTiDOYN2konOtx0g==
expires: Thu, 14 Oct 2021 15:46:11 GMT

GET
H2 200 globe-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/01/08091437/ 41 KB
41 KB 19ms
17ms Image
image/jpeg 2600:9000:20e8:5200:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/08091437/globe-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:5200:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b335724518b48b697eef178ba42be13d9cf279646970cffd3e4817917cb36382

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 02:50:24 GMT
via: 1.1 7581b95dc5c9e1ffa79fb8e4b4276bf8.cloudfront.net (CloudFront), 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
last-modified: Fri, 08 Jan 2021 14:14:42 GMT
server: AmazonS3
age: 5307546
etag: "8ce968555c5978ade18c64165df020ea"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: MUC51-C1, TXL52-C1
accept-ranges: bytes
content-length: 41486
x-amz-cf-id: oSCR4j4JCHeeJY3eX4Q0qpTYwjoxb_zcZ2VOEDgKTFhLJh4Nv2ilxQ==
expires: Sat, 08 Jan 2022 14:14:41 GMT

GET
H2 200 abstract-mobile-threats-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/01/04120907/ 2 KB
3 KB 20ms
19ms Image
image/jpeg 2600:9000:20e8:5200:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/04120907/abstract-mobile-threats-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:5200:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 45dca5228c4211ad70f1be0830427929c9066c282db4061babbf2c7d8eb1010a

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Apr 2021 18:15:46 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront), 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
last-modified: Mon, 04 Jan 2021 17:09:11 GMT
server: AmazonS3
age: 154425
etag: "d29bff5fd7fc069fb6b8f84e65fb44f0"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, TXL52-C1
accept-ranges: bytes
content-length: 2472
x-amz-cf-id: 5wmTX5nfhIWv8e8UXMx8wfiF9XtlYiOQufMarozwHmE9rGK9lQ5YIg==
expires: Tue, 04 Jan 2022 17:09:10 GMT

GET
H2 200 networks-1-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/12/10162309/ 2 KB
3 KB 20ms
19ms Image
image/jpeg 2600:9000:20e8:5200:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/12/10162309/networks-1-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:5200:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a5df491d38bad7be4712ad0e6c636de9212027d2b0fbb433eebda0c2f3182ca2

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 15:42:01 GMT
via: 1.1 d5fb859c39a16d7f218b4c7fb1528ad6.cloudfront.net (CloudFront), 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
last-modified: Thu, 10 Dec 2020 21:23:13 GMT
server: AmazonS3
age: 422850
etag: "c2a8bf44ca541251542cd1acb2eac818"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, TXL52-C1
accept-ranges: bytes
content-length: 2506
x-amz-cf-id: 2Bs4VPCR7aaXLLjImceAAYVLvjbzuMjmYFgP-KjYNwTNNy8mrLnxzQ==
expires: Fri, 10 Dec 2021 21:23:12 GMT

GET
H2 200 nationstate-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/04/07135644/ 2 KB
3 KB 21ms
20ms Image
image/jpeg 2600:9000:20e8:5200:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/04/07135644/nationstate-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:5200:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a05f635f324c5e8f9837ab55674770dc875300634edbc96500f4ffa19230630a

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 17:57:58 GMT
via: 1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront), 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
last-modified: Wed, 07 Apr 2021 17:56:48 GMT
server: AmazonS3
age: 587493
etag: "9deb9171304ed14d895e5c1ef8d94fe6"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, TXL52-C1
accept-ranges: bytes
content-length: 2139
x-amz-cf-id: CYR65-NepWzWTjnAvqeH68cioCeQojKGFiX4VfpswLM9A8uo_vg6eg==
expires: Thu, 07 Apr 2022 17:56:47 GMT

GET
H2 200 HTTPS-Padlock-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2020/09/29190950/ 2 KB
3 KB 20ms
19ms Image
image/jpeg 2600:9000:20e8:5200:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/09/29190950/HTTPS-Padlock-64x64.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:5200:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f5bce9b05e1706ad7f05247b0abeeba58f18642a14f4391d02d886d0d91ae6f8

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:28:55 GMT
via: 1.1 e7e7960d7731a7583cedd8f1ff1aca38.cloudfront.net (CloudFront), 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
last-modified: Tue, 29 Sep 2020 23:10:00 GMT
server: AmazonS3
age: 762036
etag: "06141d21f804a70b3971a14652ef6e2c"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, TXL52-C1
accept-ranges: bytes
content-length: 2335
x-amz-cf-id: E601qgoBcGdS105byVdnFMH0bUaeGpe2liIaZTJ7aLkD64Z_AM2c4Q==
expires: Wed, 29 Sep 2021 23:09:59 GMT

GET
H2 200 mysql-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/12/10101909/ 2 KB
2 KB 21ms
20ms Image
image/jpeg 2600:9000:20e8:5200:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/12/10101909/mysql-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:5200:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b02ed61742d7fef9c71436e9cf9494bf16f5f52ad88e9300730b79c77d4344b5

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 16:45:41 GMT
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront), 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
last-modified: Thu, 10 Dec 2020 15:19:13 GMT
server: AmazonS3
age: 1023830
etag: "f6ad3fa5e2ede7c093f2398569ad1d5f"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, TXL52-C1
accept-ranges: bytes
content-length: 1569
x-amz-cf-id: yEq6cJoe9JnUN0jTMmw4klg8Qh0zmG6rILiTmRvXAlTrFF39tT9tpw==
expires: Fri, 10 Dec 2021 15:19:12 GMT

GET
H/1.1 200
OK mail-plane-large-dark.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
722 B 399ms
133ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:30 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Apr 2021 07:54:16 GMT
Server: nginx
ETag: W/"60769fa8-32c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 21 Apr 2021 13:09:30 GMT

GET
H/1.1 200
OK logo-white.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 405ms
135ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1618240575
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Wed, 14 Apr 2021 13:09:31 GMT
Last-Modified: Wed, 14 Apr 2021 07:54:16 GMT
Server: nginx
ETag: "60769fa8-260a"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 9738
Expires: Wed, 21 Apr 2021 13:09:31 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 26ms
7ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 976
date: Wed, 14 Apr 2021 12:53:14 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19463
expires: Wed, 14 Apr 2021 14:53:14 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 23 KB
9 KB 25ms
8ms Script
application/javascript 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 16d7d7227f6d8251224d32cd45c81633a3a9d63bf35cd84b1d99d389becb5030

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:30 GMT
content-encoding: gzip
etag: "YoFsxqR3BwPygbSjh02Dug=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Wed, 21 Apr 2021 13:09:30 GMT

GET
H2 200 uwt.js
static.ads-twitter.com/ 5 KB
2 KB 164ms
53ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:30 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 44284
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1618405770.276932,VS0,VE0
x-served-by: cache-hhn11536-HHN

GET
H2 200 rules-p-_7kVx0t9Jqj90.js
rules.quantcount.com/ 3 B
356 B 156ms
128ms Script
application/x-javascript 2600:9000:20e8:e000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:e000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:05 GMT
via: 1.1 700e1fc650af7cfb451dbdb8d79d4107.cloudfront.net (CloudFront)
last-modified: Fri, 03 Mar 2017 23:52:35 GMT
server: AmazonS3
age: 26
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Error from cloudfront
content-type: application/x-javascript
cache-control: max-age=300
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: dTJH0pfBKt3I47eZKL_snVyp4YNM2oAiFPSUZeMd_lQ7eJ3VcK7Zow==

POST
H3-Q050 200 collect
www.google-analytics.com/j/ 2 B
65 B 13ms
13ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j89&aip=1&a=1111556348&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Ransomware%20Attack%20Hits%20Ukrainian%20Energy%20Ministry%2C%20Exploiting%20Drupalgeddon2%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=417926427&gjid=1992503896&cid=1705554485.1618405770&tid=UA-35676203-21&_gid=1509481858.1618405770&_r=1&gtm=2wg3v0PM29HLF&z=435166367

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
122 B 6ms
6ms Image
image/gif 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j89&aip=1&a=1111556348&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Ransomware%20Attack%20Hits%20Ukrainian%20Energy%20Ministry%2C%20Exploiting%20Drupalgeddon2%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=1705554485.1618405770&tid=UA-35676203-21&_gid=1509481858.1618405770&gtm=2wg3v0PM29HLF&z=1450684729

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 11152
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect
stats.g.doubleclick.net/j/ 4 B
445 B 41ms
14ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j89&tid=UA-35676203-21&cid=1705554485.1618405770&jid=417926427&gjid=1992503896&_gid=1509481858.1618405770&_u=YEBAAEAAAAAAAC~&z=1240744271

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 14 Apr 2021 13:09:30 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 202ms
68ms XHR
application/javascript 99.84.153.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.153.196 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-153-196.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Apr 2021 18:07:02 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 68549
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
via: 1.1 dc368befe9301385c5ebfce15527c741.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: TXL52-C1
content-type: application/javascript
x-amz-cf-id: dW1-iHtz79f1PsAG-BwsaEpNDArjAbvSuMb1VBirLne_AEJfW8OsfQ==

GET
H2 200 recaptcha__en.js
www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/ 334 KB
334 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=5.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 12:03:26 GMT
x-content-type-options: nosniff
last-modified: Mon, 12 Apr 2021 21:07:37 GMT
server: sffe
age: 3964
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 341678
x-xss-protection: 0
expires: Thu, 14 Apr 2022 12:03:26 GMT

GET
H2 200 flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
566 B 280ms
279ms Image
image/svg+xml 2600:9000:214f:b600:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e73ce88a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:b600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e73ce88a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Wed, 14 Apr 2021 13:09:30 GMT
content-encoding: gzip
last-modified: Wed, 14 Apr 2021 07:54:16 GMT
server: nginx
x-amz-cf-pop: FRA53-C1
etag: W/"60769fa8-ec"
x-cache: Miss from cloudfront
content-type: image/svg+xml
via: 1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront)
cache-control: max-age=604800, public
x-amz-cf-id: jwhhPHqNw_iUICIepgv4HtnjPTVbUDwp0kKE9ZO8pQqO_qZu4qXp4A==
expires: Wed, 21 Apr 2021 13:09:30 GMT

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 385ms
365ms Font
font/woff2 2600:9000:214f:b600:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e73ce88a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:b600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Origin: https://threatpost.com
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e73ce88a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Wed, 14 Apr 2021 13:09:30 GMT
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389765.cloudfront.net (CloudFront)
last-modified: Wed, 14 Apr 2021 07:54:17 GMT
server: nginx
x-amz-cf-pop: FRA53-C1
etag: "60769fa9-12d68"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 77160
x-amz-cf-id: DcG2BMpO14GfoFf-PKcmuMy66o6Pj6HKrlgCYbL0ltP048rWlhVhFw==
expires: Thu, 14 Apr 2022 13:09:30 GMT

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
88 B 29ms
28ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-35676203-21&cid=1705554485.1618405770&jid=417926427&_u=YEBAAEAAAAAAAC~&z=1143019766

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
505 B 48ms
29ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-35676203-21&cid=1705554485.1618405770&jid=417926427&_u=YEBAAEAAAAAAAC~&z=1143019766

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 400 /
graph.facebook.com/ 202 B
599 B 57ms
40ms XHR
application/json 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1003621733
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 152
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: x9ct06DxKSxHkM4QXPWn9sFcQxCKk+na61S/Kc3t9nk2ZlVIWlK6oNEaK88A1+IMCUzix/SbzCu0LYTyuH4+zQ==
x-fb-trace-id: DHB+625wd1K
date: Wed, 14 Apr 2021 13:09:30 GMT
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-fb-request-id: A8_qZVkt00H4Kq7S-s8Q5zA
cache-control: no-store
facebook-api-version: v3.2
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 share
www.linkedin.com/countserv/count/ 0
0 282ms
266ms Script
text/html 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin.com/countserv/count/share?url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F&format=jsonp&callback=jQuery112405317159378870773_1618405769898&_=1618405769899
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 info.json
www.reddit.com/api/ 102 B
1 KB 281ms
165ms XHR
application/json 151.101.113.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:30 GMT
via: 1.1 varnish
x-content-type-options: nosniff
content-length: 102
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
x-moose: majestic
server: snooserv
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
accept-ranges: bytes
expires: -1

GET
H2 200 connatix.player.css
cds.connatix.com/p/113303/ 54 KB
8 KB 54ms
54ms Stylesheet
text/css 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/113303/connatix.player.css
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:30 GMT
content-encoding: br
last-modified: Wed, 14 Apr 2021 12:11:27 GMT
age: 2895
etag: "637a1378127cdbe744099c4ebcd33e04"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 8356

POST error
quantcount.com/log/ 0
0

GET
H2 200 adsct
t.co/i/ 43 B
368 B 169ms
168ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 112
pragma: no-cache
last-modified: Wed, 14 Apr 2021 13:09:30 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e520069149c110837e8c55c182aece54
x-transaction: 00b6354300252022
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H/1.1 200
OK pls
capi.connatix.com/core/ Frame 4690 9 KB
3 KB 638ms
199ms XHR
multipart/form-data 3.140.99.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=113303
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.140.99.218 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-140-99-218.us-east-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 14 Apr 2021 13:09:31 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H3-Q050 200 anchor
www.google.com/recaptcha/api2/ Frame F9E4 20 KB
11 KB 32ms
32ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&theme=light&size=normal&cb=6z2ffsok31b8

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OGE1cXjwJZA92bz6QD3bGA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&theme=light&size=normal&cb=6z2ffsok31b8
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 14 Apr 2021 13:09:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-OGE1cXjwJZA92bz6QD3bGA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10894
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/ Frame F9E4 50 KB
25 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&theme=light&size=normal&cb=6z2ffsok31b8

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 10:18:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 12 Apr 2021 21:07:37 GMT
server: sffe
age: 10272
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25497
x-xss-protection: 0
expires: Thu, 14 Apr 2022 10:18:18 GMT

GET
H3-Q050 200 recaptcha__en.js
www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/ Frame F9E4 334 KB
334 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/recaptcha__en.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 12:03:26 GMT
x-content-type-options: nosniff
last-modified: Mon, 12 Apr 2021 21:07:37 GMT
server: sffe
age: 3964
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 341678
x-xss-protection: 0
expires: Thu, 14 Apr 2022 12:03:26 GMT

GET
H3-Q050 200 1WCIDWTNbCKChqewkQcA8N0ytqV1gIFiu2YL9uG6ltk.js
www.google.com/js/bg/ Frame F9E4 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/1WCIDWTNbCKChqewkQcA8N0ytqV1gIFiu2YL9uG6ltk.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&theme=light&size=normal&cb=6z2ffsok31b8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 10:48:08 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:00:00 GMT
server: sffe
age: 440482
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5750
x-xss-protection: 0
expires: Sat, 09 Apr 2022 10:48:08 GMT

GET
H3-Q050 200 webworker.js
www.google.com/recaptcha/api2/ Frame F9E4 102 B
239 B 19ms
19ms Other
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=mrdLhN7MywkJAAbzddTIjTaM

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&theme=light&size=normal&cb=6z2ffsok31b8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111
x-xss-protection: 1; mode=block
expires: Wed, 14 Apr 2021 13:09:30 GMT

GET
H3-Q050 200 bframe
www.google.com/recaptcha/api2/ Frame EC43 7 KB
1 KB 21ms
21ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=iwg2wma2d0p3

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KwHhtDSfaiEF16SKHmuLsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=iwg2wma2d0p3
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 14 Apr 2021 13:09:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-KwHhtDSfaiEF16SKHmuLsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1112
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/ Frame EC43 50 KB
25 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=iwg2wma2d0p3

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 10:18:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 12 Apr 2021 21:07:37 GMT
server: sffe
age: 10272
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25497
x-xss-protection: 0
expires: Thu, 14 Apr 2022 10:18:18 GMT

GET
H3-Q050 200 recaptcha__en.js
www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/ Frame EC43 334 KB
334 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=mrdLhN7MywkJAAbzddTIjTaM&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=iwg2wma2d0p3

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 12:03:26 GMT
x-content-type-options: nosniff
last-modified: Mon, 12 Apr 2021 21:07:37 GMT
server: sffe
age: 3964
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 341678
x-xss-protection: 0
expires: Thu, 14 Apr 2022 12:03:26 GMT

GET
H2 200 blockedDomains_1.bin
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame 4690 51 B
265 B 155ms
51ms XHR
application/octet-stream 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_1.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
content-encoding: gzip
fastly-restarts: 1
last-modified: Tue, 16 Feb 2021 13:25:11 GMT
age: 1990593
etag: "6867d1891d8793fd49a645adb5b6b6c3"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 62

POST
H/1.1 200
OK sr
capi.connatix.com/tr/ Frame 4690 0
295 B 147ms
146ms XHR
multipart/form-data 3.140.99.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sr?v=113303
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.140.99.218 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-140-99-218.us-east-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 14 Apr 2021 13:09:31 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H/1.1 200
OK analytics.js
s.srvsynd.com/2/234175/ 4 KB
2 KB 317ms
71ms Script
text/javascript 52.31.191.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.srvsynd.com/2/234175/analytics.js?dt=2341751597675869250012&di=threatpost.com&ui=00000000-0000-0000-0000-000000000000&md=2&ap=undefined&sr=connatix.com&pp=329085709478694&ti=x797773184310386624599936466944&de=2&to=3&pv=d2bc548e-1ceb-447f-9b51-75f5436b00df

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

52.31.191.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-191-243.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 14 Apr 2021 13:09:30 GMT
Content-Encoding: gzip
Accept-Ch: Viewport-Width, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Timing-Allow-Origin: *
Content-Length: 1885
Expires: 0

GET
H3-Q050 200 gpt.js
securepubads.g.doubleclick.net/tag/js/ 62 KB
21 KB 154ms
85ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "842 / 827 of 1000 / last-modified: 1618398593"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20947
x-xss-protection: 0
expires: Wed, 14 Apr 2021 13:09:31 GMT

GET
H2 200 2_media.bin
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/ Frame 4690 285 B
339 B 52ms
51ms XHR
application/octet-stream 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/2_media.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
content-encoding: gzip
last-modified: Fri, 19 Mar 2021 20:06:20 GMT
age: 78625
etag: "e7846e6aaf648bb23b90eaac2a8b4df9"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 249

GET
H2 200 1.png
img.connatix.com/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 6 KB
7 KB 54ms
53ms Image
image/png 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
age: 1153526
etag: "CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age: 86400
fastly-io-info: ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin: *
cache-control: max-age=31557600
fastly-stats: io=1
accept-ranges: bytes
content-type: image/png
content-length: 6487

GET
H2 200 ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 4690 334 KB
115 KB 33ms
13ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117207
x-xss-protection: 0
expires: Wed, 14 Apr 2021 13:09:31 GMT

POST
H/1.1 200
OK ao
capi.connatix.com/tr/ Frame 4690 0
295 B 145ms
145ms XHR
multipart/form-data 3.140.99.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ao?v=113303
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.140.99.218 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-140-99-218.us-east-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 14 Apr 2021 13:09:31 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 prebid4.30.0.js
cds.connatix.com/p/plugins/ Frame 4690 321 KB
90 KB 54ms
54ms Script
application/javascript 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid4.30.0.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
content-encoding: br
last-modified: Fri, 12 Mar 2021 10:57:07 GMT
age: 2235206
etag: "14fba94fa49bc59e2e3a605ef0738d7a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 91629

POST
H/1.1 200
OK g
capi.connatix.com/rtb/ Frame 4690 172 B
443 B 625ms
189ms XHR
multipart/form-data 3.140.99.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=113303
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.140.99.218 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-140-99-218.us-east-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 14 Apr 2021 13:09:31 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK ps
capi.connatix.com/tr/ Frame 4690 0
295 B 283ms
146ms XHR
multipart/form-data 3.140.99.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ps?v=113303
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.140.99.218 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-140-99-218.us-east-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 14 Apr 2021 13:09:31 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 1_th.jpg
img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/ 9 KB
9 KB 57ms
57ms Image
image/jpeg 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
age: 79849
etag: "CcaGrdoKpqqGknM5HNSNnN708hoEs9dqOtjk/gGgPw0"
access-control-max-age: 86400
fastly-io-info: ifsz=101050 idim=2560x1440 ifmt=jpeg ofsz=8750 odim=400x225 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=31557600
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 8750

GET
H2 200 playlist.m3u8
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/ Frame 4690 309 B
271 B 51ms
51ms XHR
application/x-mpegurl 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/playlist.m3u8
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
content-encoding: gzip
last-modified: Fri, 19 Mar 2021 20:06:19 GMT
age: 82381
etag: "8a966507b13615ecdc1330a4bc9dcfe1"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 164

GET
H3-Q050 200 bridge3.451.0_en.html
imasdk.googleapis.com/js/core/ Frame 686B 574 KB
188 KB 33ms
20ms Document
text/html 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.451.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.451.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 191845
date: Mon, 12 Apr 2021 19:34:48 GMT
expires: Tue, 12 Apr 2022 19:34:48 GMT
last-modified: Mon, 12 Apr 2021 19:29:59 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 149683
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js
s0.2mdn.net/instream/video/ Frame 4690 44 KB
17 KB 36ms
15ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Wed, 14 Apr 2021 13:09:31 GMT

GET
H2 200 bid
c.amazon-adsystem.com/e/dtb/ 23 B
371 B 108ms
108ms XHR
text/javascript 99.84.153.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F&pr=https%3A%2F%2Ft.co%2F&pid=o3mHtj5Z7Ey3D&cb=0&ws=1600x1200&v=7.61.00&t=2000&slots=%5B%7B%22id%22%3A%22Amazon_400x225%22%2C%22mt%22%3A%22v%22%7D%5D&cfgv=0&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdprl=%7B%22status%22%3A%22tcfv2-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.153.196 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-153-196.txl52.r.cloudfront.net
Software: Server /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
via: 1.1 df2b5b3f847bbe9ad7f475c0831bcc3a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: TXL52-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: QMAvVOQ5LbR1EYCCe-ymt1MU-Ej3_bCHOjw4KLeWhcpJxrmlNZFW2w==

GET
H2 200 0.m3u8
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/ Frame 4690 720 B
363 B 52ms
51ms XHR
application/x-mpegurl 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/0.m3u8
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
content-encoding: gzip
last-modified: Fri, 19 Mar 2021 20:06:16 GMT
age: 82381
etag: "16f08d2c070d4ae231c9c4d04ab25a35"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 278

GET
H2 200 omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 5B91 36 KB
13 KB 24ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:01:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 507
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Wed, 14 Apr 2021 14:01:04 GMT

POST
H/1.1 200
OK postback
s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/ 0
145 B 295ms
76ms XHR
text/plain 52.31.191.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/postback?oz_pl=1&ci=234175&dt=2341751597675869250012&di=threatpost.com&md=2&pp=329085709478694&to=3&pv=d2bc548e-1ceb-447f-9b51-75f5436b00df&ui=00000000-0000-0000-0000-000000000000&ap=undefined&sr=connatix.com&ti=x797773184310386624599936466944&de=2
Requested by: Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/234175/analytics.js?dt=2341751597675869250012&di=threatpost.com&ui=00000000-0000-0000-0000-000000000000&md=2&ap=undefined&sr=connatix.com&pp=329085709478694&ti=x797773184310386624599936466944&de=2&to=3&pv=d2bc548e-1ceb-447f-9b51-75f5436b00df
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.31.191.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-191-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 14 Apr 2021 13:09:31 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK main.js
s.srvsynd.com/2/1.25.0/ 121 KB
38 KB 71ms
71ms Script
text/javascript 52.31.191.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.srvsynd.com/2/1.25.0/main.js?o=1

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

52.31.191.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-191-243.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 14 Apr 2021 13:09:30 GMT
Content-Encoding: br
Accept-Ch: Viewport-Width, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: Origin, Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, no-transform, immutable, max-age=999999999
Strict-Transport-Security: max-age=31536000; includeSubDomains
Timing-Allow-Origin: *
Content-Length: 38635
Expires: Sat, 21 Dec 2052 09:13:40 GMT

OPTIONS
H2 200 0.mp4
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/ Frame 0
0 51ms
51ms Preflight 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/0.mp4
Protocol: H2
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

retry-after: 0
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Wed, 14 Apr 2021 13:09:31 GMT
access-control-max-age: 86400
cache-control: max-age=31557600
access-control-allow-origin: *
content-length: 0

GET
H2 206 0.mp4
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/ Frame 4690 1 KB
1 KB 52ms
51ms XHR
video/mp4 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-1361

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
last-modified: Fri, 19 Mar 2021 20:06:15 GMT
age: 82381
etag: "38f3c9c1a3a2ee6dfa7b3eabe57ddab7"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 0-1361/6244828
cache-control: max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 1362

OPTIONS
H2 200 0.mp4
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/ Frame 0
0 51ms
51ms Preflight 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/0.mp4
Protocol: H2
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

retry-after: 0
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Wed, 14 Apr 2021 13:09:31 GMT
access-control-max-age: 86400
cache-control: max-age=31557600
access-control-allow-origin: *
content-length: 0

GET
H2 206 0.mp4
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/ Frame 4690 759 KB
759 KB 51ms
51ms XHR
video/mp4 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=1362-778125

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
last-modified: Fri, 19 Mar 2021 20:06:15 GMT
age: 82381
etag: "38f3c9c1a3a2ee6dfa7b3eabe57ddab7"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 1362-778125/6244828
cache-control: max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 776764

POST
H/1.1 200
OK postback
s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/ 0
145 B 189ms
73ms XHR
text/plain 52.31.191.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/postback?oz_pl=1&ci=234175&dt=2341751597675869250012&di=threatpost.com&md=2&pp=329085709478694&to=3&pv=d2bc548e-1ceb-447f-9b51-75f5436b00df&ui=00000000-0000-0000-0000-000000000000&ap=undefined&sr=connatix.com&ti=x797773184310386624599936466944&de=2
Requested by: Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/234175/analytics.js?dt=2341751597675869250012&di=threatpost.com&ui=00000000-0000-0000-0000-000000000000&md=2&ap=undefined&sr=connatix.com&pp=329085709478694&ti=x797773184310386624599936466944&de=2&to=3&pv=d2bc548e-1ceb-447f-9b51-75f5436b00df
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.31.191.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-191-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 14 Apr 2021 13:09:31 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 adsct
analytics.twitter.com/i/ 31 B
651 B 292ms
175ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 115
pragma: no-cache
last-modified: Wed, 14 Apr 2021 13:09:31 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: ed9659604c653963fcda2f1895d24a68
x-transaction: 0070b79a002c7388
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H/1.1 200
OK postback
s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/ 0
145 B 219ms
72ms XHR
text/plain 52.31.191.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/postback?ci=234175&dt=2341751597675869250012&di=threatpost.com&md=2&pp=329085709478694&to=3&pv=d2bc548e-1ceb-447f-9b51-75f5436b00df&ui=00000000-0000-0000-0000-000000000000&ap=undefined&sr=connatix.com&ti=x797773184310386624599936466944&de=2&sid=AHhGDnMXEAVC-nES&oz_sc=8918e67a1e75894b69dd43d2&cv=3
Requested by: Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/1.25.0/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.31.191.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-191-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 14 Apr 2021 13:09:31 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
DATA 200
OK truncated
/ Frame CB9E 13 B
13 B Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: text/html;charset=utf-8

GET
H2 206 0.mp4
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/ Frame 4690 797 KB
798 KB 52ms
51ms XHR
video/mp4 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=778126-1594622

Response headers

date: Wed, 14 Apr 2021 13:09:31 GMT
last-modified: Fri, 19 Mar 2021 20:06:15 GMT
age: 82381
etag: "38f3c9c1a3a2ee6dfa7b3eabe57ddab7"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 778126-1594622/6244828
cache-control: max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 816497

OPTIONS
H2 200 0.mp4
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/ Frame 0
0 54ms
53ms Preflight 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/0.mp4
Protocol: H2
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

retry-after: 0
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Wed, 14 Apr 2021 13:09:31 GMT
access-control-max-age: 86400
cache-control: max-age=31557600
access-control-allow-origin: *
content-length: 0

GET
H2 200 integrator.js
adservice.google.com/adsid/ Frame 4690 107 B
553 B 40ms
17ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 14 Apr 2021 13:09:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

POST
H/1.1 200
OK postback
s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/ 0
145 B 120ms
120ms XHR
text/plain 52.31.191.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/postback?ci=234175&dt=2341751597675869250012&di=threatpost.com&md=2&pp=329085709478694&to=3&pv=d2bc548e-1ceb-447f-9b51-75f5436b00df&ui=00000000-0000-0000-0000-000000000000&ap=undefined&sr=connatix.com&ti=x797773184310386624599936466944&de=2&sid=AHhGDnMXEAVC-nES&oz_sc=8918e67a1e75894b69dd43d2&cv=3
Requested by: Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/1.25.0/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.31.191.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-191-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 14 Apr 2021 13:09:31 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK mq
capi.connatix.com/tr/ Frame 4690 0
295 B 153ms
153ms XHR
multipart/form-data 3.140.99.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/mq?v=113303
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.140.99.218 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-140-99-218.us-east-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 14 Apr 2021 13:09:32 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 ads
pubads.g.doubleclick.net/gampad/ Frame 686B 156 B
625 B 358ms
354ms XHR
text/xml 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F6148&description_url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3699436475680132&cust_params=domains%3Dthreatpost.com&sdkv=h.3.451.0&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&u_so=l&ctv=0&sdki=44d&adk=2940233645&sdk_apis=2%2C8&sid=9BACC2BF-488A-41DF-A204-0823F70E6F34&eid=44729226%2C44730464&url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F&dlt=1618405769880&idt=1652&dt=1618405771981&cookie_enabled=1&scor=4302630097789896&ged=ve4_td2_tt1_pd2_la2000_er974.1199.1127.1499_vi0.0.1200.1600_vp100_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.451.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:32 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK postback
s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/ 0
145 B 72ms
70ms XHR
text/plain 52.31.191.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/postback?ci=234175&dt=2341751597675869250012&di=threatpost.com&md=2&pp=329085709478694&to=3&pv=d2bc548e-1ceb-447f-9b51-75f5436b00df&ui=00000000-0000-0000-0000-000000000000&ap=undefined&sr=connatix.com&ti=x797773184310386624599936466944&de=2&sid=AHhGDnMXEAVC-nES&oz_sc=8918e67a1e75894b69dd43d2&cv=3
Requested by: Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/1.25.0/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.31.191.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-191-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 14 Apr 2021 13:09:31 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback
s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/ 0
145 B 78ms
78ms XHR
text/plain 52.31.191.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/postback?ci=234175&dt=2341751597675869250012&di=threatpost.com&md=2&pp=329085709478694&to=3&pv=d2bc548e-1ceb-447f-9b51-75f5436b00df&ui=00000000-0000-0000-0000-000000000000&ap=undefined&sr=connatix.com&ti=x797773184310386624599936466944&de=2&sid=AHhGDnMXEAVC-nES&oz_sc=8918e67a1e75894b69dd43d2&cv=3
Requested by: Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/1.25.0/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.31.191.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-191-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 14 Apr 2021 13:09:31 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback
s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/ 0
145 B 109ms
109ms XHR
text/plain 52.31.191.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/postback?ci=234175&dt=2341751597675869250012&di=threatpost.com&md=2&pp=329085709478694&to=3&pv=d2bc548e-1ceb-447f-9b51-75f5436b00df&ui=00000000-0000-0000-0000-000000000000&ap=undefined&sr=connatix.com&ti=x797773184310386624599936466944&de=2&sid=AHhGDnMXEAVC-nES&oz_sc=8918e67a1e75894b69dd43d2&cv=3
Requested by: Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/1.25.0/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.31.191.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-191-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 14 Apr 2021 13:09:32 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
BLOB 200
OK d7b44da2-8a69-41ae-9277-9b3029f7ea9b
https://threatpost.com/ Frame 20BB 476 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://threatpost.com/d7b44da2-8a69-41ae-9277-9b3029f7ea9b
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 476
Content-Type: javascript

POST
H/1.1 200
OK postback
s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/ 0
145 B 75ms
74ms XHR
text/plain 52.31.191.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.srvsynd.com/2/1.25.0/234175/AHhGDnMXEAVC-nES/postback?ci=234175&dt=2341751597675869250012&di=threatpost.com&md=2&pp=329085709478694&to=3&pv=d2bc548e-1ceb-447f-9b51-75f5436b00df&ui=00000000-0000-0000-0000-000000000000&ap=undefined&sr=connatix.com&ti=x797773184310386624599936466944&de=2&sid=AHhGDnMXEAVC-nES&oz_sc=8918e67a1e75894b69dd43d2&cv=3
Requested by: Host: s.srvsynd.com
URL: https://s.srvsynd.com/2/1.25.0/main.js?o=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.31.191.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-191-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 14 Apr 2021 13:09:32 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3-Q050 200 integrator.js
adservice.google.com/adsid/ Frame 4690 107 B
531 B 46ms
28ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 14 Apr 2021 13:09:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads
pubads.g.doubleclick.net/gampad/ Frame 686B 156 B
762 B 378ms
377ms XHR
text/xml 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F2570&description_url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3377834987517958&cust_params=domains%3Dthreatpost.com&sdkv=h.3.451.0&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&u_so=l&ctv=0&sdki=44d&adk=2940233645&sdk_apis=2%2C8&sid=9BACC2BF-488A-41DF-A204-0823F70E6F34&eid=44729226%2C44730464&url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F&dlt=1618405769880&idt=1652&dt=1618405772909&cookie_enabled=1&scor=3056339680463385&ged=ve4_td3_tt2_pd3_la3000_er974.1199.1127.1499_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.451.0_en.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK sv
capi.connatix.com/tr/ Frame 4690 0
295 B 145ms
145ms XHR
multipart/form-data 3.140.99.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sv?v=113303
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.140.99.218 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-140-99-218.us-east-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 14 Apr 2021 13:09:33 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3-Q050 200 integrator.js
adservice.google.com/adsid/ Frame 4690 107 B
146 B 22ms
22ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 14 Apr 2021 13:09:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads
pubads.g.doubleclick.net/gampad/ Frame 686B 71 KB
14 KB 334ms
332ms XHR
text/xml 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F6650&description_url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=501705379384094&cust_params=domains%3Dthreatpost.com&sdkv=h.3.451.0&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&u_so=l&ctv=0&sdki=44d&adk=2940233645&sdk_apis=2%2C8&sid=9BACC2BF-488A-41DF-A204-0823F70E6F34&eid=44729226%2C44730464&url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2%2F131373%2F&dlt=1618405769880&idt=1652&dt=1618405773802&cookie_enabled=1&scor=3080276478364723&ged=ve4_td4_tt3_pd4_la4000_er974.1199.1127.1499_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.451.0_en.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14486
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 686B 0
331 B 176ms
78ms Other
image/gif 2a00:1450:4017:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~knhh0dfj&c=6503684303406&slotId=3251842151703&qqid=CMuhharn_e8CFZzjuwgdOPIGfw&gqid=jel2YJTFNKHl7_UP3bWv-AI&fb=ima-html5&sdkv=h.3.451.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&ghmsh_eids=44729226%2C44730464&vmfc=2&vhc=0&wta=1&hghme=1&met.4=ghmsh_s.knhh0fh0~ghmsh_s.knhh0fh1&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=ZvldhD4uCkCYWWuT
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.451.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4017:80c::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:34 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 686B 42 B
540 B 36ms
16ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CuvECjel2YIunNpzH7_UPuOSb-AeozpSmYp6YrYbfDbCQHxABINKW5jhg8a38haQfoAGUj_meA8gBBakC91kU4gWdfz7gAgCoAwGYBACqBMYCT9DsVqhhEfiH5CTEtpI02CQX93DREN_1WFLay2wf3Of8fnkm-d8FeKazeD5qSo37Feg4NNr2olepEo9djk03oJFZonz76n0cfzJQH1xXcgQy_qG6qzIXNaULxokphA6Bat4d7D_k6F_8wFWXobZTr-OPXzCUkiMZeqUjwxwWS5-92tKYsEMFJZqsWtoozYSoQYTDkZalocFZjKz1CVul294OkmPUfFdUgkSJUis_5HCZb5EqRsGqvQy4KUUUPjzbkW4SBcPqxF2CRdLQ8j4SwTBYkS_vqY9cymV7ewMXjUVE9GTgYZO-fu40xrHpKsUi6i18MaDyBXPCla4HiTVJQXeNf7fA8ikKcWb-n9KS-MS26WfZvaVNcQJtkR7kAq_SNsX9NY2ZmO-qHeehihEETJeVwsE8bqmIfixZLXJUAC4bB0CSVurABLWDnpvwAuAEAaAGVIAH1PCGYagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2mgkkaHR0cHM6Ly9hcHAuaW5zdXJlbGxvLnNlL2Nhc2VzL2NsYWltsQn5Zmqsko8HQ4AKA8gLAdALDuALAbgMAdgTDeIWAggB&sigh=TNSKiLZ3Q_0&label=show_ad&acvw=&sdkv=h.3.451.0&vci=CmUIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MjE5MTI5MDM5ODIMNTEyODAzMTE3ODI4QOACUh0QDyUAAERCKAE6B3Vua25vd25CB3Vua25vd25QABgB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 adview
pubads.g.doubleclick.net/pagead/ Frame 686B 0
0 73ms
71ms Image
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=Cj0XKjel2YIunNpzH7_UPuOSb-AeozpSmYp6YrYbfDbCQHxABINKW5jhg8a38haQfoAGUj_meA8gBBakC91kU4gWdfz7gAgCoAwGYBACqBMMCT9DsVqhhEfiH5CTEtpI02CQX93DREN_1WFLay2wf3Of8fnkm-d8FeKazeD5qSo37Feg4NNr2olepEo9djk03oJFZonz76n0cfzJQH1xXcgQy_qG6qzIXNaULxokphA6Bat4d7D_k6F_8wFWXobZTr-OPXzCUkiMZeqUjwxwWS5-92tKYsEMFJZqsWtoozYSoQYTDkZalocFZjKz1CVul294OkmPUfFdUgkSJUis_5HCZb5EqRsGqvQy4KUUUPjzbkW4SBcPqxF2CRdLQ8j4SwTBYkS_vqY9cymV7ewMXjUVE9GTgYZO-fu40xrHpKsUi6i18MaDyBXPCla4HiTVJQXeNf7fA8ikKcWb-n9KS-MS26WfZvaVNcQJtkR7kAq_SNsX9NY2ZmO-qHeeh0hDuMpznNsyu3jhwG6qhM4mvQ9fITVjABLWDnpvwAuAEAaAGVIAH1PCGYagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEN2JW6gIAdIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMTM1NjYzMjg2MjM1NDQ4NoAKA8gLAcITBhiUj_meA9gTDeIWAggBshcaChgIABIUcHViLTE5Mjk2MTU2OTQzNzMxMDM&sigh=2fL1-TJvrJU&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&vt=10&sdkv=h.3.451.0&vci=CmUIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MjE5MTI5MDM5ODIMNTEyODAzMTE3ODI4QOACUh0QDyUAAERCKAE6B3Vua25vd25CB3Vua25vd25QABgB
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f162.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/PTCwR0AZC28/ Frame 686B 9 KB
9 KB 27ms
7ms Image
image/jpeg 2a00:1450:4001:802::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/PTCwR0AZC28/hqdefault.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 12:47:12 GMT
x-content-type-options: nosniff
server: sffe
age: 1342
etag: "0"
vary: Origin
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9034
x-xss-protection: 0
expires: Wed, 14 Apr 2021 14:47:12 GMT

GET
H2 200 AAUvwnisq9HIiS_CdmPyd5z7OO8kGkvaAo3emJ2aker0=s48-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 686B 3 KB
3 KB 43ms
23ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AAUvwnisq9HIiS_CdmPyd5z7OO8kGkvaAo3emJ2aker0=s48-c-k-c0x00ffffff-no-rj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2746
x-xss-protection: 0
server: fife
etag: "v79"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 09 Apr 2021 05:32:25 GMT

GET
DATA 200
OK truncated
/ Frame 686B 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

POST
H2 204 csi
csi.gstatic.com/ Frame 4690 0
54 B 128ms
78ms Other
image/gif 2a00:1450:4017:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~knhh0db7&c=6503684303406&slotId=3251842151703&eee=missing-element&bi=missing-id
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4017:80c::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:34 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 686B 0
234 B 38ms
38ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?evt=start&format=TRUEVIEW&lid=143&sdkv=h.3.451.0&e=44729226%2C44730464&id=ima_html5&c=877554380296947&domain=threatpost.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

206
Partial Content

videoplayback
r5---sn-4g5e6nzl.googlevideo.com/
Redirect Chain

https://r5---sn-5go7yner.googlevideo.com/videoplayback?expire=1618434574&ei=jul2YJmTBYnTgAeV8qfgDw&ip=31.13.191.162&id=3d30b04740190b6f&itag=22&source=youtube&requiressl=yes&mh=3a&mm=31&mn=sn-5go7y...
https://r5---sn-4g5e6nzl.googlevideo.com/videoplayback?expire=1618434574&ei=jul2YJmTBYnTgAeV8qfgDw&ip=31.13.191.162&id=3d30b04740190b6f&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier...

3 MB
0

82ms
68ms

Media
video/mp4

2a00:1450:4001:3c::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r5---sn-4g5e6nzl.googlevideo.com/videoplayback?expire=1618434574&ei=jul2YJmTBYnTgAeV8qfgDw&ip=31.13.191.162&id=3d30b04740190b6f&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=48.251&lmt=1607209988344806&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAOs01dI8WYHsbAaa386G-4fnxm5CF1JbCUH9wx1BdWTZAiEA1IQ9Dyr7-KZJjTx0kX6A3LDVfcffMaeW8Q-M8UmhSDs=&cpn=ZvldhD4uCkCYWWuT&redirect_counter=1&rm=sn-5gold76&req_id=7b52e80378ab36e2&cms_redirect=yes&ipbypass=yes&mh=3a&mip=2a01:4f8:192:5414::2&mm=31&mn=sn-4g5e6nzl&ms=au&mt=1618405740&mv=m&mvi=5&pl=47&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgPwleEpzayPTe-1Y4bplJVC7jRnIz25v109SOIUsrL9kCIQDIxYDGJ8X5qNpO1vvfHWK_Cfn__248KMQLcP5tH8UmCQ%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:3c::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 14 Apr 2021 13:09:34 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 05 Dec 2020 23:13:08 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-9371614/9371615
Cache-Control: private, max-age=28500
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 9371615
Expires: Wed, 14 Apr 2021 13:09:34 GMT

Redirect headers

Date: Wed, 14 Apr 2021 13:09:34 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: text/html
Location: https://r5---sn-4g5e6nzl.googlevideo.com/videoplayback?expire=1618434574&ei=jul2YJmTBYnTgAeV8qfgDw&ip=31.13.191.162&id=3d30b04740190b6f&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=48.251&lmt=1607209988344806&txp=5432434&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAOs01dI8WYHsbAaa386G-4fnxm5CF1JbCUH9wx1BdWTZAiEA1IQ9Dyr7-KZJjTx0kX6A3LDVfcffMaeW8Q-M8UmhSDs=&cpn=ZvldhD4uCkCYWWuT&redirect_counter=1&rm=sn-5gold76&req_id=7b52e80378ab36e2&cms_redirect=yes&ipbypass=yes&mh=3a&mip=2a01:4f8:192:5414::2&mm=31&mn=sn-4g5e6nzl&ms=au&mt=1618405740&mv=m&mvi=5&pl=47&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgPwleEpzayPTe-1Y4bplJVC7jRnIz25v109SOIUsrL9kCIQDIxYDGJ8X5qNpO1vvfHWK_Cfn__248KMQLcP5tH8UmCQ%3D%3D
Cache-Control: private, max-age=900
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Content-Length: 0
Expires: Wed, 14 Apr 2021 13:09:34 GMT

GET
H3-Q050 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 686B 42 B
94 B 36ms
35ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CuvECjel2YIunNpzH7_UPuOSb-AeozpSmYp6YrYbfDbCQHxABINKW5jhg8a38haQfoAGUj_meA8gBBakC91kU4gWdfz7gAgCoAwGYBACqBMYCT9DsVqhhEfiH5CTEtpI02CQX93DREN_1WFLay2wf3Of8fnkm-d8FeKazeD5qSo37Feg4NNr2olepEo9djk03oJFZonz76n0cfzJQH1xXcgQy_qG6qzIXNaULxokphA6Bat4d7D_k6F_8wFWXobZTr-OPXzCUkiMZeqUjwxwWS5-92tKYsEMFJZqsWtoozYSoQYTDkZalocFZjKz1CVul294OkmPUfFdUgkSJUis_5HCZb5EqRsGqvQy4KUUUPjzbkW4SBcPqxF2CRdLQ8j4SwTBYkS_vqY9cymV7ewMXjUVE9GTgYZO-fu40xrHpKsUi6i18MaDyBXPCla4HiTVJQXeNf7fA8ikKcWb-n9KS-MS26WfZvaVNcQJtkR7kAq_SNsX9NY2ZmO-qHeehihEETJeVwsE8bqmIfixZLXJUAC4bB0CSVurABLWDnpvwAuAEAaAGVIAH1PCGYagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2mgkkaHR0cHM6Ly9hcHAuaW5zdXJlbGxvLnNlL2Nhc2VzL2NsYWltsQn5Zmqsko8HQ4AKA8gLAdALDuALAbgMAdgTDeIWAggB&sigh=TNSKiLZ3Q_0&label=video_ad_loaded&acvw=&sdkv=h.3.451.0&vci=CmUIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MjE5MTI5MDM5ODIMNTEyODAzMTE3ODI4QOACUh0QDyUAAFhCKAE6B3Vua25vd25CB3Vua25vd25QABgB

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Oy6hyfNY.js
tpc.googlesyndication.com/sodar/ Frame 686B 41 KB
15 KB 47ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.451.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Apr 2021 06:59:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 194999
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15406
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Apr 2022 06:59:35 GMT

GET
H3-Q050 200 adview
pubads.g.doubleclick.net/pagead/ Frame 686B 0
0 73ms
72ms Image
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=Cj0XKjel2YIunNpzH7_UPuOSb-AeozpSmYp6YrYbfDbCQHxABINKW5jhg8a38haQfoAGUj_meA8gBBakC91kU4gWdfz7gAgCoAwGYBACqBMMCT9DsVqhhEfiH5CTEtpI02CQX93DREN_1WFLay2wf3Of8fnkm-d8FeKazeD5qSo37Feg4NNr2olepEo9djk03oJFZonz76n0cfzJQH1xXcgQy_qG6qzIXNaULxokphA6Bat4d7D_k6F_8wFWXobZTr-OPXzCUkiMZeqUjwxwWS5-92tKYsEMFJZqsWtoozYSoQYTDkZalocFZjKz1CVul294OkmPUfFdUgkSJUis_5HCZb5EqRsGqvQy4KUUUPjzbkW4SBcPqxF2CRdLQ8j4SwTBYkS_vqY9cymV7ewMXjUVE9GTgYZO-fu40xrHpKsUi6i18MaDyBXPCla4HiTVJQXeNf7fA8ikKcWb-n9KS-MS26WfZvaVNcQJtkR7kAq_SNsX9NY2ZmO-qHeeh0hDuMpznNsyu3jhwG6qhM4mvQ9fITVjABLWDnpvwAuAEAaAGVIAH1PCGYagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEN2JW6gIAdIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMTM1NjYzMjg2MjM1NDQ4NoAKA8gLAcITBhiUj_meA9gTDeIWAggBshcaChgIABIUcHViLTE5Mjk2MTU2OTQzNzMxMDM&sigh=2fL1-TJvrJU&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&sdkv=h.3.451.0
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f162.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 686B 42 B
66 B 17ms
16ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=C5s0Ujel2YIunNpzH7_UPuOSb-AeozpSmYp6YrYbfDbCQHxABINKW5jhg8a38haQfoAGUj_meA8gBBakC91kU4gWdfz7gAgCoAwGYBACqBMMCT9DsVqhhEfiH5CTEtpI02CQX93DREN_1WFLay2wf3Of8fnkm-d8FeKazeD5qSo37Feg4NNr2olepEo9djk03oJFZonz76n0cfzJQH1xXcgQy_qG6qzIXNaULxokphA6Bat4d7D_k6F_8wFWXobZTr-OPXzCUkiMZeqUjwxwWS5-92tKYsEMFJZqsWtoozYSoQYTDkZalocFZjKz1CVul294OkmPUfFdUgkSJUis_5HCZb5EqRsGqvQy4KUUUPjzbkW4SBcPqxF2CRdLQ8j4SwTBYkS_vqY9cymV7ewMXjUVE9GTgYZO-fu40xrHpKsUi6i18MaDyBXPCla4HiTVJQXeNf7fA8ikKcWb-n9KS-MS26WfZvaVNcQJtkR7kAq_SNsX9NY2ZmO-qHeeh0hDuMpznNsyu3jhwG6qhM4mvQ9fITVjABLWDnpvwAuAEAaAGVIAH1PCGYagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDyAsB2BMN4hYCCAE&sigh=mH4Sq9LB808&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&label=vast_creativeview&ad_mt=0&acvw=sv%3D893%26cb%3Dj%26e%3D19%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D48204%26vmtime%3D-1%26is%3D275%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D2678%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D958714797%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1618405774476%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.04%26t%3D1618405774193&sdkv=h.3.451.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MjE5MTI5MDM5ODIMNTEyODAzMTE3ODI4QOACUiAQDyUAAFhCKAE6B3Vua25vd25CB3Vua25vd25IjAJQABgB

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 686B 42 B
66 B 44ms
43ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvalcSYCLw9oK-p_ohocgA2lxV3vzNq689pvJPwv7fYebG1suJzds7fJLEQOeC0ix682GGPxF2guo4Bk9LVkjVGiEOMPKD7fDKdyIG44g6CssDYsb_xg50Ou_nGftqKflNTJ4m-Uh5UdYTfdmVGH_6k&sai=AMfl-YSF_MxO5rY_U3lgf8c3lPsGKPp6vEuqQdVoZlyjY8KI-hWrlaseVJAYowEzKXwRbNHCfRahHcukCFanso-zE-LrJ17qBiwmr5xQdA-I2qc6bTmEDFZFtq_KaxY&sig=Cg0ArKJSzKroMPNuNHuyEAE&cid=CAASF-Ro8ySKUOHmyJLgFgf2_0IMYE_Iit5f&id=lidarv&acvw=sv%3D893%26cb%3Dj%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D48204%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D2678%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D958714797%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1618405774478%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1618405774193&avm=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 686B 42 B
66 B 18ms
17ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=C5s0Ujel2YIunNpzH7_UPuOSb-AeozpSmYp6YrYbfDbCQHxABINKW5jhg8a38haQfoAGUj_meA8gBBakC91kU4gWdfz7gAgCoAwGYBACqBMMCT9DsVqhhEfiH5CTEtpI02CQX93DREN_1WFLay2wf3Of8fnkm-d8FeKazeD5qSo37Feg4NNr2olepEo9djk03oJFZonz76n0cfzJQH1xXcgQy_qG6qzIXNaULxokphA6Bat4d7D_k6F_8wFWXobZTr-OPXzCUkiMZeqUjwxwWS5-92tKYsEMFJZqsWtoozYSoQYTDkZalocFZjKz1CVul294OkmPUfFdUgkSJUis_5HCZb5EqRsGqvQy4KUUUPjzbkW4SBcPqxF2CRdLQ8j4SwTBYkS_vqY9cymV7ewMXjUVE9GTgYZO-fu40xrHpKsUi6i18MaDyBXPCla4HiTVJQXeNf7fA8ikKcWb-n9KS-MS26WfZvaVNcQJtkR7kAq_SNsX9NY2ZmO-qHeeh0hDuMpznNsyu3jhwG6qhM4mvQ9fITVjABLWDnpvwAuAEAaAGVIAH1PCGYagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDyAsB2BMN4hYCCAE&sigh=mH4Sq9LB808&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&label=part2viewed&ad_mt=0&acvw=sv%3D893%26cb%3Dj%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D48204%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D2678%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D958714797%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1618405774482%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1618405774193&sdkv=h.3.451.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MjE5MTI5MDM5ODIMNTEyODAzMTE3ODI4QOACUiAQDyUAAFhCKAE6B3Vua25vd25CB3Vua25vd25IjAJQABgB

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 686B 0
23 B 40ms
39ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?evt=showui&format=TRUEVIEW&lid=143&sdkv=h.3.451.0&e=44729226%2C44730464&id=ima_html5&c=877554380296947&domain=threatpost.com

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 686B 42 B
66 B 18ms
17ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=C5s0Ujel2YIunNpzH7_UPuOSb-AeozpSmYp6YrYbfDbCQHxABINKW5jhg8a38haQfoAGUj_meA8gBBakC91kU4gWdfz7gAgCoAwGYBACqBMMCT9DsVqhhEfiH5CTEtpI02CQX93DREN_1WFLay2wf3Of8fnkm-d8FeKazeD5qSo37Feg4NNr2olepEo9djk03oJFZonz76n0cfzJQH1xXcgQy_qG6qzIXNaULxokphA6Bat4d7D_k6F_8wFWXobZTr-OPXzCUkiMZeqUjwxwWS5-92tKYsEMFJZqsWtoozYSoQYTDkZalocFZjKz1CVul294OkmPUfFdUgkSJUis_5HCZb5EqRsGqvQy4KUUUPjzbkW4SBcPqxF2CRdLQ8j4SwTBYkS_vqY9cymV7ewMXjUVE9GTgYZO-fu40xrHpKsUi6i18MaDyBXPCla4HiTVJQXeNf7fA8ikKcWb-n9KS-MS26WfZvaVNcQJtkR7kAq_SNsX9NY2ZmO-qHeeh0hDuMpznNsyu3jhwG6qhM4mvQ9fITVjABLWDnpvwAuAEAaAGVIAH1PCGYagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDyAsB2BMN4hYCCAE&sigh=mH4Sq9LB808&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&label=admute&ad_mt=0&acvw=sv%3D893%26cb%3Dj%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D54,0,0,0,0%26mtos%3D54,54,54,54,54%26amtos%3D0,0,0,0,0%26mcvt%3D54%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D54%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D54%26pst%3D-1%26dur%3D48204%26vmtime%3D-1%26dvs%3D54%26dfvs%3D54%26dvpt%3D54%26is%3D275%26i0%3D275%26ic%3D4096%26cs%3D4370%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D2678%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D958714797%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1618405774524%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,54&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1618405774193&sdkv=h.3.451.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MjE5MTI5MDM5ODIMNTEyODAzMTE3ODI4QOACUiAQDyUAAFhCKAE6B3Vua25vd25CB3Vua25vd25IjAJQABgB

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK ai
capi.connatix.com/tr/ Frame 4690 0
295 B 146ms
146ms XHR
multipart/form-data 3.140.99.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ai?v=113303
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.140.99.218 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-140-99-218.us-east-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 14 Apr 2021 13:09:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 1_th.jpg
img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/ 9 KB
9 KB 62ms
61ms Image
image/jpeg 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/96c6a808-0527-43ab-9df9-bd6564efec71/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:09:34 GMT
age: 79853
etag: "CcaGrdoKpqqGknM5HNSNnN708hoEs9dqOtjk/gGgPw0"
access-control-max-age: 86400
fastly-io-info: ifsz=101050 idim=2560x1440 ifmt=jpeg ofsz=8750 odim=400x225 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=31557600
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 8750

GET
H3-Q050 200 hhrtBw21.html
tpc.googlesyndication.com/sodar/ Frame 8141 23 KB
9 KB 34ms
21ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/hhrtBw21.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://imasdk.googleapis.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://imasdk.googleapis.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8727
date: Thu, 08 Apr 2021 05:15:12 GMT
expires: Fri, 08 Apr 2022 05:15:12 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 546862
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 pkWyyWNkmr_uFiw7Vavni1hvqfT-w8GGk6JfTYveqco.js
pagead2.googlesyndication.com/bg/ Frame 8141 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/pkWyyWNkmr_uFiw7Vavni1hvqfT-w8GGk6JfTYveqco.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 13:07:28 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 126
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5677
x-xss-protection: 0
expires: Thu, 14 Apr 2022 13:07:28 GMT

GET
H2 204 playback
s.youtube.com/api/stats/ Frame BCB2 0
0 43ms
16ms Image
text/html 2a00:1450:400c:c00::8a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.youtube.com/api/stats/playback?ns=yt&fexp=44729226%2C44730464&el=adunit&cpn=ZvldhD4uCkCYWWuT&docid=PTCwR0AZC28&ver=2&cmt=0.164&fmt=18&rt=0.000&adformat=2_2_1&euri=https%3A%2F%2Fthreatpost.com%2F&len=48.205&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=89.0.4389.72&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop&mos=1&volume=0&delay=28&rtn=10
Requested by: Host: blank
URL: about:blank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::8a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8141 0
23 B 39ms
39ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=36&t=2&li=v_h.3.451.0&bgai=BeXZGjel2YIunNpzH7_UPuOSb-AcAAAAAOAG6BRMI1L-Dquf97wIVofK7CB3d2gsv&bg=!sLOls_fNAAb2K53n9is7ACkAdvg8Wtv_Q8Rwx3qjs9nza4GDdIMovy1SlIN-8D49BnvN-psRjBtQBwIAAABvUgAAAA1oAQcKAIzw17PusuocwsSaTq1CyP0OO1-yTdDgv5S1MkF5YCTurpxxj3_IGWnT0Po5RykFhfX0ntDN3g1AmZAuqPpuLpUCKQO8N_uxFi7x7T5oXoeA8W6uxZbxx1Khjk0ReH5sViT1kYtAoleXXCgku6U9dTCi8N5eAl63Lw3mPjpH9wsONZQV1jroiDCQxytyFJkB94lJ-y8O9e8annaZfv-qbY05wbLLTw5aSGTTbpTEjgzoIFao-CI9JAcoG1JBIcgWd9k9MExA8HLk4PlkbG1W2M5r3u9_kk1Udt1Vp278ildyDeUHCq-HptP08ubwOVw9fqejsyGiuV3h44OiCRS3Ch8l_XRR_ZV4nGisqC4xOfeKu3JqQclxIV576eUqsk796eaXmOqJXg_d9xI-TMUQbQ0SCkxB3oCBtBh4zARdvm4CSWHr6mbR4BZNuWJdzNbDhmxZ0YDctZGfeNGbJQiVOFnHCEBzbUl-k9TOWDko2Gu0fnkXtpTIgyfgNiKi5TwI2-ZpSpbnB4cxxRiC3JQNeuLr6oASUZibRKQv18sZ8ugt_KF7HdoysI4lxoKX1cB4OMbWV35kAzulLWFdTf43sSm2jN-rwaeHufKHtYwjFQavp1b-xZoJ5jf-P0t_INwnLux9tNMRtfSdbWx-H3DLLS8qOo-F6oJeeTTDu6f3YNVK49akLzYmymOrTpNSCy6obgV96ePViIN9iGL0SLKW9uuTxEPEJBqe8XNLkZeBBw2vQo7Cj-Fr_tCGDizl7d-kuiQUKhIV1V93wY2hpnsGYmHRsTNXaBreoIuwO-a_IePGWTymijVCuQk0gaYTR7YJVG9NrrYIgYJeeEJ-Kuc1UmR2mT-ls80v

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK abt
capi.connatix.com/tr/ Frame 4690 0
295 B 149ms
149ms XHR
multipart/form-data 3.140.99.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/abt?v=113303
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.140.99.218 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-140-99-218.us-east-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 14 Apr 2021 13:09:36 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST av
capi.connatix.com/tr/ Frame 4690 0
0

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 686B 42 B
89 B 48ms
47ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvalcSYCLw9oK-p_ohocgA2lxV3vzNq689pvJPwv7fYebG1suJzds7fJLEQOeC0ix682GGPxF2guo4Bk9LVkjVGiEOMPKD7fDKdyIG44g6CssDYsb_xg50Ou_nGftqKflNTJ4m-Uh5UdYTfdmVGH_6k&sai=AMfl-YSF_MxO5rY_U3lgf8c3lPsGKPp6vEuqQdVoZlyjY8KI-hWrlaseVJAYowEzKXwRbNHCfRahHcukCFanso-zE-LrJ17qBiwmr5xQdA-I2qc6bTmEDFZFtq_KaxY&sig=Cg0ArKJSzKroMPNuNHuyEAE&cid=CAASF-Ro8ySKUOHmyJLgFgf2_0IMYE_Iit5f&id=lidarv&acvw=sv%3D893%26cb%3Dj%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D2077,0,0,0,0%26mtos%3D2077,2077,2077,2077,2077%26amtos%3D0,0,0,0,0%26mcvt%3D2077%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2077%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D508%26pst%3D271%26dur%3D48204%26vmtime%3D1914%26dtos%3D2077%26dtoss%3D1%26dvs%3D2023%26dfvs%3D2023%26dvpt%3D2023%26is%3D275%26i0%3D275%26ic%3D16777217%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D2678%26femvt%3D0%26emc%3D12%26emuc%3D0%26emb%3D12,0,0,0,0%26avms%3Dexc%26qi%3D958714797%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D-2147483645%26psa%3D0%26ptlt%3D1618405776546%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2077&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1618405774193

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Apr 2021 13:09:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: quantcount.com
URL: https://quantcount.com/log/error?msg=%5BUSPAPI%5D%20unsuccessful:%20TypeError:%20Cannot%20read%20property%20%27getItem%27%20of%20null

Domain: capi.connatix.com
URL: https://capi.connatix.com/tr/av?v=113303

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

280 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 399) Message: gBrowserWidth =1600
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 424) Message: OpenX Slot defined for /21707124336/ThreatPost-970x250-ATF div-gpt-ad-6794670-2
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 424) Message: OpenX Slot defined for /21707124336/ThreatPost-300x250-ATF div-gpt-ad-6794670-3
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 424) Message: OpenX Slot defined for /21707124336/ThreatPost-300x600-ATF div-gpt-ad-6794670-5
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 424) Message: OpenX Slot defined for /21707124336/ThreatPost-2x2-Skin div-gpt-ad-6794670-1
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: %cCMP: Startup v270 color: #555599
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: uspapi: uspapi_init() - v0.105
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: USP: Locale=en-us gdpr= false
console-api	warning	URL: https://qd.admetricspro.com/js/threatpost/prebid.js(Line 3) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: gAMPidentityLinkID not present, prebid configured without identyLink
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: gSChainNodes found, prebid configured with 1 supply chain object(s)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: final pbjs config
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: [object Object]
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: gAMPidentityLinkID not present, prebid configured without ATS Analytics
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: Initial Ad Load
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: %cCMP: GVL version is 45 color: #555599
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: __uspLaunch begin
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://secure.quantserve.com/quant.js(Line 2) Message: ERROR Wed Apr 14 2021 15:09:30 GMT+0200 (Central European Summer Time) [USPAPI] unsuccessful: TypeError: Cannot read property 'getItem' of null
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d81b5f-b91f-4f31-84dd-d21e3fbc673b request 1618405771311 Wed Apr 14 2021 15:09:31 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem ab5d6a50-54a9-4eee-836f-b70009b7e26e prebid 1618405771539 Wed Apr 14 2021 15:09:31 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem e039ec48-4cf3-4169-b010-876870099ce1 prebid 1618405771944 Wed Apr 14 2021 15:09:31 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 708650e1-7e56-44db-a4d8-905cd8dd2282 prebid 1618405771944 Wed Apr 14 2021 15:09:31 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 708650e1-7e56-44db-a4d8-905cd8dd2282 prebid 1618405771944 Wed Apr 14 2021 15:09:31 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 708650e1-7e56-44db-a4d8-905cd8dd2282 prebid 1618405771944 Wed Apr 14 2021 15:09:31 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 708650e1-7e56-44db-a4d8-905cd8dd2282 prebid 1618405771944 Wed Apr 14 2021 15:09:31 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d81b5f-b91f-4f31-84dd-d21e3fbc673b prebid 1618405772367 Wed Apr 14 2021 15:09:32 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d81b5f-f211-48fd-87c8-99e4aaaf9321 request 1618405772373 Wed Apr 14 2021 15:09:32 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d81b5f-f211-48fd-87c8-99e4aaaf9321 prebid 1618405773297 Wed Apr 14 2021 15:09:33 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d81b60-3289-409b-8547-5028db78bb2b request 1618405773297 Wed Apr 14 2021 15:09:33 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d85357-e376-4200-8707-b81575b66f67 prebid 1618405773436 Wed Apr 14 2021 15:09:33 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d85357-c2bb-4767-841f-4a38579b3325 prebid 1618405773436 Wed Apr 14 2021 15:09:33 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d85357-a3a2-44a1-8007-53e00688d2ca prebid 1618405773436 Wed Apr 14 2021 15:09:33 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d85357-f6d1-49a1-8240-2a59343b27ee prebid 1618405773436 Wed Apr 14 2021 15:09:33 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d85357-d128-4b32-8ce6-37211387222c prebid 1618405773436 Wed Apr 14 2021 15:09:33 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d85358-25fc-40f4-83ff-c5f79b72c26a prebid 1618405773436 Wed Apr 14 2021 15:09:33 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d7f5c2-5713-4235-84fc-1eb00b4c7916 prebid 1618405773436 Wed Apr 14 2021 15:09:33 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d85358-1930-4aaf-8595-ebd4038234c3 prebid 1618405773436 Wed Apr 14 2021 15:09:33 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d85357-b22e-4645-835b-04f8786a5b1c prebid 1618405773436 Wed Apr 14 2021 15:09:33 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d81b60-3289-409b-8547-5028db78bb2b bid 1618405774188 Wed Apr 14 2021 15:09:34 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d81b60-3289-409b-8547-5028db78bb2b initAd 1618405774189 Wed Apr 14 2021 15:09:34 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d81b60-3289-409b-8547-5028db78bb2b win 1618405774191 Wed Apr 14 2021 15:09:34 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	(Line 7) Message: CNX-ad-imp
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d81b60-3289-409b-8547-5028db78bb2b impression 1618405774563 Wed Apr 14 2021 15:09:34 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://cd.connatix.com/connatix.player.js(Line 1) Message: Debug LineItem 08d81b60-3289-409b-8547-5028db78bb2b viewableImpression 1618405776531 Wed Apr 14 2021 15:09:36 GMT+0200 (Central European Summer Time)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
analytics.twitter.com
assets.threatpost.com
c.amazon-adsystem.com
capi.connatix.com
cd.connatix.com
cds.connatix.com
csi.gstatic.com
googleads.g.doubleclick.net
graph.facebook.com
i.ytimg.com
imasdk.googleapis.com
img.connatix.com
kasperskycontenthub.com
lit.connatix.com
media.threatpost.com
pagead2.googlesyndication.com
pubads.g.doubleclick.net
qd.admetricspro.com
quantcount.com
r5---sn-4g5e6nzl.googlevideo.com
r5---sn-5go7yner.googlevideo.com
rules.quantcount.com
s.srvsynd.com
s.youtube.com
s0.2mdn.net
secure.quantserve.com
securepubads.g.doubleclick.net
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tagan.adlightning.com
threatpost.com
tpc.googlesyndication.com
vid.connatix.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.reddit.com
yt3.ggpht.com
capi.connatix.com
quantcount.com
104.244.42.3
104.244.42.69
151.101.113.140
151.101.14.137
199.232.136.157
216.58.212.162
2600:9000:20e8:5200:0:5c46:4f40:93a1
2600:9000:20e8:e000:6:44e3:f8c0:93a1
2600:9000:214f:b600:2:9275:3d40:93a1
2606:4700:3036::6815:3f46
2620:116:800d:21:36a9:ecb:e518:b308
2620:1ec:21::14
2a00:1450:4001:3c::a
2a00:1450:4001:800::2001
2a00:1450:4001:801::2002
2a00:1450:4001:802::2016
2a00:1450:4001:803::2003
2a00:1450:4001:812::2001
2a00:1450:4001:812::200a
2a00:1450:4001:813::2003
2a00:1450:4001:813::2004
2a00:1450:4001:827::2006
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::200e
2a00:1450:400c:c00::8a
2a00:1450:400c:c00::9a
2a00:1450:400f:13::a
2a00:1450:4017:80c::2003
2a03:2880:f01c:800e:face:b00c:0:2
3.140.99.218
35.173.160.135
52.31.191.243
99.84.153.196
99.84.156.100
11ff711cf78ebfa3c9e8bd545ebe64513c66927edc75a6b0828e4e886c2fa0a5
16d7d7227f6d8251224d32cd45c81633a3a9d63bf35cd84b1d99d389becb5030
172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d
178f058426830d14a05750625b5f6750efc3cb905e25899209cde01fcd4877af
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838
31209c189808e0c841cff83b2fcef3b579ba910ed974b2b1ea98a750ecd0f8f2
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
41f3222c29889fb48f5dca1d481858e5339a759655510c256ef4edf56c80f7f5
45dca5228c4211ad70f1be0830427929c9066c282db4061babbf2c7d8eb1010a
519085a0b4ae43798324a00d036f57c53bb0b62f20e7f9b9fc4402c0e3518663
5c27bdc929b400a819e3dbc5ca7b78f1eab5b2b7d884b5c33c7792a82b73b959
6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2
72eaaf36ecf9e2e0757d5154ce285d44296ee79b32ea122953df2a1133c6f2fb
73339d824e344121a3039b2e0e9c9353fb8132e005bb6d53249814c213520d5d
89ce08431545cd3c6d42419d99ee0152027a68c1d0c7c82838cc9a51d9d52451
a05f635f324c5e8f9837ab55674770dc875300634edbc96500f4ffa19230630a
a5df491d38bad7be4712ad0e6c636de9212027d2b0fbb433eebda0c2f3182ca2
ab09814addb95f1753755def0c6f218e5b6e35ad6304225e08454c413cfc258a
b0209d39595432d762f6ba2a81dc0bffa6a6e1ed9021ba24ffa06c3c7e4bcb02
b02ed61742d7fef9c71436e9cf9494bf16f5f52ad88e9300730b79c77d4344b5
b335724518b48b697eef178ba42be13d9cf279646970cffd3e4817917cb36382
babae61c6d25e5b1d8b4eff05aae6f78816bcb24d5c7274ac2364882855edb10
bbc688ea0af0051ff5a2e638a07cc36980f10deef3e1d0bdd069811768c6fe30
bf97ea16fc6f3ed219404e08367a661cc6964d6bd9a40872e26453976df761e2
c6c4147f80da55b9177793bae26fb3124c29c619ba0029896e98af3038eff0c4
e51abf8c34e6839bad4c445ce7e35e0cb44508998ad67c194ef08ce081f19d39
ec2fc16e01b6a4bddae03194e09881cb6a1571139b788163aa64b8b6ec5efba5
ec82f25728a7476081da09d7f86ff7cc2b224ea14a7f0ce66b4400adae77f868
f5bce9b05e1706ad7f05247b0abeeba58f18642a14f4391d02d886d0d91ae6f8
f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
fe81e776d459f15b4daef2ea548d3150a761c08d33c3013df60d929775548092

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

147 Requests

98 %HTTPS

69 %IPv6

29 Domains

44 Subdomains

37 IPs

4 Countries

4829 kBTransfer

12546 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

147 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

147
Requests

98 %
HTTPS

69 %
IPv6

29
Domains

44
Subdomains

37
IPs

4
Countries

4829 kB
Transfer

12546 kB
Size

0
Cookies

147 HTTP transactions
2 data transactions