www.androidpolice.com Open in urlscan Pro
44.196.161.176 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/nZJA4XRYOk
Effective URL:
https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Submission: On March 25 via api (March 25th 2022, 11:05:54 am UTC) from US — Scanned from DE

Summary HTTP 227 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 80 IPs in 10 countries across 62 domains to perform 227 HTTP transactions. The main IP is 44.196.161.176, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.androidpolice.com. The Cisco Umbrella rank of the primary domain is 140152.
TLS certificate: Issued by R3 on February 4th 2022. Valid for: 3 months.

This is the only time www.androidpolice.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1 1	44.238.250.195 44.238.250.195	16509 (AMAZON-02) (AMAZON-02)
13	44.196.161.176 44.196.161.176	14618 (AMAZON-AES) (AMAZON-AES)
7	2606:4700:10:... 2606:4700:10::ac43:25e7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6812:ba39	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	143.204.98.122 143.204.98.122	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
24	2600:9000:215... 2600:9000:2156:2c00:1a:5235:f980:93a1	16509 (AMAZON-02) (AMAZON-02)
1	151.139.128.11 151.139.128.11	20446 (STACKPATH...) (STACKPATH-CDN)
4	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
6	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	143.204.98.108 143.204.98.108	16509 (AMAZON-02) (AMAZON-02)
6	35.186.249.84 35.186.249.84	15169 (GOOGLE) (GOOGLE)
2	54.71.105.247 54.71.105.247	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
8	143.204.95.188 143.204.95.188	16509 (AMAZON-02) (AMAZON-02)
1	34.209.98.169 34.209.98.169	16509 (AMAZON-02) (AMAZON-02)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
3	35.201.67.47 35.201.67.47	15169 (GOOGLE) (GOOGLE)
2	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE)
6	34.192.73.199 34.192.73.199	14618 (AMAZON-AES) (AMAZON-AES)
2	104.111.219.144 104.111.219.144	16625 (AKAMAI-AS) (AKAMAI-AS)
2	46.105.202.126 46.105.202.126	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:5a00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
3	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	2a0c:5c81:513... 2a0c:5c81:5139::2	55081 (24SHELLS) (24SHELLS)
9	63.250.60.64 63.250.60.64	204548 (CLOUDWEBM...) (CLOUDWEBMANAGE-IL-FR)
2	35.211.178.172 35.211.178.172	19527 (GOOGLE-2) (GOOGLE-2)
1 1	23.88.75.188 23.88.75.188	24940 (HETZNER-AS) (HETZNER-AS)
3 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
4 7	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
3 3	185.33.220.244 185.33.220.244	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	2606:4700::68... 2606:4700::6810:7baf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2620:1ec:27::... 2620:1ec:27::cafe:1761	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	34.120.117.212 34.120.117.212	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
2	3.124.152.204 3.124.152.204	16509 (AMAZON-02) (AMAZON-02)
2	18.158.31.37 18.158.31.37	16509 (AMAZON-02) (AMAZON-02)
7 9	2.18.234.233 2.18.234.233	16625 (AKAMAI-AS) (AKAMAI-AS)
2	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	2.21.111.28 2.21.111.28	16625 (AKAMAI-AS) (AKAMAI-AS)
4	18.193.180.51 18.193.180.51	16509 (AMAZON-02) (AMAZON-02)
1	44.226.74.222 44.226.74.222	16509 (AMAZON-02) (AMAZON-02)
1	35.83.111.96 35.83.111.96	16509 (AMAZON-02) (AMAZON-02)
1 8	44.240.184.96 44.240.184.96	16509 (AMAZON-02) (AMAZON-02)
4 6	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1 2	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5 9	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	54.77.200.211 54.77.200.211	16509 (AMAZON-02) (AMAZON-02)
2 2	52.214.158.110 52.214.158.110	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:215... 2600:9000:2156:4a00:f:4f64:8940:93a1	16509 (AMAZON-02) (AMAZON-02)
8	62.149.0.72 62.149.0.72	15497 (COLOCALL ...) (COLOCALL Internet Data Center ColoCALL)
2 2	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2 3	37.157.5.142 37.157.5.142	198622 (ADFORM) (ADFORM)
4	52.167.85.21 52.167.85.21	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	192.82.242.209 192.82.242.209	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE)
1 13	35.158.38.112 35.158.38.112	16509 (AMAZON-02) (AMAZON-02)
2	54.90.140.145 54.90.140.145	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1 1	194.213.62.37 194.213.62.37	13036 (TMOBILE-) (TMOBILE-)
1	2606:4700:303... 2606:4700:3037::ac43:c1e6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.37.124.246 52.37.124.246	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1 1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	37.252.173.213 37.252.173.213	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a00:1450:400... 2a00:1450:4001:800::2006	15169 (GOOGLE) (GOOGLE)
2 2	72.251.244.142 72.251.244.142	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	54.36.109.156 54.36.109.156	16276 (OVH) (OVH)
1	18.203.96.202 18.203.96.202	16509 (AMAZON-02) (AMAZON-02)
2	104.117.200.100 104.117.200.100	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	18.194.227.226 18.194.227.226	16509 (AMAZON-02) (AMAZON-02)
2 4	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
2 2	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
1 1	18.134.84.19 18.134.84.19	16509 (AMAZON-02) (AMAZON-02)
2 2	52.211.111.162 52.211.111.162	16509 (AMAZON-02) (AMAZON-02)
2 2	2a05:d018:d29... 2a05:d018:d29:3602:d715:9c64:5860:e3e3	16509 (AMAZON-02) (AMAZON-02)
2 2	3.122.208.3 3.122.208.3	16509 (AMAZON-02) (AMAZON-02)
1	173.231.180.197 173.231.180.197	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
1 1	50.31.142.63 50.31.142.63	23352 (SERVERCEN...) (SERVERCENTRAL)
227	80

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.238.250.195 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-44-238-250-195.us-west-2.compute.amazonaws.com

dlvr.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 44.196.161.176 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-196-161-176.compute-1.amazonaws.com

www.androidpolice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:10::ac43:25e7 (United States)

ASN13335 (CLOUDFLARENET, US)

static1.anpoimages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:ba39 (United States)

ASN13335 (CLOUDFLARENET, US)

f.convertkit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.convertkit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-122.fra50.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2600:9000:2156:2c00:1a:5235:f980:93a1 (United States)

ASN16509 (AMAZON-02, US)

live.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

androidpolice.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-108.fra50.r.cloudfront.net

static.narrativ.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.186.249.84 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 84.249.186.35.bc.googleusercontent.com

scarfsmash.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.71.105.247 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-71-105-247.us-west-2.compute.amazonaws.com

a.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 143.204.95.188 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-95-188.fra50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.209.98.169 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-209-98-169.us-west-2.compute.amazonaws.com

seg.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.67.47 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.91.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 160.91.190.35.bc.googleusercontent.com

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.192.73.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-192-73-199.compute-1.amazonaws.com

events.release.narrativ.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.219.144 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-219-144.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.105.202.126 (France)

ASN16276 (OVH, FR)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:5a00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (Amsterdam, Netherlands) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0c:5c81:5139::2 (London, United Kingdom)

ASN55081 (24SHELLS, US)

s.console.adtarget.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 63.250.60.64 (Frankfurt am Main, Germany)

ASN204548 (CLOUDWEBMANAGE-IL-FR, US)

video.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.211.178.172 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.88.75.188 (Gunzenhausen, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.188.75.88.23.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 76.223.111.18 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.220.244 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7baf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:27::cafe:1761 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.117.212 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 212.117.120.34.bc.googleusercontent.com

ls.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.152.204 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-152-204.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.31.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-31-37.eu-central-1.compute.amazonaws.com

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.18.234.233 (Frankfurt am Main, Germany) 7 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-233.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.21.111.28 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-111-28.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.193.180.51 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-180-51.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.226.74.222 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-226-74-222.us-west-2.compute.amazonaws.com

p.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.83.111.96 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-83-111-96.us-west-2.compute.amazonaws.com

id.halo.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 44.240.184.96 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-184-96.us-west-2.compute.amazonaws.com

ids.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 15.197.193.217 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.80 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.16.130 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.132.241 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.77.200.211 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-200-211.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.214.158.110 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-158-110.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2156:4a00:f:4f64:8940:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 62.149.0.72 (Ukraine)

ASN15497 (COLOCALL Internet Data Center ColoCALL, UA)
PTR: 0-72.cc86365-03-tmp.cc.colocall.com

sync.console.adtarget.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.65 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.5.142 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.167.85.21 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

i.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.82.242.209 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 35.158.38.112 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com

ih.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.90.140.145 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-140-145.compute-1.amazonaws.com

api.narrativ.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.213.62.37 (Hrabuvka, Czech Republic) 1 redirects

ASN13036 (TMOBILE-, CZ)
PTR: bbnautid4.ibillboard.com

bbnaut.ibillboard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:c1e6 (United States)

ASN13335 (CLOUDFLARENET, US)

images.getadmiral.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.37.124.246 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-37-124-246.us-west-2.compute.amazonaws.com

pixels.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.213 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 864.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

adscale-emea.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.244.142 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)
PTR: tracking-failover-03.ams2.m6r.eu

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.36.109.156 (France)

ASN16276 (OVH, FR)
PTR: p07.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.203.96.202 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-96-202.eu-west-1.compute.amazonaws.com

id.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.117.200.100 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-117-200-100.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.194.227.226 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-227-226.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.134.84.19 (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-134-84-19.eu-west-2.compute.amazonaws.com

1f2e7.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.211.111.162 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-111-162.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3602:d715:9c64:5860:e3e3 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.208.3 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-208-3.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.231.180.197 (United States)

ASN29791 (VOXEL-DOT-NET, US)
PTR: ams-delivery-4.sys.adgear.com

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.180.144 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.31.142.63 (Riverdale, United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	primis.tech live.primis.tech — Cisco Umbrella Rank: 2934 video.primis.tech — Cisco Umbrella Rank: 5944	3 MB
16	adscale.de 1 redirects js.adscale.de — Cisco Umbrella Rank: 6659 ih.adscale.de — Cisco Umbrella Rank: 4504	16 KB
14	ad.gt 1 redirects a.ad.gt — Cisco Umbrella Rank: 4610 seg.ad.gt — Cisco Umbrella Rank: 10390 p.ad.gt — Cisco Umbrella Rank: 5220 id.halo.ad.gt — Cisco Umbrella Rank: 56917 ids.ad.gt — Cisco Umbrella Rank: 4157 pixels.ad.gt — Cisco Umbrella Rank: 5088	25 KB
13	doubleclick.net 5 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 cm.g.doubleclick.net — Cisco Umbrella Rank: 176 stats.g.doubleclick.net — Cisco Umbrella Rank: 68	132 KB
13	androidpolice.com www.androidpolice.com — Cisco Umbrella Rank: 140152	271 KB
10	amazon-adsystem.com 1 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 275 s.amazon-adsystem.com — Cisco Umbrella Rank: 260	83 KB
9	stickyadstv.com 7 redirects ads.stickyadstv.com — Cisco Umbrella Rank: 626	7 KB
9	3lift.com 4 redirects eb2.3lift.com — Cisco Umbrella Rank: 346 tlx.3lift.com — Cisco Umbrella Rank: 512	5 KB
9	adtarget.com.tr s.console.adtarget.com.tr — Cisco Umbrella Rank: 5388 sync.console.adtarget.com.tr — Cisco Umbrella Rank: 5722	4 KB
9	narrativ.com static.narrativ.com — Cisco Umbrella Rank: 8226 events.release.narrativ.com — Cisco Umbrella Rank: 8122 api.narrativ.com — Cisco Umbrella Rank: 28888	42 KB
9	skimresources.com s.skimresources.com — Cisco Umbrella Rank: 2789 r.skimresources.com — Cisco Umbrella Rank: 2662 t.skimresources.com — Cisco Umbrella Rank: 2825 p.skimresources.com — Cisco Umbrella Rank: 3627 ls.skimresources.com — Cisco Umbrella Rank: 8581	17 KB
8	rubiconproject.com pixel.rubiconproject.com Failed prebid-server.rubiconproject.com — Cisco Umbrella Rank: 953 token.rubiconproject.com — Cisco Umbrella Rank: 595 eus.rubiconproject.com — Cisco Umbrella Rank: 503	13 KB
8	pubmatic.com 1 redirects ads.pubmatic.com — Cisco Umbrella Rank: 419 hbopenbid.pubmatic.com — Cisco Umbrella Rank: 417 image2.pubmatic.com — Cisco Umbrella Rank: 774 image6.pubmatic.com — Cisco Umbrella Rank: 571	18 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 916 i.clarity.ms — Cisco Umbrella Rank: 1864 c.clarity.ms — Cisco Umbrella Rank: 547	25 KB
7	anpoimages.com static1.anpoimages.com — Cisco Umbrella Rank: 194535	178 KB
6	yahoo.com 4 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 268 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 416	3 KB
6	adsrvr.org 4 redirects match.adsrvr.org — Cisco Umbrella Rank: 293	3 KB
6	advertising.com 3 redirects ads.adaptv.advertising.com — Cisco Umbrella Rank: 1091 pixel.advertising.com — Cisco Umbrella Rank: 307	2 KB
6	scarfsmash.com scarfsmash.com — Cisco Umbrella Rank: 133803	219 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	22 KB
6	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90	174 KB
5	criteo.com 2 redirects dis.criteo.com — Cisco Umbrella Rank: 617 gum.criteo.com — Cisco Umbrella Rank: 347 mug.criteo.com — Cisco Umbrella Rank: 3185	2 KB
5	casalemedia.com 3 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 476 htlb.casalemedia.com — Cisco Umbrella Rank: 409 ssum.casalemedia.com — Cisco Umbrella Rank: 1229	3 KB
4	adnxs.com 4 redirects secure.adnxs.com — Cisco Umbrella Rank: 359 adscale-emea.adnxs.com — Cisco Umbrella Rank: 15944	4 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35 imasdk.googleapis.com — Cisco Umbrella Rank: 399	318 KB
4	disqus.com androidpolice.disqus.com — Cisco Umbrella Rank: 250263	6 KB
3	adform.net 2 redirects cm.adform.net — Cisco Umbrella Rank: 1775 track.adform.net — Cisco Umbrella Rank: 3334	1 KB
3	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1490 id5-sync.com — Cisco Umbrella Rank: 488	23 KB
3	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 1314	84 KB
3	convertkit.com f.convertkit.com — Cisco Umbrella Rank: 15221 app.convertkit.com — Cisco Umbrella Rank: 16023	14 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 730	1 KB
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 462	1 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 490	670 B
2	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 193	891 B
2	m6r.eu 2 redirects tracking.m6r.eu — Cisco Umbrella Rank: 11276	1 KB
2	creativecdn.com 2 redirects creativecdn.com — Cisco Umbrella Rank: 614	721 B
2	360yield.com 2 redirects ad.360yield.com — Cisco Umbrella Rank: 630	687 B
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 184	2 KB
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 384	1 KB
2	gstatic.com fonts.gstatic.com	45 KB
2	google.de ampcid.google.de — Cisco Umbrella Rank: 47428 www.google.de — Cisco Umbrella Rank: 6433	966 B
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 821	2 KB
2	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 257	470 B
2	spotxchange.com 2 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 480	1 KB
2	google.com ampcid.google.com — Cisco Umbrella Rank: 1737 www.google.com — Cisco Umbrella Rank: 2	1 KB
2	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1623	34 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	123 KB
1	zemanta.com 1 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 528	301 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 434	706 B
1	adgrx.com cm.adgrx.com — Cisco Umbrella Rank: 1282	408 B
1	fwmrm.net 1 redirects 1f2e7.v.fwmrm.net — Cisco Umbrella Rank: 3206	511 B
1	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 604	2 KB
1	crwdcntrl.net id.crwdcntrl.net — Cisco Umbrella Rank: 1648	342 B
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	17 KB
1	getadmiral.com images.getadmiral.com — Cisco Umbrella Rank: 87574	1 KB
1	ibillboard.com 1 redirects bbnaut.ibillboard.com — Cisco Umbrella Rank: 16459	550 B
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 908	242 B
1	openx.net u.openx.net — Cisco Umbrella Rank: 621	305 B
1	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 500	483 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	28 KB
1	dlvr.it 1 redirects dlvr.it — Cisco Umbrella Rank: 56625	534 B
1	t.co t.co — Cisco Umbrella Rank: 448	576 B
227	62

	Domain	Requested by
24	live.primis.tech	www.androidpolice.com live.primis.tech tagan.adlightning.com
13	ih.adscale.de	1 redirects js.adscale.de ih.adscale.de
13	www.androidpolice.com	t.co www.androidpolice.com
9	cm.g.doubleclick.net	5 redirects www.androidpolice.com eb2.3lift.com
9	ads.stickyadstv.com	7 redirects live.primis.tech
9	video.primis.tech	www.androidpolice.com live.primis.tech
8	sync.console.adtarget.com.tr	s.console.adtarget.com.tr js.adscale.de
8	ids.ad.gt	1 redirects www.androidpolice.com
8	c.amazon-adsystem.com	www.androidpolice.com c.amazon-adsystem.com live.primis.tech
7	eb2.3lift.com	4 redirects live.primis.tech eb2.3lift.com
7	static1.anpoimages.com	www.androidpolice.com
6	match.adsrvr.org	4 redirects live.primis.tech eb2.3lift.com
6	events.release.narrativ.com	static.narrativ.com tagan.adlightning.com www.androidpolice.com
6	scarfsmash.com	www.androidpolice.com scarfsmash.com
6	www.google-analytics.com	www.androidpolice.com www.google-analytics.com www.googletagmanager.com
6	pagead2.googlesyndication.com	www.androidpolice.com pagead2.googlesyndication.com srcdoc imasdk.googleapis.com
4	ups.analytics.yahoo.com	2 redirects www.androidpolice.com
4	pixel.advertising.com	3 redirects www.androidpolice.com
4	i.clarity.ms	www.clarity.ms i.clarity.ms
4	prebid-server.rubiconproject.com	live.primis.tech
4	androidpolice.disqus.com	www.androidpolice.com tagan.adlightning.com
3	js.adscale.de	s.console.adtarget.com.tr js.adscale.de ih.adscale.de
3	secure.adnxs.com	3 redirects
3	ads.pubmatic.com	tagan.adlightning.com s.console.adtarget.com.tr live.primis.tech
3	t.skimresources.com	www.androidpolice.com s.skimresources.com
3	tagan.adlightning.com	www.androidpolice.com tagan.adlightning.com
2	s.amazon-adsystem.com	1 redirects eb2.3lift.com
2	pm.w55c.net	2 redirects
2	pr-bh.ybp.yahoo.com	2 redirects
2	match.prod.bidr.io	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	eus.rubiconproject.com	live.primis.tech eus.rubiconproject.com
2	mug.criteo.com	www.androidpolice.com
2	gum.criteo.com	1 redirects
2	app.convertkit.com	f.convertkit.com
2	c.bing.com	1 redirects eb2.3lift.com
2	c.clarity.ms	1 redirects
2	tracking.m6r.eu	2 redirects
2	imasdk.googleapis.com	live.primis.tech imasdk.googleapis.com
2	track.adform.net	2 redirects
2	api.narrativ.com	static.narrativ.com
2	creativecdn.com	2 redirects
2	ad.360yield.com	2 redirects
2	dpm.demdex.net	2 redirects
2	sync.mathtag.com	2 redirects
2	token.rubiconproject.com	www.androidpolice.com eus.rubiconproject.com
2	image2.pubmatic.com	1 redirects www.androidpolice.com
2	htlb.casalemedia.com	live.primis.tech
2	hbopenbid.pubmatic.com	live.primis.tech
2	ads.adaptv.advertising.com	live.primis.tech
2	tlx.3lift.com	live.primis.tech
2	fonts.gstatic.com	fonts.googleapis.com
2	ls.skimresources.com	s.skimresources.com
2	unpkg.com	1 redirects www.androidpolice.com
2	ssum-sec.casalemedia.com	2 redirects
2	x.bidswitch.net	www.androidpolice.com eb2.3lift.com
2	sync.search.spotxchange.com	2 redirects
2	fonts.googleapis.com	tagan.adlightning.com
2	securepubads.g.doubleclick.net	tagan.adlightning.com www.googletagservices.com
2	cdn.id5-sync.com	tagan.adlightning.com t.co
2	secure.cdn.fastclick.net	tagan.adlightning.com t.co
2	p.skimresources.com	www.androidpolice.com
2	a.ad.gt	www.androidpolice.com p.ad.gt
2	www.googletagmanager.com	www.androidpolice.com www.googletagmanager.com
1	b1sync.zemanta.com	1 redirects
1	px.ads.linkedin.com	eb2.3lift.com
1	cm.adgrx.com	www.androidpolice.com
1	1f2e7.v.fwmrm.net	1 redirects
1	js-sec.indexww.com	live.primis.tech
1	id.crwdcntrl.net	live.primis.tech
1	id5-sync.com	live.primis.tech
1	s0.2mdn.net	imasdk.googleapis.com
1	adscale-emea.adnxs.com	1 redirects
1	dis.criteo.com	1 redirects
1	pixels.ad.gt	tagan.adlightning.com
1	images.getadmiral.com	www.androidpolice.com
1	ssum.casalemedia.com	1 redirects
1	bbnaut.ibillboard.com	1 redirects
1	www.google.de	www.androidpolice.com
1	www.google.com	www.androidpolice.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	image6.pubmatic.com	ads.pubmatic.com
1	cm.adform.net	s.console.adtarget.com.tr
1	id.halo.ad.gt	a.ad.gt
1	p.ad.gt	a.ad.gt
1	ampcid.google.de	www.google-analytics.com
1	www.clarity.ms	t.co
1	csync.loopme.me	1 redirects
1	s.console.adtarget.com.tr	tagan.adlightning.com
1	u.openx.net	tagan.adlightning.com
1	static.adsafeprotected.com	www.androidpolice.com
1	googleads.g.doubleclick.net	tagan.adlightning.com
1	ampcid.google.com	www.google-analytics.com
1	r.skimresources.com	s.skimresources.com
1	seg.ad.gt	www.androidpolice.com
1	www.googletagservices.com	www.androidpolice.com
1	static.narrativ.com	www.androidpolice.com
1	s.skimresources.com	www.androidpolice.com
1	f.convertkit.com	www.androidpolice.com
1	dlvr.it	1 redirects
1	t.co
0	pixel.rubiconproject.com Failed	www.androidpolice.com
227	102

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
www.facebook.com
twitter.com
news.google.com
feedly.com
www.pushbullet.com
www.linkedin.com
blog.google
chromereleases.googleblog.com
www.clearskysec.com
securelist.com
www.instagram.com
stevehuff.substack.com
getadmiral.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
androidpolice.com R3	`2022-02-04` - `2022-05-05`	3 months	crt.sh
*.anpoimages.com E1	`2022-02-04` - `2022-05-05`	3 months	crt.sh
convertkit.com Cloudflare Inc ECC CA-3	`2021-06-07` - `2022-06-06`	a year	crt.sh
*.adlightning.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.primis.tech Amazon	`2021-10-28` - `2022-11-26`	a year	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2021-09-27` - `2022-10-28`	a year	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
static.narrativ.com Amazon	`2021-04-30` - `2022-05-29`	a year	crt.sh
scarfsmash.com R3	`2022-03-23` - `2022-06-21`	3 months	crt.sh
*.ad.gt Amazon	`2021-06-09` - `2022-07-08`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.release.narrativ.com Amazon	`2021-08-05` - `2022-09-03`	a year	crt.sh
secure.cdn.fastclick.net DigiCert SHA2 Secure Server CA	`2022-01-15` - `2023-01-17`	a year	crt.sh
cdn.id5-sync.com R3	`2022-02-02` - `2022-05-03`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
s.console.adtarget.com.tr ZeroSSL ECC Domain Secure Site CA	`2022-01-28` - `2022-04-28`	3 months	crt.sh
primis.tech Go Daddy Secure Certificate Authority - G2	`2021-10-29` - `2022-06-18`	8 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.3lift.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-15` - `2022-09-07`	6 months	crt.sh
ads.stickyadstv.com DigiCert SHA2 Secure Server CA	`2021-09-19` - `2022-09-20`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
halo.ad.gt Amazon	`2021-05-04` - `2022-06-02`	a year	crt.sh
*.adscale.de Amazon	`2021-08-08` - `2022-09-06`	a year	crt.sh
sync.console.adtarget.com.tr R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
*.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-05-28` - `2022-06-15`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
api.planethowl.com Amazon	`2022-03-03` - `2023-04-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
getadmiral.com Cloudflare Inc ECC CA-3	`2021-05-13` - `2022-05-12`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2021-04-29` - `2022-05-31`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2022-09-01`	6 months	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-03-16` - `2022-09-16`	6 months	crt.sh

This page contains 24 frames:

Primary Page: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Frame ID: 8CDEF13FD0D485DDA392F7F4A564FD95
Requests: 116 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveView.php?s=108500&subId=[AP-Reg-Balance]&x=600&y=338&cbuster=1648206347&pubUrlAuto=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Frame ID: 8A0CDCFA1B6AD7AA20A13D9A91368378
Requests: 50 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.6615152656726286
Frame ID: 2CE49417B47AFFBB37E60952688B02DA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220323/r20190131/zrt_lookup.html
Frame ID: 529D688422EA730D0FED40DC0B3FDD32
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Frame ID: 9ED229C208FD6953C38F1CD37D9CEC75
Requests: 2 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=94&advUuid=86585550-ac2b-11ec-ad90-11482f420406
Frame ID: F16CB8248C72CAD6362C8B0BBB569ACA
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D98%26advUuid%3D
Frame ID: 6F4570AD3818C6CDA836924265251EA4
Requests: 1 HTTP requests in this frame

Frame: https://s.console.adtarget.com.tr/sync.html?aid=556966
Frame ID: E2B06BAF853EFC3226B2334D9B6C3B98
Requests: 3 HTTP requests in this frame

Frame: https://events.release.narrativ.com/api/v0/session.html
Frame ID: 808862D65E03546C814C22EB0C9F9A91
Requests: 1 HTTP requests in this frame

Frame: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Frame ID: 3FD924A9F35F545792472C9BB5595ACD
Requests: 5 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=502624&extuid=${USER_ID}
Frame ID: 18C6C4180ADCB651A0099CAE08E68B2E
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=544989&extuid=${USER_ID}
Frame ID: 2E29EB7738AB9404C152F8539AE4CD60
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=550070&extuid=${USER_ID}
Frame ID: F368D2BBD7B76C01284AD400510DBB4C
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=550214&extuid=${USER_ID}
Frame ID: 37FC5FEC1409C6FE40B0B15403753094
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=wfc1rn3LGh0sJKOEAfUJ&pi=admatic&tc=1
Frame ID: B2C5EE66325C446068CBF1627243B11D
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Frame ID: B510E5BF54251FF5074E53D62E599FD6
Requests: 1 HTTP requests in this frame

Frame: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Frame ID: EBAA0ADED49E0CEED411069F1BDBCD9C
Requests: 1 HTTP requests in this frame

Frame: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Frame ID: DA1AE066D22FF5E5994B8B78D34E0100
Requests: 11 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.507.1_en.html
Frame ID: 915907D2A1CC164D91204CDC2EECC1BD
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 8BB8DB75B95F5A0FE3B163CF0F13E002
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=true&
Frame ID: 489D079B936219E675BAC6FC5C3C9AA4
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Frame ID: 5647B895D023BE66FA3625A3996A54D0
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 40C18FA7B4C051854D4CEF73BC5D3659
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Frame ID: 69A7B927A423EA2C2E61CA3464B671A3
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

North Korean hackers targeted fintech and media with Chrome zero-day exploituser-signalchecklistsettings-toggle-horizontal

Page URL History Show full URLs

https://t.co/nZJA4XRYOk Page URL
http://dlvr.it/SMKQL1 HTTP 301
https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_m... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

227
Requests

85 %
HTTPS

28 %
IPv6

62
Domains

102
Subdomains

80
IPs

10
Countries

4932 kB
Transfer

9213 kB
Size

111
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.youtube.com/AndroidPolice

Search URL Search Domain Scan URL

URL: https://www.facebook.com/AndroidPolice

Search URL Search Domain Scan URL

URL: https://twitter.com/AndroidPolice

Search URL Search Domain Scan URL

URL: https://news.google.com/publications/CAAqBggKMLuYFDDSzAI

Search URL Search Domain Scan URL

URL: https://feedly.com/i/subscription/feed%2Fhttps://www.androidpolice.com/feed

Search URL Search Domain Scan URL

URL: https://www.pushbullet.com/channel-popup?tag=androidpolicefeed

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%2F&src=sdkpreparse
Title: Share

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=North%20Korean%20hackers%20targeted%20fintech%20and%20media%20with%20Chrome%20zero-day%20exploit&url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F
Title: Tweet

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F&title=North%20Korean%20hackers%20targeted%20fintech%20and%20media%20with%20Chrome%20zero-day%20exploit&source=www.androidpolice.com&summary=State-sponsored%20attackers%20went%20after%20targets%20with%20fake%20emails%20and%20spoofed%20websites
Title: Share

Search URL Search Domain Scan URL

URL: http://blog.google/threat-analysis-group/countering-threats-north-korea/
Title: North Korean hackers were all over a zero-day in Google Chrome

Search URL Search Domain Scan URL

URL: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
Title: CVE-2022-0609

Search URL Search Domain Scan URL

URL: https://www.clearskysec.com/operation-dream-job/
Title: Operation Dream Job

Search URL Search Domain Scan URL

URL: https://securelist.com/operation-applejeus/87553/
Title: Operation AppleJeus

Search URL Search Domain Scan URL

URL: https://twitter.com/SteveHuff

Search URL Search Domain Scan URL

URL: https://www.instagram.com/stevenhuff/

Search URL Search Domain Scan URL

URL: https://stevehuff.substack.com/

Search URL Search Domain Scan URL

URL: https://getadmiral.com/pb/?utm_source=www.androidpolice.com&utm_medium=pb&session=5-54a602133c1602114d9022454b7862d8-6763652d6575726f70652d7765737431-0
Title: Powered By

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/nZJA4XRYOk Page URL
http://dlvr.it/SMKQL1 HTTP 301
https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62

https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=86585586-ac2b-11ec-ad90-11482f420406 HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=94&advUuid=86585550-ac2b-11ec-ad90-11482f420406

Request Chain 69

https://csync.loopme.me/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D HTTP 307
https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=93&advUuid=268f2f5e-e615-4808-ad50-097a0c9e3752

Request Chain 70

https://ssum-sec.casalemedia.com/usermatchredir?s=192962&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D99%26advUuid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D99%26advUuid%3D&s=192962&C=1 HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=99&advUuid=Yj2iC-VxlUXTKe3KIgTCKAAABFIAAAIB

Request Chain 71

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D259151345%2526pcid%253D%24UID%26advId%3D121%26advUuid%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D259151345%2526pcid%253D%24UID%26advId%3D121%26advUuid%3D%24UID HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D259151345%26pcid%3D2868021249803221286389&advId=121&advUuid=2868021249803221286389

Request Chain 73

https://secure.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D105%26advUuid%3D%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Flive.primis.tech%252Flive%252FliveCS.php%253Fsource%253Dexternal%2526csuuid%253D623da20b73650%2526pixel%253D%2526advId%253D105%2526advUuid%253D%2524UID HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=105&advUuid=4885653837632420553

Request Chain 76

https://unpkg.com/web-vitals/dist/web-vitals.iife.js HTTP 302
https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.iife.js

Request Chain 100

https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&adnxs_id=$UID HTTP 302
https://ids.ad.gt/api/v1/match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&adnxs_id=4885653837632420553

Request Chain 101

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=AU1D-0100-001648206348-NT3P99ZS-UKKD HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=AU1D-0100-001648206348-NT3P99ZS-UKKD HTTP 302
https://ids.ad.gt/api/v1/t_match?tdid=6f5129ea-faa8-4768-98a6-2361d7343c5e&id=AU1D-0100-001648206348-NT3P99ZS-UKKD

Request Chain 102

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001648206348-NT3P99ZS-UKKD HTTP 302
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001648206348-NT3P99ZS-UKKD

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001648206348-NT3P99ZS-UKKD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm=&google_sc=&google_ula=450542624&id=AU1D-0100-001648206348-NT3P99ZS-UKKD&google_tc= HTTP 302
https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&google_gid=CAESEB3gB617Bg9T747bdB6plQk&google_cver=1&google_ula=450542624,0

Request Chain 104

https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001648206348-NT3P99ZS-UKKD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTY0ODIwNjM0OC1OVDNQOTlaUy1VS0tE

Request Chain 106

https://sync.mathtag.com/sync/img?redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmediamath_match%3Fuser_id%3D%5BMM_UUID%5D%26id%3DAU1D-0100-001648206348-NT3P99ZS-UKKD HTTP 302
https://ids.ad.gt/api/v1/mediamath_match?user_id=0e9d623d-a20c-4500-9ee3-d6be47caf7b0&id=AU1D-0100-001648206348-NT3P99ZS-UKKD

Request Chain 107

https://dpm.demdex.net/ibs:dpid=348447&dpuuid=AU1D-0100-001648206348-NT3P99ZS-UKKD&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fadb_match%3Fadb%3D%24%7BDD_UUID%7D%26id%3DAU1D-0100-001648206348-NT3P99ZS-UKKD HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=348447&dpuuid=AU1D-0100-001648206348-NT3P99ZS-UKKD&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fadb_match%3Fadb%3D%24%7BDD_UUID%7D%26id%3DAU1D-0100-001648206348-NT3P99ZS-UKKD HTTP 302
https://ids.ad.gt/api/v1/adb_match?adb=15129565295381905221652814445455930669&id=AU1D-0100-001648206348-NT3P99ZS-UKKD

Request Chain 108

https://ad.360yield.com/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001648206348-NT3P99ZS-UKKD%26impr_uid%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001648206348-NT3P99ZS-UKKD%26impr_uid%3D%7BPUB_USER_ID%7D HTTP 302
https://ids.ad.gt/api/v1/impr_match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&impr_uid=80702adb-2dd2-49c0-8a60-c304b9381edd

Request Chain 114

https://creativecdn.com/cm-notify?pi=admatic HTTP 302
https://creativecdn.com/cm-notify?pi=admatic&tc=1 HTTP 302
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=wfc1rn3LGh0sJKOEAfUJ&pi=admatic&tc=1

Request Chain 127

https://ih.adscale.de/uu?cbfn=receive&t=1648206348 HTTP 302
https://ih.adscale.de/uu?cbfn=receive&t=1648206348&nut&uu=ed145791656c466480bf956f0b6f4a89

Request Chain 145

https://bbnaut.ibillboard.com/match/AdScale?partneruid=ed145791656c466480bf956f0b6f4a89&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e4c59f84f6c%2F1648206348596%2F0%2Fimg%3Ftpid%3D101%26tpuid%3DIBB_USER_ID&gdpr=0 HTTP 302
https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?tpid=101&tpuid=BBID-01-03229203486842761-16559352

Request Chain 147

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=802339a21427267a05953540b4cf92851048a88b7817ee429acfc04b823d940b&tpid=63&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e4c59f84f6c%2F1648206348596%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=Yj2iC.VxlUXTKe3KIgTCKAAA%261106

Request Chain 150

https://track.adform.net/serving/cookie/match/?party=9&uid=e3d1ebcf072b2ce73d0f15b16f05f0f75e63f78098df8b3276192b86d7e78bdf&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e4c59f84f6c%2F1648206348596%2F0%2Fimg&gdpr=0 HTTP 302
https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=e3d1ebcf072b2ce73d0f15b16f05f0f75e63f78098df8b3276192b86d7e78bdf&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e4c59f84f6c%2F1648206348596%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?tpid=42&gdpr=0&tpuid=1486902432300379439

Request Chain 160

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&uid=825fb1e52bff8fbcf0667d19a3af339d642ad3c42bcc4e292014fad76d4bcb20&tpid=40&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e4c59f84f6c%2F1648206348596%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=a3153246-e51f-401b-9a1d-ee64515f0cfe&gdpr=0

Request Chain 161

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=07d06fb4e084104e771d7b894617f96696f762f3a8035f42d9ce165468171042&tpid=39&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e4c59f84f6c%2F1648206348596%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=0e9d623d-a20c-4500-9ee3-d6be47caf7b0&gdpr=0&gdpr_consent=

Request Chain 162

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=c27c74280c632398fc72236ff2a22a2139a67b53db4c891eab0f8f208e280477&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e4c59f84f6c%2F1648206348596%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?uid=c27c74280c632398fc72236ff2a22a2139a67b53db4c891eab0f8f208e280477&tpid=38&gdpr=0&tpuid=CAESELcxRm4g-NOeXzagqbV19hg&google_cver=1

Request Chain 163

https://adscale-emea.adnxs.com/getuid?https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e4c59f84f6c%2F1648206348596%2F0%2Fimg%3Ftpid%3D75%26tpuid%3D%24UID&gdpr=0 HTTP 302
https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?tpid=75&tpuid=4885653837632420553&gdpr=0

Request Chain 167

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=fdb9d124a8edefce375c5d6faef0ae26ef1873f2330264c7777faa36b9096f10&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e4c59f84f6c%2F1648206348596%2F0%2Fjs&gdpr=0 HTTP 302
https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=fdb9d124a8edefce375c5d6faef0ae26ef1873f2330264c7777faa36b9096f10&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e4c59f84f6c%2F1648206348596%2F0%2Fjs&gdpr=0&checkcookies=true HTTP 302
https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/js?tpid=48&tpuid=6c7bd934194abad9157f205a93d9331e

Request Chain 171

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=C62F392DFAF340B5B238F84DC59BD98C&RedC=c.clarity.ms&MXFR=00CB95F7C5D46B911D4C8485C1D465B4 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=C62F392DFAF340B5B238F84DC59BD98C&MUID=153D2B6A0AFC6DD4289C3A180B976C28

Request Chain 179

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.androidpolice.com%2F&domain=www.androidpolice.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=Skk6y3w5V1MzOXZhUDFVMGpBeGMzaUFDVFhvYmpUNWlKRm10MjcyK3UzQ2tlV3k4SnNjVVk3RTA1WjI1cXZqblNZVnNPcGgvSWRxb0kxdkZrWER2Sk9XQWpEYlNZNEZyY0thZXFSVE9PZmY2eWY5eFpaWkhITkFFTXByK2ZIRzhqWmZxYjR2UUEwR3dudmJtcmFrdnNKKzdndDZkRzdnU1R5bjN6UjlVVFd1V2hIV2tKcnVUOWV2ZjZSREhDVnpsYWE5MEhBY2NKZnpFeTNnRTFZNnNMdVYwRWhFak9CWDVzd21kZ3dhY3VUMXgxQVpiNXg2M2Q2cEtLdFpBV3d3RnBNSlJsWVdVRXNyTDFnbmN3Y2h5bTZORU03dGxCY1JYMVpyYkdDeE0rRXM5bTdCST18&cppv=2

Request Chain 188

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true HTTP 302
https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP8792d1e2-ac2b-11ec-b3d3-0607d0a61880 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP8792d1e2-ac2b-11ec-b3d3-0607d0a61880&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVA4NzkyZDFlMi1hYzJiLTExZWMtYjNkMy0wNjA3ZDBhNjE4ODA%3D HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEFYjFJbHaEo7TFYIF_ZFRC4&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEFYjFJbHaEo7TFYIF_ZFRC4&google_cver=1&apid=UP8792d1e2-ac2b-11ec-b3d3-0607d0a61880

Request Chain 189

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=1&gdpr_consent=&_test=Yj2iDgAPxgzBVQBH HTTP 302
https://pixel.advertising.com/ups/55986/sync?uid=Yj2iDgAPxgzBVQBH&_origin=0&gdpr=1&gdpr_consent=&_test=Yj2iDgAPxgzBVQBH

Request Chain 190

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=6f5129ea-faa8-4768-98a6-2361d7343c5e&_origin=1&gdpr=1&gdpr_consent=

Request Chain 191

https://ads.stickyadstv.com/auto-user-sync?gdpr=1&gdpr_consent= HTTP 302
https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=4aceae495417e8b0f897befab63f8aac&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7buser.id%7d&gdpr=1&gdpr_consent= HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=l04a5_7078992370309595163 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=6f5129ea-faa8-4768-98a6-2361d7343c5e HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm=&google_sc&google_hm=NGFjZWFlNDk1NDE3ZThiMGY4OTdiZWZhYjYzZjhhYWM=&gdpr=0&gdpr_consent= HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEPKjesFoxwN-2YBPiUlGtOM&google_cver=1&gdpr=0&gdpr_consent= HTTP 302
https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://ads.stickyadstv.com/user-registering?dataProviderId=817&userId=AACnj07Ee0QAADLZbasMpw&gdpr=0 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/stickyads/4aceae495417e8b0f897befab63f8aac?gdpr=0&gdpr_consent=&gdpr=0 HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=199&userId=y-iU7aBd1E2oO_OsYU.H9xQOuOdo1YQcrq1KrIRoZb~A HTTP 302
https://pm.w55c.net/ping_match.gif?st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_ HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=593&userId=eiAlcEbp1NxHLo5 HTTP 302
https://cm.adgrx.com/bridge?AG_PID=freewheel&AG_SETCOOKIE

Request Chain 194

https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjg2ODAyMTI0OTgwMzIyMTI4NjM4OQ%3D%3D

Request Chain 196

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjg2ODAyMTI0OTgwMzIyMTI4NjM4OQ%3D%3D

Request Chain 198

https://pr-bh.ybp.yahoo.com/sync/triplelift/2868021249803221286389?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-GqJ7BLNE2oT_KNj7Tr12VUbkg5asumha2sKbzl.p7Q--~A&dongle=0883

Request Chain 201

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2868021249803221286389 HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2868021249803221286389&dcc=t

Request Chain 202

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

227 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 nZJA4XRYOk
t.co/ 257 B
576 B 149ms
127ms Document
text/html 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/nZJA4XRYOk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 25 Mar 2022 11:05:45 GMT
vary: Origin
server: tsa_o
expires: Fri, 25 Mar 2022 11:10:46 GMT
content-type: text/html; charset=utf-8
cache-control: private,max-age=300
content-length: 192
referrer-policy: unsafe-url
content-encoding: gzip
x-xss-protection: 0
content-security-policy: referrer always;
strict-transport-security: max-age=0
x-response-time: 120
x-connection-hash: 3af314783e457a163510ab22c08137cbac1a241e0a0d6fa7f624c741abfc6c47

GET
H2

200

Primary Request / Show response
www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/
Redirect Chain

http://dlvr.it/SMKQL1
https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

627 KB
130 KB

594ms
375ms

Document
text/html

44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Requested by

Host: t.co
URL: https://t.co/nZJA4XRYOk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c97c34071d917794992d8009b7e6604a83e75c83ecbe625c75d6091698b03ffe

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://t.co/nZJA4XRYOk

Response headers

server: nginx
date: Fri, 25 Mar 2022 11:05:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br

Redirect headers

Date: Fri, 25 Mar 2022 11:05:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Location: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Cache-Control: private; max-age=90
X-Backend-Server: web04.web

GET
H2 200 chrome-security-hero_H3FrCyRAK3Fs.png
static1.anpoimages.com/wordpress/wp-content/uploads/2021/07/14/ 77 KB
77 KB 79ms
33ms Image
image/webp 2606:4700:10::ac43:25e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static1.anpoimages.com/wordpress/wp-content/uploads/2021/07/14/chrome-security-hero_H3FrCyRAK3Fs.png?q=50&fit=contain&w=1500&h=&dpr=1.5
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:25e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8632bb8bb96d1d81adfc276ac68faf2497dde6616f8d648d0fa625f1549b8da7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
cf-cache-status: HIT
age: 42147
cf-polished: origFmt=png, origSize=171083
content-disposition: inline; filename="chrome-security-hero_H3FrCyRAK3Fs.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78608
x-request-id: Jlo6aeKwfEYe-1vKGxita
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: af7f7c808ef7110ec55e2b56897b78e5eff26deefa6285e0d8dca5ab7bc5a0e2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6f172c6618469182-FRA
expires: Fri, 24 Mar 2023 23:23:19 GMT

GET
H2 200 a-article.2b9d7f4e.css
www.androidpolice.com/public/build/ 194 KB
27 KB 181ms
179ms Stylesheet
text/css 44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.androidpolice.com/public/build/a-article.2b9d7f4e.css

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

7da4005fedc1d18f0a2346baaa5b8efc52fbed8839b0d29167aa97519341c75f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 21:45:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"623ce677-306cf"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 dfp.js Show response
www.androidpolice.com/public/build/ 36 B
509 B 104ms
103ms Script
application/javascript 44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.androidpolice.com/public/build/dfp.js

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

ffc4b44e1b7402c08e5f2f702ca535e7e7083a684cda203dfdcb734cd5761aa6

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 21:45:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"623ce677-24"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 valnet-header-ads.a8e17398.js Show response
www.androidpolice.com/public/build/ 3 KB
1 KB 107ms
105ms Script
application/javascript 44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.androidpolice.com/public/build/valnet-header-ads.a8e17398.js

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

8b0d1446f412484a2a7d1abb46ddc5de128d8aaf11b1fe04ac729ee4830c5e5b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 21:45:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"623ce677-afe"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 ck.5.js Show response
f.convertkit.com/ckjs/ 52 KB
14 KB 81ms
29ms Script
application/javascript 2606:4700::6812:ba39
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://f.convertkit.com/ckjs/ck.5.js
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ba39 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7b7fb37ec681a6a1bd507ce80613c7343fb3b394b29e21e7b11d6a6df933f68

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 19 Oct 2021 14:51:13 GMT
server: cloudflare
age: 2363
etag: W/"7f6a2b3f8f18a10fb2a520d097324cd7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 6f172c679aec9b43-FRA
x-amz-request-id: EW9WSG3GVKAN8TPD
x-amz-id-2: wHRuFHONBHzBtt4CG9TbdUwsd0JO+C6dB2mEB0SphxGYlpIkaolG6eynMQ2rZ76+BAzdzmucRX0=
expires: Fri, 25 Mar 2022 15:05:47 GMT

GET
H2 200 adsninja.min.js Show response
www.androidpolice.com/public/build/ 48 KB
11 KB 109ms
106ms Script
application/javascript 44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.androidpolice.com/public/build/adsninja.min.js?v=1647019562

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

05fde9258245fd1d1558ca071a747faedbd1a573c67e512d6b728cba8d6a37b8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 21:45:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"623ce677-bf5d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 op.js Show response
tagan.adlightning.com/valnet/ 44 KB
19 KB 55ms
10ms Script
application/javascript 143.204.98.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/valnet/op.js
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-122.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a66ca4f262e8c7ad1836a90b45f153e191c6b4496d24f3b9951c1585245c2648

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: 67.az_37e2wZ8Fum5HZkElV5AmFExZ95
content-encoding: gzip
etag: "651d5f1f96da3b1dc45f8d5c394d3438"
age: 2333
x-cache: Hit from cloudfront
content-length: 18499
x-amz-meta-git_commit: 7b120a5
last-modified: Thu, 24 Mar 2022 17:18:05 GMT
server: AmazonS3
date: Fri, 25 Mar 2022 10:27:16 GMT
content-type: application/javascript
via: 1.1 45de888accabe1a1cb5a389e8c9c1e06.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: 1gt145olOS3sEeC9_VsEDCzQjvD4NqBE8sI6YRFr_tbQ3mSQnD165w==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 157 KB
54 KB 167ms
77ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

32e8d403657439c3d4f4ce5a761a1ba1d4d91361b7d7fd5980d0fdfa8d547a42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54825
x-xss-protection: 0
server: cafe
etag: 7851925000863387550
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 25 Mar 2022 11:05:47 GMT

GET
H2 200 liveView.php Show response
live.primis.tech/live/ 44 KB
44 KB 69ms
30ms Script
text/javascript 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?s=108500&subId=[AP-Reg-Balance]
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: c5b8dd28d06957875bd3bcc388f28a906e76a96223ebe801a5d0ac8b076e7ca2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:46 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/javascript; charset=utf-8
x-amz-cf-id: 5EiRspVxl7CTNniNvJhUpf3V_fJq4Wqn1-N8xq3L5VEQumI4_KC-ww==

GET
H2 200 valnet-footer.873d1235.js Show response
www.androidpolice.com/public/build/ 47 KB
14 KB 110ms
109ms Script
application/javascript 44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.androidpolice.com/public/build/valnet-footer.873d1235.js

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

926952e0833e0acb9dd02fdbbe59bb8be77f8e7571aaedc900649b9513500e8b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 21:45:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"623ce677-bb6a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 valnet-footer-article.2fb673ae.js Show response
www.androidpolice.com/public/build/ 5 KB
2 KB 109ms
107ms Script
application/javascript 44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.androidpolice.com/public/build/valnet-footer-article.2fb673ae.js

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

0f4020071f4d6fbd6e07ddb16daf4859441c7454a0c733b019f7cb1adc8f4d49

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 21:45:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"623ce677-1457"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 85009X1537243.skimlinks.js Show response
s.skimresources.com/js/ 42 KB
15 KB 66ms
20ms Script
application/octet-stream 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/85009X1537243.skimlinks.js
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3ffeed0ceb0e14dfa1f0bd0fa79520b976f0ef6644190e09a2a1520feb76322

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
last-modified: Tue, 15 Mar 2022 10:51:30 GMT
server: AmazonS3
x-amz-request-id: A8BVXWYKKYZJTB37
etag: "8131ae354f9ba91af07374ab421be75a"
x-hw: 1648206347.cds233.am5.hn,1648206347.cds220.am5.c
content-type: application/octet-stream
cache-control: max-age=3600
accept-ranges: bytes
content-length: 15513
x-amz-id-2: 0kxxRqiGdYWvis9XeltQ6Pq2SyXa4hriVJax3td2wrMFou0nMu87Dl10m5UysR8wgfY+slSk6SA=

GET
H/1.1 200
OK count.js Show response
androidpolice.disqus.com/ 1 KB
2 KB 41ms
10ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://androidpolice.disqus.com/count.js

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Mar 2022 11:05:47 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 235
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 11 Mar 2022 23:05:12 GMT
Server: nginx
ETag: "622bd5a8-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
X-Amz-Cf-Pop: DFW3-C1
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: OaUMaf7ciTsl3dx4S0G5nQc13R_WYNS9Ax39KriKU0NsZnoTJTL9HA==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 129ms
37ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5457
date: Fri, 25 Mar 2022 09:34:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 25 Mar 2022 11:34:50 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 174 KB
59 KB 138ms
48ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PQPCZ5S

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8d803c7b2fa17c8dd2a869145038908447430b100c11dd11d2c5c9b887adadcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60005
x-xss-protection: 0
last-modified: Fri, 25 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 25 Mar 2022 11:05:47 GMT

GET
H/1.1 200
OK narrativ-pub.1.0.0.js Show response
static.narrativ.com/tags/ 38 KB
39 KB 42ms
10ms Script
application/octet-stream 143.204.98.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.narrativ.com/tags/narrativ-pub.1.0.0.js
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-108.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd74c8f79ec4d05428c1363d02d317cf15729cc8e72ab530d05f591e922c4a6b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 24 Mar 2022 19:19:09 GMT
Via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
Last-Modified: Wed, 23 Mar 2022 19:19:06 GMT
Server: AmazonS3
Age: 56799
ETag: "11f098efc4d475612cb0808651d42ae0"
X-Cache: Hit from cloudfront
Content-Type: application/octet-stream
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Content-Length: 39408
X-Amz-Cf-Id: bKk1QN-WMxEZlaVT6QQCdqE0RdrkXwuwbKkYixCg1v29e8sqUU01Uw==

GET
H2 200 v2yvlzsveWtgqGFXj2wU3ajphon_Qq9myt1bClE9dnFgPWVzuw4LojxURFEzFAfp8GOJdYROXlGZLTg Show response
scarfsmash.com/ 525 KB
91 KB 176ms
128ms Script
text/javascript 35.186.249.84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scarfsmash.com/v2yvlzsveWtgqGFXj2wU3ajphon_Qq9myt1bClE9dnFgPWVzuw4LojxURFEzFAfp8GOJdYROXlGZLTg

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.249.84 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

84.249.186.35.bc.googleusercontent.com

Software

Resource Hash

8035044cd478fc7147561f9debb6a567d4b00c92d6ad0ce9702160aadff83343

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "72398599b301780ad7fced9d3f2855b93cb241b8a34c8adb3ab0119bcb4dcc73"
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-c63t
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Fri, 25 Mar 2022 11:05:47 GMT
x-buildnumber: 499202503
timing-allow-origin: *

GET
H2 200 269 Show response
a.ad.gt/api/v1/u/matches/ 7 KB
7 KB 521ms
174ms Script
application/javascript 54.71.105.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ad.gt/api/v1/u/matches/269?url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&ref=https%3A%2F%2Ft.co%2FnZJA4XRYOk
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.71.105.247 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-71-105-247.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 5a790213cb3db6919948b63f7d0c020183b0fba4e662e0e32fdaa0c52113c11f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
server: nginx/1.18.0
content-length: 6855
content-type: application/javascript

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 82 KB
28 KB 141ms
48ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f764f20f282e807aeccf2d7b42fb4461aeb92a6a0f4ce584ed3499d5f29d0b2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28081
x-xss-protection: 0
server: sffe
etag: "1168 / 867 of 1000 / last-modified: 1648172801"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 25 Mar 2022 11:05:47 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 35ms
8ms Script
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: 3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: .7apL996dsR_ZFPBtTTtY5SRaPfBf8DJ
content-encoding: gzip
etag: 4e3fad24a118a07cea7ce88b2721a583
age: 731
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1A3T7KJF0R4APF64NYGB
date: Fri, 25 Mar 2022 10:58:18 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: yTSpKhnE3Y2CU1uW9D9yFgJcHY1ZIYrruvS5GIO-MAWeEel35ihA4w==

GET
H2 200 ap-logo-full-colored-dark-ukr.566b608c.svg
www.androidpolice.com/public/build/images/ 5 KB
2 KB 102ms
101ms Image
image/svg+xml 44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.androidpolice.com/public/build/images/ap-logo-full-colored-dark-ukr.566b608c.svg

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/public/build/a-article.2b9d7f4e.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

480ec605663d6d4099ac88df797be15349e23e54dfd48345909c9df9eb7373cf

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/public/build/a-article.2b9d7f4e.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 21:45:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"623ce677-1314"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 Gilroy-Bold.3834bcd8.woff2
www.androidpolice.com/public/build/fonts/ 31 KB
31 KB 102ms
101ms Font
font/woff2 44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.androidpolice.com/public/build/fonts/Gilroy-Bold.3834bcd8.woff2

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/public/build/a-article.2b9d7f4e.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e8fd802ce5042d308a2d650c3db8f60b2bd3b884f34d6ceabe0631a3a9e226f5

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.androidpolice.com/public/build/a-article.2b9d7f4e.css
Origin: https://www.androidpolice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
x-content-type-options: nosniff
content-length: 31380
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 21:45:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "623ce677-7a94"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
accept-ranges: bytes
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 icomoon.6b793360.woff
www.androidpolice.com/public/build/fonts/ 18 KB
18 KB 101ms
100ms Font
font/woff 44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.androidpolice.com/public/build/fonts/icomoon.6b793360.woff

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/public/build/a-article.2b9d7f4e.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

6378f6326c6b8ed5ba7c9dd71718f4acfab15effd24a9c83974e4e8ea473879e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.androidpolice.com/public/build/a-article.2b9d7f4e.css
Origin: https://www.androidpolice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
x-content-type-options: nosniff
content-length: 18096
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 21:45:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "623ce677-46b0"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
accept-ranges: bytes
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 Gilroy-Medium.0ba01f1d.woff2
www.androidpolice.com/public/build/fonts/ 30 KB
31 KB 102ms
102ms Font
font/woff2 44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.androidpolice.com/public/build/fonts/Gilroy-Medium.0ba01f1d.woff2

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/public/build/a-article.2b9d7f4e.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

9115bbf3b3dee88764e74ecdf31c2234ece91aa42a596a1d3ba11925662777ba

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.androidpolice.com/public/build/a-article.2b9d7f4e.css
Origin: https://www.androidpolice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
x-content-type-options: nosniff
content-length: 31156
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 21:45:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "623ce677-79b4"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
accept-ranges: bytes
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame 8A0C 5 KB
5 KB 21ms
21ms Script
text/javascript 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?s=108500&subId=[AP-Reg-Balance]&x=600&y=338&cbuster=1648206347&pubUrlAuto=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108500&subId=[AP-Reg-Balance]
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 804741054718d791358ea9f2a8d3ba7c03a73b25fea10b85dcf1cf4be6a054b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/javascript; charset=utf-8
x-amz-cf-id: bjDk_qQ_3e_IBG2AwjiLcsj05O9-bzBo7l0pj1XdAEkY_QpHgzx5PQ==

GET
H2 200 iab_consent_sdk.v1.0.js Show response
live.primis.tech/content/ClientDetections/ Frame 8A0C 19 KB
6 KB 19ms
19ms Script
application/javascript 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108500&subId=[AP-Reg-Balance]&x=600&y=338&cbuster=1648206347&pubUrlAuto=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
last-modified: Wed, 12 Feb 2020 15:01:36 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: W/"5e441350-4be0"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-id: xLR5ZsjjSYkC9s_VUmP8zmsjVoKuwG0yggH8VHf4Dr5pL31wSLGSaw==
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 DetectGDPR2.v1.1.js Show response
live.primis.tech/content/ClientDetections/ Frame 8A0C 9 KB
3 KB 19ms
19ms Script
application/javascript 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/DetectGDPR2.v1.1.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108500&subId=[AP-Reg-Balance]&x=600&y=338&cbuster=1648206347&pubUrlAuto=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 154212eb976f7df7c79f5844fcb356740bcb6c51edacb2e8515108e2d7effa67

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 09:45:48 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: W/"6024fccc-228f"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-id: fj8g1GqRcAUU7MpfKCeeIiAiQVwZXsWKBirXRYaIx718ozLo37YJuQ==
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 DetectGDPR.v1.1.js Show response
live.primis.tech/content/ClientDetections/ Frame 8A0C 8 KB
3 KB 18ms
18ms Script
application/javascript 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/DetectGDPR.v1.1.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108500&subId=[AP-Reg-Balance]&x=600&y=338&cbuster=1648206347&pubUrlAuto=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5bb08412d18881e3fc69fdb44226bfc6f66a77d45dfff3f10b98a100c09bc970

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 09:45:48 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: W/"6024fccc-1ef8"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-id: UeNukFvKtM5PX9-Am_cV19wClWjTXcEzPAXCu2XHarHO5wHDrJG2Og==
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 hls.0.12.4_3.min.js Show response
live.primis.tech/content/video/hls/ Frame 8A0C 258 KB
72 KB 21ms
20ms Script
application/javascript 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108500&subId=[AP-Reg-Balance]&x=600&y=338&cbuster=1648206347&pubUrlAuto=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a20010b26bce05ea3cfc83cf3a162b7c16b5d2fa2bcf2253b0394b0eb322347a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
last-modified: Wed, 23 Mar 2022 12:48:36 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: W/"623b1724-409bc"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-id: eylr50vmE7dbH33lqCepb9Fo5tHSojL7etVhCaLdpxjVKNGQVhhmsQ==
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 prebidVid.5.18.0_10.min.js Show response
live.primis.tech/content/prebid/ Frame 8A0C 481 KB
482 KB 38ms
37ms Script
application/javascript 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108500&subId=[AP-Reg-Balance]&x=600&y=338&cbuster=1648206347&pubUrlAuto=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6878481c0ef11e3936b1cfa40514841cd398302508e0ef56b830f86e471718e1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
last-modified: Wed, 16 Mar 2022 12:54:48 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: "6231de18-78386"
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 492422
x-amz-cf-id: mNKPdlJ12525pvTr1Oq6HoQkXC8C8Dxt4XkQ4pxum0r6lQn9M7qw4Q==
expires: Sat, 25 Mar 2023 11:05:47 GMT

GET
H2 200 liveVideo.php Show response
live.primis.tech/live/ Frame 8A0C 530 KB
530 KB 56ms
56ms Script
text/html 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30332D32355F31347D7B7331363734393939317D7B4335377D7B5359584174636D566E4C574A686247467559325666643364334C6D46755A484A76615752776232787059325575593239747D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313433337DFEFE&userIpAddr=2a03%3A1b20%3A6%3Af011%3A%3A9e&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F99.0.4844.51+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=40&c2pWaitTime=5&isSinglePageFloatSupport=0&csuuid=623da20b73650&debugInfo=16749991_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16749991&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a4dzjowrqnk&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1049&geoLong=8.6295&vpTemplate=11433&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=ap-reg-balance_www.androidpolice.com
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108500&subId=[AP-Reg-Balance]&x=600&y=338&cbuster=1648206347&pubUrlAuto=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 04ff2db29a8e437c59020bdaec247cf4e2ad84d8237e8f627d4d9677fa802cad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 8o0gpzuOtzIesCVtWf8roBFxNyPMnk3M8-tDfVF5uhsdqyqAV7IY_Q==
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8

GET
H2 200 segments.js Show response
seg.ad.gt/api/v1/ 102 B
195 B 523ms
178ms Script
application/javascript 34.209.98.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://seg.ad.gt/api/v1/segments.js?partner_id=269&url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.209.98.169 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-209-98-169.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 0c2dec85335834c0973ab0c4a4b47044c87504ee8435fd89a1ab997348be6ed5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
server: nginx/1.20.0
content-length: 102
content-type: application/javascript

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 964 B
1 KB 101ms
101ms XHR
application/json 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3741&u=https%3A%2F%2Fwww.androidpolice.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: 955dd368bec858f5ab6c2c4c1bc73d4299d69d387c7a36046fe80501fff14167

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.androidpolice.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 964
x-amz-cf-id: txGe9QyzIkRO-22ocFRKy5Aw4EDp8GXJ_B0fX7XkEm9zf-mHeUuC-g==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 25ms
8ms XHR
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 29414
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 17 Mar 2022 02:21:48 GMT
server: AmazonS3
date: Fri, 25 Mar 2022 03:06:07 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: jBZzJABvMEPccHe9_164Q_1WuziLk4wL9xQ0l7VqvpJyfSVCmgWH8w==

GET
H2 200 ap-logo-full-white.dcd167c8.svg
www.androidpolice.com/public/build/images/ 5 KB
2 KB 101ms
100ms Image
image/svg+xml 44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.androidpolice.com/public/build/images/ap-logo-full-white.dcd167c8.svg

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/public/build/a-article.2b9d7f4e.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

daac16a8dcbf772343d560088f23516e8235ab8c3450cae85cc1c61ad4aa6db2

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/public/build/a-article.2b9d7f4e.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 21:45:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"623ce677-1262"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Sat, 25 Mar 2023 11:05:47 GMT

POST
H2 200 / Show response
r.skimresources.com/api/ 205 B
371 B 60ms
21ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/85009X1537243.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

77b6cf23233b701d9f8431895922c662939b79d4f94bcdbe8b32f5284b9a4991

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
strict-transport-security: max-age=31536000
content-type: application/json
access-control-allow-origin: https://www.androidpolice.com
vary: Accept-Encoding
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame 2CE4 0
102 B 59ms
20ms Image
text/plain 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.6615152656726286
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 47.67.201.35.bc.googleusercontent.com
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 google
server: Python/3.7 aiohttp/3.5.4
alt-svc: clear
content-length: 0
content-type: text/plain charset=UTF-8

GET
H2 200 px.gif
p.skimresources.com/ 43 B
244 B 63ms
19ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=0.14470919464089405
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc: clear
content-length: 43
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
102 B 63ms
20ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=0.14470919464089405
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc: clear
content-length: 43
content-type: image/gif

OPTIONS
H2 200 /
events.release.narrativ.com/api/v0/publishers/2412/pub_info/ Frame 0
0 310ms
101ms Preflight
text/html 34.192.73.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.release.narrativ.com/api/v0/publishers/2412/pub_info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.73.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-73-199.compute-1.amazonaws.com

Software

nginx/1.20.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: access-control-allow-credentials,x-requested-with
Origin: https://www.androidpolice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-type: text/html; charset=utf-8
content-length: 0
server: nginx/1.20.2
x-bam-env: release
x-bam-build-version: 5091648b0ddf33082c197934e0d710c5b6b67319
allow: HEAD, OPTIONS, GET
access-control-allow-origin: https://www.androidpolice.com
access-control-allow-headers: access-control-allow-credentials, x-requested-with
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
vary: Origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-robots-tag: none

GET
H2 200 / Show response
events.release.narrativ.com/api/v0/publishers/2412/pub_info/ 185 B
455 B 102ms
101ms XHR
application/json 34.192.73.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.release.narrativ.com/api/v0/publishers/2412/pub_info/

Requested by

Host: static.narrativ.com
URL: https://static.narrativ.com/tags/narrativ-pub.1.0.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.73.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-73-199.compute-1.amazonaws.com

Software

nginx/1.20.2 /

Resource Hash

c16fe63d5e6c3d1acc9b2aedec440d98db4ebd7ea1bdfe9f26aab74e7be91a7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Access-Control-Allow-Credentials: true
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-bam-build-version: 5091648b0ddf33082c197934e0d710c5b6b67319
date: Fri, 25 Mar 2022 11:05:47 GMT
server: nginx/1.20.2
x-bam-env: release
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.androidpolice.com
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-robots-tag: none
content-length: 185

GET
H2 200 b-7b120a5-0a477631.js Show response
tagan.adlightning.com/valnet/ 73 KB
28 KB 9ms
8ms Script
application/javascript 143.204.98.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/valnet/b-7b120a5-0a477631.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-122.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 46e15ddd3f3583786961d72eb1a81b34bc9dad89240a461dcf02b43c6aa9e9c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 02:36:09 GMT
content-encoding: gzip
age: 980979
x-cache: Hit from cloudfront
content-length: 28013
x-amz-meta-git_commit: 7b120a5
last-modified: Wed, 11 Aug 2021 20:29:14 GMT
server: AmazonS3
etag: "4675e7fa49e7c0ac9234b8fdf094591d"
x-amz-version-id: 7LhAmE_DVksgARINqWh9rINHREPkIDVQ
via: 1.1 45de888accabe1a1cb5a389e8c9c1e06.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: zxICRTQxvZFinn11xR30aaYDo_ZLJ4WDqd1ILolF33Hxa7OPJG40gg==

GET
H2 200 bl-01880f1-baefc464.js Show response
tagan.adlightning.com/valnet/ 122 KB
37 KB 10ms
10ms Script
application/javascript 143.204.98.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/valnet/bl-01880f1-baefc464.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-122.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0c2f38117d47fc594d2c41bd364fa98adf659f2ebf5c09cff17a7fe29a7c1acc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 17:26:50 GMT
content-encoding: gzip
age: 63538
x-cache: Hit from cloudfront
content-length: 37832
x-amz-meta-git_commit: 01880f1
last-modified: Thu, 24 Mar 2022 17:17:08 GMT
server: AmazonS3
etag: "8f31ca51d50203b3daea3260af5a453c"
x-amz-version-id: EQCWpGNH9NARMx.j3XYzVl9sTeTzXwVT
via: 1.1 45de888accabe1a1cb5a389e8c9c1e06.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: TeTJwIlVG7btc3iX1TxsQLIuZaSTy9PfumXsVHxifKocdn6QRajmCA==

GET
H/1.1 200
OK count-data.js Show response
androidpolice.disqus.com/ 1 KB
2 KB 116ms
116ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://androidpolice.disqus.com/count-data.js?2=https%3A%2F%2Fwww.androidpolice.com%2Fandroid-13-data-throttling%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fbest-galaxy-s21-fe-cases%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fbest-galaxy-tab-s8-ultra-cases%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fgoogle-book-next-check-up-appointment-doctor%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fgoogle-maps-down%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fgoogle-pixel-6-weakened-haptic-vibrations-march-update%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fgoogle-pixel-stand-2-review%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fgoogles-chrome-os-now-supports-variable-refresh-rates%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fgoogles-got-a-neat-ai-assisted-manga-art-generator-for-people-who-cant-draw%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fhbo-max-shuffle-play-episodes%2F

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

206322a3d724b8ee9d5445c0b17aa808a1061ec9821ee149089cd7297c79e2df

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Mar 2022 11:05:47 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 1143
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK count-data.js Show response
androidpolice.disqus.com/ 1 KB
2 KB 148ms
133ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://androidpolice.disqus.com/count-data.js?2=https%3A%2F%2Fwww.androidpolice.com%2Fhow-to-create-custom-notification-vibration-patterns%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fjlab-go-air-pop-review%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Flapsus-hacker-caught%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fmotorola-ma1-review%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fmotorolas-edge-plus-verizon-unlocked-release-date%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fpixel-opt-out-android-beta-program-without-data-wipe-future%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fredmagic-7-review%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fsamsung-galaxy-s22-plus-review%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fsamsungs-upcoming-foldable-phone-lineup-may-have-a-mystery-phone%2F

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cb654ea3af65f5a285acac888c6bb4ad36f0178d2c21303183a30b39c782a778

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Mar 2022 11:05:47 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 1150
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK count-data.js Show response
androidpolice.disqus.com/ 545 B
1 KB 36ms
20ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://androidpolice.disqus.com/count-data.js?2=https%3A%2F%2Fwww.androidpolice.com%2Fsony-ht-a7000-sound-bar-review%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fsony-xperia-pro-i-review%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Ftips-to-speed-up-your-android-phone%2F&2=https%3A%2F%2Fwww.androidpolice.com%2Fwhere-to-buy-the-samsung-galaxy-s21-fe%2F

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

8da535d56e77e6aadf882bf4aa22f22720ffb6071fbe5705a95813a5ae0223b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Mar 2022 11:05:47 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 763
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 545
X-XSS-Protection: 1; mode=block

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 53 KB
17 KB 44ms
8ms Script
application/javascript 104.111.219.144
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.219.144 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-219-144.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 17:06:57 GMT
server: Apache
etag: "d398-5c3b75e9ebb41-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17087
expires: Fri, 25 Mar 2022 11:20:47 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 40 KB
11 KB 53ms
17ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.120.0/27
date: Fri, 25 Mar 2022 10:37:24 GMT
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: sbg
content-disposition: attachment;filename="id5-api.js"
accept-ranges: bytes
content-length: 11181
x-request-id: 962729460

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
344 B 25ms
24ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/85009X1537243.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 22

POST
H2 200 link Show response
t.skimresources.com/api/v2/ 22 B
114 B 29ms
29ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/85009X1537243.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
warning: 299 - "Deprecated API"
alt-svc: clear
content-length: 22

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
536 B 160ms
44ms XHR
application/json 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.androidpolice.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/ 297 KB
107 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8382598503519971&plah=www.androidpolice.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8276451a41fa087bc1f12da9d2fc433885b5c718f9db4e8d8f244e5f0dd6dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109611
x-xss-protection: 0
server: cafe
etag: 10276231436149523029
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 25 Mar 2022 11:05:47 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220323/r20190131/ Frame 529D 10 KB
5 KB 125ms
38ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220323/r20190131/zrt_lookup.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Thu, 24 Mar 2022 14:18:28 GMT
expires: Thu, 07 Apr 2022 14:18:28 GMT
cache-control: public, max-age=1209600
age: 74839
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pubads_impl_2022031601.js Show response
securepubads.g.doubleclick.net/gpt/ 365 KB
124 KB 125ms
39ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

5042f25c3eb1530880fa3b05325462c028492caf22141409999cdd7e6364b8ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:04:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126823
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 08:34:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 25 Mar 2023 11:04:03 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 329 B
797 B 130ms
46ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.androidpolice.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

7ea26c2e155afa821d8a157303a6dc302c9d1740b36ae5313f0ece87a60c1e8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 161
x-xss-protection: 0
expires: Fri, 25 Mar 2022 11:05:47 GMT

GET
H2 200 acv.json Show response
scarfsmash.com/ 210 KB
46 KB 55ms
21ms Fetch
application/json 35.186.249.84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scarfsmash.com/acv.json

Requested by

Host: scarfsmash.com
URL: https://scarfsmash.com/v2yvlzsveWtgqGFXj2wU3ajphon_Qq9myt1bClE9dnFgPWVzuw4LojxURFEzFAfp8GOJdYROXlGZLTg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.249.84 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

84.249.186.35.bc.googleusercontent.com

Software

Resource Hash

6e75948ee66bf6e7da9235ee5cecbda03fa7f592a3f08193757202be43d6cb38

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
last-modified: Fri, 04 Feb 2022 18:27:15 GMT
x-datacenter: gce-europe-west1
date: Fri, 25 Mar 2022 11:05:47 GMT
vary: Accept-Encoding, Origin
x-hostname: fen-hoothoot-europe-west1-c63t
content-type: application/json
access-control-allow-origin: https://www.androidpolice.com
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
x-buildnumber: 499202503
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
accept-ranges: bytes

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
483 B 48ms
8ms Image
image/gif 2600:9000:2156:5a00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:5a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:14:35 GMT
via: 1.1 bab8148a65b29113f79cf2725076287c.cloudfront.net (CloudFront)
age: 19939873
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: 8MmEmpxoJcJKBcjlO5R6FWcHZNbLlzP3J54-JzCWXWkgn_-mEwtlCg==

GET
H2 200 primisslate.css
live.primis.tech/content/video/css/ 18 KB
18 KB 19ms
19ms Stylesheet
text/css 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/video/css/primisslate.css
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 616f41fbbcf44ba72bb9c97132871526164c81d78f56a15e04ece1a44eb5606a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
last-modified: Wed, 09 Feb 2022 07:06:30 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: "620367f6-465a"
x-cache: Miss from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 18010
x-amz-cf-id: c3Gv4FFnMXAloTGHx-wVrtl53n0frkgDLw0nW25cPrix_XtyVdfCvw==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 8A0C 134 KB
36 KB 9ms
9ms Script
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30332D32355F31347D7B7331363734393939317D7B4335377D7B5359584174636D566E4C574A686247467559325666643364334C6D46755A484A76615752776232787059325575593239747D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313433337DFEFE&userIpAddr=2a03%3A1b20%3A6%3Af011%3A%3A9e&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F99.0.4844.51+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=40&c2pWaitTime=5&isSinglePageFloatSupport=0&csuuid=623da20b73650&debugInfo=16749991_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16749991&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a4dzjowrqnk&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1049&geoLong=8.6295&vpTemplate=11433&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=ap-reg-balance_www.androidpolice.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: 3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: .7apL996dsR_ZFPBtTTtY5SRaPfBf8DJ
content-encoding: gzip
etag: 4e3fad24a118a07cea7ce88b2721a583
age: 731
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1A3T7KJF0R4APF64NYGB
date: Fri, 25 Mar 2022 10:58:18 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: rCTIeJ8ImMva-3aL6v0yWyxpIA9YuGqd8Q5mg0qDVK5CPiQzIFvaZg==

GET
H2 200 css
fonts.googleapis.com/ 1 KB
933 B 135ms
49ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins&display=swap

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6ac25d541d15d00d8ac79cbb7e6f917732a768e2a187f5cf1ce2c255c7cec07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Mar 2022 10:32:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 25 Mar 2022 11:05:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Mar 2022 11:05:47 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 9ED2 15 KB
6 KB 35ms
7ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=23256
expires: Fri, 25 Mar 2022 17:33:23 GMT
date: Fri, 25 Mar 2022 11:05:47 GMT
vary: Accept-Encoding

GET
H2

200

liveCS.php Show response
live.primis.tech/live/ Frame F16C
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D94%26advUuid%3D%24...
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D94%26advUuid%3D%24...
https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=94&advUuid=86585550-ac2b-11ec-ad90-11482f420406

0
332 B

19ms
18ms

Document
text/html

2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=94&advUuid=86585550-ac2b-11ec-ad90-11482f420406
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Response headers

content-type: text/html; charset=utf-8
server: nginx
date: Fri, 25 Mar 2022 11:05:47 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: SEi6EokrCPr9TvwXjK0NpahDGaDA0riGLjYFi8y_CecTs70Kyi9hIw==
age: 0

Redirect headers

Server: nginx
Date: Fri, 25 Mar 2022 11:05:47 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=94&advUuid=86585550-ac2b-11ec-ad90-11482f420406
X-fe: 108
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

GET
H2 200 cm Show response
u.openx.net/w/1.0/ Frame 6F45 43 B
305 B 64ms
27ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D98%26advUuid%3D
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.2.1
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Fri, 25 Mar 2022 11:05:47 GMT
content-type: text/html
content-length: 56
content-encoding: gzip
cache-control: private, max-age=0, no-cache
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK sync.html Show response
s.console.adtarget.com.tr/ Frame E2B0 2 KB
1 KB 105ms
15ms Document
text/html 2a0c:5c81:5139::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5139::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 5ba78b3965ef35b836b6d11542ae178eaffb111d73a2ab5cb88eee5d94500faf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Response headers

Server: Adtelligent
Date: Fri, 25 Mar 2022 11:05:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 869
Access-Control-Allow-Origin: https://www.androidpolice.com
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Encoding: gzip

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame 8A0C 58 KB
7 KB 50ms
50ms XHR
application/json 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhNlUlRaZcZGViJTJGqXNypaMyMxZwo252ZXJ0ZWQyMxYmMDt3NSUlRaZcZGViXmYkMmVwM2FyNDYlODx1MmplOTx5OTpyMxZ2nWQ2MTM1Y2RxMGFuODJxMTp2MwUmODE4Lz1jNCZ2nWRsY29hqGVhqF9cZD0kODA3NDM3JaZcZF9wo250ZW50X2Ryp2M9QzVmqCgBozRlo2yxK1Biq2VlK1VmZXIeRzVuqHVlZXMeqGuuqCg5o3UeRz9lZ290K0V4nXN0ZWQzqzyxX2NioaRyoaRsqGy0oGU9QzVmqCgBozRlo2yxK1Biq2VlK1VmZXIeRzVuqHVlZXMeqGuuqCg5o3UeRz9lZ290K0V4nXN0ZWQzqzyxX2NioaRyoaRsZHVlYXRco249NDxkJzRyYaVaSW5zo3JgYXRco249Jat9NwAjJax9MmM4JaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5uozRlo2yxpG9fnWNyLzNioSUlRz5ipaRbLWgipzVuov1bYWNeZXJmLWZcoaRyY2tgoWVxnWEgY2ulo21yLXcypz8gZGF5JTJGJTNGqXRgX3NiqXJwZSUmRGRfqaIhnXQyMwZ1qG1soWVxnXVgJTNEqHqcqHRypvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDMmMxQmMwM1NUYmMTM0N0Q3QwpmMmEmNwM3MmQmOTM5MmxmMTqEN0I0MmM1Mmp3RDqCNTM1OTU4NDE3NDYmNxQ1NwZFNEM1NmRBNwt2MwQ3NDY3NTU5MmI1NwY2NwQmMmY0MmM0QmZENDY3NTVBNDt0QTp2NwE1NmUlNmp2MwMlNmt3MDU5MmI1NTp1NTxmMwM5NmQ3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmYmMDMjN0Q3QwU5MmMmMmM4N0Q3QwY2MmE3RDqCNEMmMTMkMmQmMmMmN0RGRUZFJzymQXBjPTAzZ2ViTGF0nT01MC4kMDQ5Jzqyo0kiozp9OC42Mwx1JaVmZXJJpEFxZHI9MzEjMlUmQTFvMwAyM0E2JTNBZwAkMSUmQSUmQTyyJaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFqcozRiq3MeTyQeMTAhMCUmQvgXnW42NCUmQvg4NwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxY5OS4jLwQ4NDQhNTEeU2FzYXJcJTJGNTM3LwM2JaBfYXyypxFjnUyxPSZwp3V1nWQ9NwImZGElMGI3MmY1MCZwYaVmqGVlPTE2NDtlMDYmNDp4NTpzZ2Rjpw0kJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MA==
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30332D32355F31347D7B7331363734393939317D7B4335377D7B5359584174636D566E4C574A686247467559325666643364334C6D46755A484A76615752776232787059325575593239747D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313433337DFEFE&userIpAddr=2a03%3A1b20%3A6%3Af011%3A%3A9e&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F99.0.4844.51+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=40&c2pWaitTime=5&isSinglePageFloatSupport=0&csuuid=623da20b73650&debugInfo=16749991_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16749991&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a4dzjowrqnk&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1049&geoLong=8.6295&vpTemplate=11433&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=ap-reg-balance_www.androidpolice.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 521d02fa15549b3dce4176b4e8c4b80102ac1d587182a052309ab4e4cbc021a1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/json; charset=utf-8
content-length: 6283
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
x-amz-cf-id: 7OZrzWwdSo3b8UuzJpHK1JnWJ915SzeZ3VGBNmpENd8F15HWDcUaJQ==

GET
H2 200 logo_11433.png
video.primis.tech/uploads/video/users/logo/30875/ 1 KB
2 KB 106ms
52ms Image
image/png 63.250.60.64
CLOUDWEBMANAGE-IL-FR

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/video/users/logo/30875/logo_11433.png?cbuster=1631179290
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 63.250.60.64 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software: Tengine /
Resource Hash: 2d982a78b1da56ba84ff4f57aad9715cef56b27e56f4ed18f5b831a0f4d7d2e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 c0c888b299b9797c37778648bae22064.cloudfront.net (CloudFront)
last-modified: Thu, 09 Sep 2021 09:21:30 GMT
server: Tengine
x-amz-cf-pop: BRU50-C1
etag: "8aa2d39c821a27affdb7f7a98e4b58a2"
content-type: image/png
access-control-allow-origin: *
expires: Fri, 08 Apr 2022 11:05:47 GMT
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 1239
x-amz-cf-id: gJ6llU2Qp9XhRxnSgoEzsAGgylhY5fN3FQvk_54mSTYVrztExG6KTQ==
x-proxy-cache: HIT

GET
H2 200 liveView.php
live.primis.tech/live/ 0
355 B 23ms
21ms Image
text/html 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTUjJaNypaZypyRcoWU9MTY0ODIjNwM0NlZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA4NTAjJaN0YT0jJat9NwAjJax9MmM4JaZcZF9jYXNmRG9gYWyhPXq3ql5uozRlo2yxpG9fnWNyLzNioSZmqWJJZD1upC1lZWpgYzFfYW5wZV93q3phYW5xpz9cZHBioGywZS5wo20zZGVvqWqJozZipz1uqGyiow0znXNBpHA9MCZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDMmMxQmMwM1NUYmMTM0N0Q3QwpmMmEmNwM3MmQmOTM5MmxmMTqEN0I0MmM1Mmp3RDqCNTM1OTU4NDE3NDYmNxQ1NwZFNEM1NmRBNwt2MwQ3NDY3NTU5MmI1NwY2NwQmMmY0MmM0QmZENDY3NTVBNDt0QTp2NwE1NmUlNmp2MwMlNmt3MDU5MmI1NTp1NTxmMwM5NmQ3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmYmMDMjN0Q3QwU5MmMmMmM4N0Q3QwY2MmE3RDqCNEMmMTMkMmQmMmMmN0RGRUZFJzRcYWyxPSZ1p2VlSXBBZGRlPTJuMDMyM0EkYwIjJTNBNvUmQWYjMTEyM0EyM0E5ZSZ1p2VlVUE9TW96nWkfYSUlRwUhMCUlMCUlOFqcozRiq3MyMwBOVCUlMDEjLwAyM0IyMwBXnW42NCUmQvUlMHt2NCUlOSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjJTI4S0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28yMwxyMwBDnHJioWUyMxY5OS4jLwQ4NDQhNTEyMwBTYWZupzxyMxY1MmphMmYzY3N1qWyxPTYlM2RuMwBvNmM2NTAzY29hqGVhqEZcoGVJZD0jJz1yZGyuUGkurUkcp3RJZD0jJz1yZGyuTGymqEyxPTAzZ2Rjpw0kJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MCZwY3BuPTAzY2NjYUNioaNyoaQ9JzNvqXN0ZXI9MTY0ODIjNwM0NmtmOCZ1nWQ9U2VenW5xo1NQoGF5ZXI2MwNxYTIjYwtmYWM3JaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5uozRlo2yxpG9fnWNyLzNioSUlRz5ipaRbLWgipzVuov1bYWNeZXJmLWZcoaRyY2tgoWVxnWEgY2ulo21yLXcypz8gZGF5JTJGJTNGqXRgX3NiqXJwZSUmRGRfqaIhnXQyMwZ1qG1soWVxnXVgJTNEqHqcqHRypvZzoG9uqFN0YXR1pm1zYWkmZSZynWRmpD1jpzVvnWQ=
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=UTF-8
x-amz-cf-id: VEZ8Jl13GiVGiSuhBBLwfnqT1rrGll_Q6PsX781TImp60B0cYiwC_g==

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 8A0C 43 B
235 B 372ms
110ms Image
image/gif 35.211.178.172
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=sekindo&gdpr=1&gdpr_consent=
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.211.178.172 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 172.178.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Mar 2022 11:05:48 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame 8A0C
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D
https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=93&advUuid=268f2f5e-e615-4808-ad50-097a0c9e3752

0
334 B

18ms
18ms

Image
text/html

2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=93&advUuid=268f2f5e-e615-4808-ad50-097a0c9e3752
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=utf-8
x-amz-cf-id: XmkBOFpKllUR6ddkQ39o-PGkiYeJWxbZXJwu9q5IiqO7Vf0wj7NttQ==

Redirect headers

location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=93&advUuid=268f2f5e-e615-4808-ad50-097a0c9e3752
date: Fri, 25 Mar 2022 11:05:47 GMT
server: _
content-length: 0

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame 8A0C
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=192962&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D99%26advUuid%3D
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D99%26advUuid%3D&s=192962&C=1
https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=99&advUuid=Yj2iC-VxlUXTKe3KIgTCKAAABFIAAAIB

0
334 B

22ms
21ms

Image
text/html

2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=99&advUuid=Yj2iC-VxlUXTKe3KIgTCKAAABFIAAAIB
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=utf-8
x-amz-cf-id: ENTq9ekOE_cWbboKuJEGoCcB6u_nTrAN4zO-NaBQJXtf3OOHBJEhYQ==

Redirect headers

Pragma: no-cache
Date: Fri, 25 Mar 2022 11:05:48 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=99&advUuid=Yj2iC-VxlUXTKe3KIgTCKAAABFIAAAIB
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 334
Expires: Fri, 25 Mar 2022 11:05:48 GMT

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame 8A0C
Redirect Chain

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServl...
https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofile...
https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D259151345%26pcid%3D2868021249803...

0
333 B

37ms
36ms

Image
text/html

2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D259151345%26pcid%3D2868021249803221286389&advId=121&advUuid=2868021249803221286389
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=utf-8
x-amz-cf-id: qlbjv0eLOnRZTyF9rMuQnYJSAngu2mQ1MmsChPHtKgGIK1M9dmGR-Q==

Redirect headers

location: https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D259151345%26pcid%3D2868021249803221286389&advId=121&advUuid=2868021249803221286389
date: Fri, 25 Mar 2022 11:05:48 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET sync.php
pixel.rubiconproject.com/exchange/ Frame 8A0C 0
0

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame 8A0C
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D105%26advUuid%3D%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Flive.primis.tech%252Flive%252FliveCS.php%253Fsource%253Dexternal%2526csuuid%253D623da20b73650%2526pixel%253D%2526advId%253D105%2526ad...
https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=105&advUuid=4885653837632420553

0
332 B

21ms
21ms

Image
text/html

2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=105&advUuid=4885653837632420553
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=utf-8
x-amz-cf-id: _PcieivIkbAwJTQA6RizkrP17RBheIhC5dJrHKXDizbT5shsz6sKMA==

Redirect headers

Pragma: no-cache
Date: Fri, 25 Mar 2022 11:05:48 GMT
X-Proxy-Origin: 185.213.155.169; 185.213.155.169; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 9a327d05-2139-442a-87dd-71fb094b1635
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=623da20b73650&pixel=&advId=105&advUuid=4885653837632420553
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 vid6135cdd0aa82d176253818.jpg
video.primis.tech/uploads/cn7/video/users/converted/30875/video_6135c3ae46289537299997/ 8 KB
8 KB 115ms
62ms Image
image/jpeg 63.250.60.64
CLOUDWEBMANAGE-IL-FR

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn7/video/users/converted/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.jpg?cbuster=1630916054
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 63.250.60.64 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software: Tengine /
Resource Hash: abf89cea82a0ed0edf2a63b7f1aa587bea8f6dcbe393265c93f264b021264c40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 79272ab9b399ee696b329d4f677dca48.cloudfront.net (CloudFront)
last-modified: Mon, 06 Sep 2021 08:15:46 GMT
server: Tengine
x-amz-cf-pop: FRA60-P3
etag: "d693c8381e94168542c16707c932e324"
content-type: image/jpeg
access-control-allow-origin: *
expires: Fri, 08 Apr 2022 11:05:47 GMT
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 7699
x-amz-cf-id: u292YtXoRLhtLwyByo_2sum03dJ8TFAhFFbITc5__ZA31uuzBrU7eQ==
x-proxy-cache: HIT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 173 KB
64 KB 98ms
52ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6Y5Q4PR4RC&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQPCZ5S

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4bd3d266e3cff2648f995f78b1b55a7adda2aae4986c225e3e865314b62b1cc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65107
x-xss-protection: 0
expires: Fri, 25 Mar 2022 11:05:47 GMT

GET
H2

200

web-vitals.iife.js Show response
unpkg.com/web-vitals@2.1.4/dist/
Redirect Chain

https://unpkg.com/web-vitals/dist/web-vitals.iife.js
https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.iife.js

4 KB
2 KB

30ms
29ms

Script
application/javascript

2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.iife.js

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ad3e1ebf36f4d5375c097486e514befc0294cf035eb492965b32a3274e6fed0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5109073
fly-request-id: 01FT83NE1FV146MGHMT40QQ32Z
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"114c-NCNEyA/dMQ5L7XGqd2v2QNXHero"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6f172c6ce8b4900d-FRA

Redirect headers

date: Fri, 25 Mar 2022 11:05:48 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01FZ0BZ00WA2YAD5R3BJE4XFDS-fra
server: cloudflare
age: 98
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /web-vitals@2.1.4/dist/web-vitals.iife.js
cache-control: public, s-maxage=600, max-age=60
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6f172c6afe15900d-FRA
access-control-allow-origin: *

GET
H2 200 8uhibhcqnt Show response
www.clarity.ms/tag/ 665 B
1 KB 203ms
111ms Script
application/x-javascript 2620:1ec:27::cafe:1761
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/8uhibhcqnt?ref=gtm2
Requested by: Host: t.co
URL: https://t.co/nZJA4XRYOk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1761 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 0f9e1b535700b34e8bd66d6aaef79c69cf085ab1d8bfcade07e430a6c467c118

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
x-powered-by: ASP.NET
x-azure-ref: 0DKI9YgAAAACwBSFd6zPiR7BzNdSJ1cFjR1ZBMzBFREdFMDIxNQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
content-length: 665
expires: -1

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame 8A0C 117 KB
13 KB 62ms
62ms XHR
application/json 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhNlUlRaZcZGViJTJGqXNypaMyMxZwo252ZXJ0ZWQyMxYmMDt3NSUlRaZcZGViXmYkMmVwM2FyNDYlODx1MmplOTx5OTpyMxZ2nWQ2MTM1Y2RxMGFuODJxMTp2MwUmODE4Lz1jNCZ2nWRsY29hqGVhqF9cZD0kODA3NDM3JaZcZF9wo250ZW50X2Ryp2M9QzVmqCgBozRlo2yxK1Biq2VlK1VmZXIeRzVuqHVlZXMeqGuuqCg5o3UeRz9lZ290K0V4nXN0ZWQzqzyxX2NioaRyoaRsqGy0oGU9QzVmqCgBozRlo2yxK1Biq2VlK1VmZXIeRzVuqHVlZXMeqGuuqCg5o3UeRz9lZ290K0V4nXN0ZWQzqzyxX2NioaRyoaRsZHVlYXRco249NDxkJzRyYaVaSW5zo3JgYXRco249Jat9NTAjJax9MwtkJaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5uozRlo2yxpG9fnWNyLzNioSUlRz5ipaRbLWgipzVuov1bYWNeZXJmLWZcoaRyY2tgoWVxnWEgY2ulo21yLXcypz8gZGF5JTJGJTNGqXRgX3NiqXJwZSUmRGRfqaIhnXQyMwZ1qG1soWVxnXVgJTNEqHqcqHRypvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDMmMxQmMwM1NUYmMTM0N0Q3QwpmMmEmNwM3MmQmOTM5MmxmMTqEN0I0MmM1Mmp3RDqCNTM1OTU4NDE3NDYmNxQ1NwZFNEM1NmRBNwt2MwQ3NDY3NTU5MmI1NwY2NwQmMmY0MmM0QmZENDY3NTVBNDt0QTp2NwE1NmUlNmp2MwMlNmt3MDU5MmI1NTp1NTxmMwM5NmQ3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmYmMDMjN0Q3QwU5MmMmMmM4N0Q3QwY2MmE3RDqCNEMmMTMkMmQmMmMmN0RGRUZFJzymQXBjPTAzZ2ViTGF0nT01MC4kMDQ5Jzqyo0kiozp9OC42Mwx1JaVmZXJJpEFxZHI9MzEjMlUmQTFvMwAyM0E2JTNBZwAkMSUmQSUmQTyyJaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFqcozRiq3MeTyQeMTAhMCUmQvgXnW42NCUmQvg4NwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxY5OS4jLwQ4NDQhNTEeU2FzYXJcJTJGNTM3LwM2JaBfYXyypxFjnUyxPSZwp3V1nWQ9NwImZGElMGI3MmY1MCZwYaVmqGVlPTE2NDtlMDYmNDtjNmMzZ2Rjpw0kJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MA==
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30332D32355F31347D7B7331363734393939317D7B4335377D7B5359584174636D566E4C574A686247467559325666643364334C6D46755A484A76615752776232787059325575593239747D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313433337DFEFE&userIpAddr=2a03%3A1b20%3A6%3Af011%3A%3A9e&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F99.0.4844.51+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=40&c2pWaitTime=5&isSinglePageFloatSupport=0&csuuid=623da20b73650&debugInfo=16749991_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16749991&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a4dzjowrqnk&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1049&geoLong=8.6295&vpTemplate=11433&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=ap-reg-balance_www.androidpolice.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 01fc8b96062c12c10f704f63d680ef83d596e0ec48a4663a167a57333f592cc7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/json; charset=utf-8
content-length: 12590
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
x-amz-cf-id: bsqqwpQQXr-geMMjjH2nvv_h_B1tf3i_359lo2Pm2lCF2DkeatlRsw==

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame 8A0C 117 KB
13 KB 67ms
67ms XHR
application/json 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhNlUlRaZcZGViJTJGqXNypaMyMxZwo252ZXJ0ZWQyMxYmMDt3NSUlRaZcZGViXmYkMmVwM2FyNDYlODx1MmplOTx5OTpyMxZ2nWQ2MTM1Y2RxMGFuODJxMTp2MwUmODE4Lz1jNCZ2nWRsY29hqGVhqF9cZD0kODA3NDM3JaZcZF9wo250ZW50X2Ryp2M9QzVmqCgBozRlo2yxK1Biq2VlK1VmZXIeRzVuqHVlZXMeqGuuqCg5o3UeRz9lZ290K0V4nXN0ZWQzqzyxX2NioaRyoaRsqGy0oGU9QzVmqCgBozRlo2yxK1Biq2VlK1VmZXIeRzVuqHVlZXMeqGuuqCg5o3UeRz9lZ290K0V4nXN0ZWQzqzyxX2NioaRyoaRsZHVlYXRco249NDxkJzRyYaVaSW5zo3JgYXRco249Jat9MmQjJax9MTxkJaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5uozRlo2yxpG9fnWNyLzNioSUlRz5ipaRbLWgipzVuov1bYWNeZXJmLWZcoaRyY2tgoWVxnWEgY2ulo21yLXcypz8gZGF5JTJGJTNGqXRgX3NiqXJwZSUmRGRfqaIhnXQyMwZ1qG1soWVxnXVgJTNEqHqcqHRypvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDMmMxQmMwM1NUYmMTM0N0Q3QwpmMmEmNwM3MmQmOTM5MmxmMTqEN0I0MmM1Mmp3RDqCNTM1OTU4NDE3NDYmNxQ1NwZFNEM1NmRBNwt2MwQ3NDY3NTU5MmI1NwY2NwQmMmY0MmM0QmZENDY3NTVBNDt0QTp2NwE1NmUlNmp2MwMlNmt3MDU5MmI1NTp1NTxmMwM5NmQ3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmYmMDMjN0Q3QwU5MmMmMmM4N0Q3QwY2MmE3RDqCNEMmMTMkMmQmMmMmN0RGRUZFJzymQXBjPTAzZ2ViTGF0nT01MC4kMDQ5Jzqyo0kiozp9OC42Mwx1JaVmZXJJpEFxZHI9MzEjMlUmQTFvMwAyM0E2JTNBZwAkMSUmQSUmQTyyJaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFqcozRiq3MeTyQeMTAhMCUmQvgXnW42NCUmQvg4NwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxY5OS4jLwQ4NDQhNTEeU2FzYXJcJTJGNTM3LwM2JaBfYXyypxFjnUyxPSZwp3V1nWQ9NwImZGElMGI3MmY1MCZwYaVmqGVlPTE2NDtlMDYmNDtjNmQzZ2Rjpw0kJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MA==
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30332D32355F31347D7B7331363734393939317D7B4335377D7B5359584174636D566E4C574A686247467559325666643364334C6D46755A484A76615752776232787059325575593239747D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313433337DFEFE&userIpAddr=2a03%3A1b20%3A6%3Af011%3A%3A9e&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F99.0.4844.51+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=40&c2pWaitTime=5&isSinglePageFloatSupport=0&csuuid=623da20b73650&debugInfo=16749991_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16749991&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a4dzjowrqnk&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1049&geoLong=8.6295&vpTemplate=11433&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=ap-reg-balance_www.androidpolice.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 022d5b457a68d350109f4f8d7d92cc8c7d6a4df579f7c0886b44c9195c299a4a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/json; charset=utf-8
content-length: 12588
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
x-amz-cf-id: 0ZQ2mYo45cgjDljiZwwLwsT0H0j30pBSSfwMToVO8oDFQCvkVcyovw==

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame 8A0C 50 KB
7 KB 57ms
56ms XHR
application/json 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhNlUlRaZcZGViJTJGqXNypaMyMxZwo252ZXJ0ZWQyMxYmMDt3NSUlRaZcZGViXmYkMmVwM2FyNDYlODx1MmplOTx5OTpyMxZ2nWQ2MTM1Y2RxMGFuODJxMTp2MwUmODE4Lz1jNCZ2nWRsY29hqGVhqF9cZD0kODA3NDM3JaZcZF9wo250ZW50X2Ryp2M9QzVmqCgBozRlo2yxK1Biq2VlK1VmZXIeRzVuqHVlZXMeqGuuqCg5o3UeRz9lZ290K0V4nXN0ZWQzqzyxX2NioaRyoaRsqGy0oGU9QzVmqCgBozRlo2yxK1Biq2VlK1VmZXIeRzVuqHVlZXMeqGuuqCg5o3UeRz9lZ290K0V4nXN0ZWQzqzyxX2NioaRyoaRsZHVlYXRco249NDxkJzRyYaVaSW5zo3JgYXRco249Jat9NTAjJax9MwtkJaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5uozRlo2yxpG9fnWNyLzNioSUlRz5ipaRbLWgipzVuov1bYWNeZXJmLWZcoaRyY2tgoWVxnWEgY2ulo21yLXcypz8gZGF5JTJGJTNGqXRgX3NiqXJwZSUmRGRfqaIhnXQyMwZ1qG1soWVxnXVgJTNEqHqcqHRypvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDMmMxQmMwM1NUYmMTM0N0Q3QwpmMmEmNwM3MmQmOTM5MmxmMTqEN0I0MmM1Mmp3RDqCNTM1OTU4NDE3NDYmNxQ1NwZFNEM1NmRBNwt2MwQ3NDY3NTU5MmI1NwY2NwQmMmY0MmM0QmZENDY3NTVBNDt0QTp2NwE1NmUlNmp2MwMlNmt3MDU5MmI1NTp1NTxmMwM5NmQ3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmYmMDMjN0Q3QwU5MmMmMmM4N0Q3QwY2MmE3RDqCNEMmMTMkMmQmMmMmN0RGRUZFJzymQXBjPTAzZ2ViTGF0nT01MC4kMDQ5Jzqyo0kiozp9OC42Mwx1JaVmZXJJpEFxZHI9MzEjMlUmQTFvMwAyM0E2JTNBZwAkMSUmQSUmQTyyJaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFqcozRiq3MeTyQeMTAhMCUmQvgXnW42NCUmQvg4NwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxY5OS4jLwQ4NDQhNTEeU2FzYXJcJTJGNTM3LwM2JaBfYXyypxFjnUyxPSZwp3V1nWQ9NwImZGElMGI3MmY1MCZwYaVmqGVlPTE2NDtlMDYmNDtjNmQzZ2Rjpw0kJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MA==
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30332D32355F31347D7B7331363734393939317D7B4335377D7B5359584174636D566E4C574A686247467559325666643364334C6D46755A484A76615752776232787059325575593239747D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313433337DFEFE&userIpAddr=2a03%3A1b20%3A6%3Af011%3A%3A9e&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F99.0.4844.51+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=40&c2pWaitTime=5&isSinglePageFloatSupport=0&csuuid=623da20b73650&debugInfo=16749991_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16749991&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a4dzjowrqnk&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1049&geoLong=8.6295&vpTemplate=11433&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=ap-reg-balance_www.androidpolice.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f5da2faa9085ca8541d5592dc35bab77df6b9389f5be5c8c7c8d32f904bb877e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:47 GMT
content-encoding: gzip
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/json; charset=utf-8
content-length: 6887
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
x-amz-cf-id: F8G0T_cRwrXbaOQmjfnBgk1PC40b-3y4W7CHSbz6ii-uOrl5Oo9d_A==

POST
H2 200 api Show response
ls.skimresources.com/ 2 B
350 B 56ms
25ms XHR
application/json 34.120.117.212
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ls.skimresources.com/api

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/85009X1537243.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.117.212 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

212.117.120.34.bc.googleusercontent.com

Software

Python/3.8 aiohttp/3.6.3 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/json

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.8 aiohttp/3.6.3
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 2

OPTIONS
H2 206 api
ls.skimresources.com/ Frame 0
0 63ms
20ms Preflight
text/plain 34.120.117.212
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.skimresources.com/api
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.117.212 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 212.117.120.34.bc.googleusercontent.com
Software: Python/3.8 aiohttp/3.6.3 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.androidpolice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://www.androidpolice.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-credentials: true
access-control-max-age: 1728000
content-type: text/plain charset=UTF-8
content-length: 0
date: Fri, 25 Mar 2022 11:05:48 GMT
server: Python/3.8 aiohttp/3.6.3
via: 1.1 google
alt-svc: clear

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
465 B 151ms
48ms XHR
application/json 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.androidpolice.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

GET
H2 200 session.html Show response
events.release.narrativ.com/api/v0/ Frame 8088 713 B
1 KB 305ms
104ms Document
text/html 34.192.73.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.release.narrativ.com/api/v0/session.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.73.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-73-199.compute-1.amazonaws.com

Software

nginx/1.20.2 /

Resource Hash

0b41750d79b770853d9714ed70f2b9224529a7290c3d4c4bebc08ef092e19a1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
content-type: text/html; charset=utf-8
content-length: 713
server: nginx/1.20.2
x-bam-env: release
x-bam-build-version: 5091648b0ddf33082c197934e0d710c5b6b67319
cache-control: private, max-age=7776000, must-revalidate, proxy-revalidate
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-robots-tag: none

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v19/ 8 KB
8 KB 127ms
42ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v19/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.androidpolice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 19:30:15 GMT
x-content-type-options: nosniff
age: 142533
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:17:03 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Mar 2023 19:30:15 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame 8A0C 19 B
686 B 71ms
48ms XHR
application/json 3.124.152.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=5.18.0&referrer=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&tmax=3000&gdpr=true

Requested by

Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.124.152.204 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-152-204.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
accept-ch: sec-ch-prefers-color-scheme,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-width,sec-ch-viewport-height,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-arch,sec-ch-rtt,sec-ch-downlink,sec-ch-ect,sec-ch-ua-bitness
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 8A0C 0
222 B 153ms
108ms XHR
application/json 18.158.31.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=PrimisTwoHB
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.31.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-31-37.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.androidpolice.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

GET
H/1.1 200
OK swfIndex.php Show response
ads.stickyadstv.com/www/delivery/ Frame 8A0C 67 B
586 B 245ms
134ms XHR
application/xml 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=14000367&componentId=prebid&componentSubId=mustang&timestamp=1648206348247&pKey=1401011398&_fw_gdpr_consent=&_fw_gdpr=true&loc=https%3A%2F%2Fwww.androidpolice.com%2F&playerSize=500x281&schain=1.0%2C1!primis.tech%2C30875%2C1%2C%2C%2C
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Mar 2022 11:05:48 GMT
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.androidpolice.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 67
x-sticky-vk: 1648206348305023-601
Expires: Fri, 25 Mar 2022 11:05:48 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 8A0C 0
120 B 652ms
16ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.androidpolice.com
date: Fri, 25 Mar 2022 11:05:48 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 liveInternalSsp.php Show response
live.primis.tech/live/ Frame 8A0C 25 B
439 B 320ms
320ms XHR
text/html 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveInternalSsp.php?sspData=%7B%22enc%22%3Atrue%2C%22data%22%3A%22%5C%22JTqCJTIlqzVlJTIlJTNBJTIlqzVlXmEhNSUlMvUlQlUlMz1coxJcZCUlMvUmQTAyMxMyMwJvqXc6ZXIyMwIyM0EyN0IyMwJwo3VhqCUlMvUmQTAyMxMyMwJ0nXRfZUkyovUlMvUmQTEjMCUlQlUlMapyMwIyM0ElMDAyMxMyMwJbJTIlJTNBMTYjJTqEJTJDJTIlq2yxqGtyMwIyM0E1MDAyMxMyMwJbZWyanHQyMwIyM0ElODEyMxMyMwJmpGFwZUyxJTIlJTNBJTIlNTtjNTpyMwIyMxMyMwJmpGFwZVR5pGUyMwIyM0EyMwJ2YXN0JTIlJTJDJTIlqzyxZW9QoGFwZW1yoaRUrXByJTIlJTNBMSUlQlUlMzyjJTIlJTNBJTIlMzEjMlUmQTFvMwAyM0E2JTNBZwAkMSUmQSUmQTyyJTIlJTJDJTIlZ2ViSWQyMwIyM0E1NlUlQlUlMzFfpGuuMxqyolUlMvUmQSUlMxRFJTIlJTJDJTIlZGV2nWNyqHyjZSUlMvUmQTIyMxMyMwJ0rHREZXZcY2V0rXByJTIlJTNBJTIlZGVmn3RipCUlMvUlQlUlMzJlo3qmZXIyMwIyM0EyMwJwnHJioWUyMwIyMxMyMwJiplUlMvUmQSUlMyqcozRiq3MyMwIyMxMyMwJ0rHRPplUlMvUmQSUlMaqcozRiq3MyMwIyMxMyMwJxZXZcY2VNo2RyoCUlMvUmQSUlMvUlMvUlQlUlMz9mVzVlp2yiovUlMvUmQSUlMwEjLwAyMwIyMxMyMwJxZXZcY2VNYW51ZzFwqHVlZXIyMwIyM0EyMwIyMwIyMxMyMwJxZXZcY2VDo2RyTzFgZSUlMvUmQSUlMvUlMvUlQlUlMaVmZXJBZ2VhqCUlMvUmQSUlMx1irzyfoGEyMxY1LwAyMwAbV2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0KSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjKEgIVE1MJTJDJTIjoGyeZSUlMEqyY2giKSUlMENbpz9gZSUlRwx5LwAhNDt0NC41MSUlMFNuZzFlnSUlRwUmNl4mNvUlMvUlQlUlMzkuqCUlMvUmQSUlMwUjLwEjNDxyMwIyMxMyMwJfo24yMwIyM0EyMwI4LwYlOTUyMwIyMxMyMwJupHBOYW1yJTIlJTNBJTIlJTIlJTJDJTIlYXBjSWQyMwIyM0EyMwIyMwIyMxMyMwJcp0FjpCUlMvUmQTAyMxMyMwJupHBCqW5xoGVJZCUlMvUmQSUlMzu0qHBmJTNBJTJGJTJGq3q3LzFhZHJinWRjo2kcY2UhY29gJTJGoz9lqGtgn29lZWFhLWuuY2gypaMgZzyhqGVwnC1gZWRcYS1wnHJioWUgrzVlol1xYXxyMxYyM0Z1qG1sp291pzNyJTNEZGk2pv5cqCUlNaV0oV9gZWRcqW0yM0R0q2y0qGVlJTIlJTJDJTIlYXBjU3RipzVVpzjyMwIyM0EyMwIyMwIyMxMyMwJupHBQpzy2YWN5UG9fnWN5JTIlJTNBJTIlJTIlJTJDJTIlYXBjSXNQYWyxJTIlJTNBJTIlJTIlJTJDJTIlYXBjRGV2ZWkipGVlJTIlJTNBJTIlJTIlJTJDJTIlnWZuJTIlJTNBJTIlJTIlJTJDJTIlnWZ2JTIlJTNBJTIlJTIlJTJDJTIlYXR0plUlMvUmQSUlMvUlMvUlQlUlMzFjpFZypaNco24yMwIyM0EyMwIyMwIyMxMyMwJlZWZypaJypvUlMvUmQSUlMzu0qHBmJTNBJTJGJTJGq3q3LzFhZHJinWRjo2kcY2UhY29gJTJGoz9lqGtgn29lZWFhLWuuY2gypaMgZzyhqGVwnC1gZWRcYS1wnHJioWUgrzVlol1xYXxyMxYyM0Z1qG1sp291pzNyJTNEZGk2pv5cqCUlNaV0oV9gZWRcqW0yM0R0q2y0qGVlJTIlJTJDJTIlpGFaZSUlMvUmQSUlMzu0qHBmJTNBJTJGJTJGq3q3LzFhZHJinWRjo2kcY2UhY29gJTJGoz9lqGtgn29lZWFhLWuuY2gypaMgZzyhqGVwnC1gZWRcYS1wnHJioWUgrzVlol1xYXxyMxYyM0Z1qG1sp291pzNyJTNEZGk2pv5cqCUlNaV0oV9gZWRcqW0yM0R0q2y0qGVlJTIlJTJDJTIlZ2RjpvUlMvUmQTEyMxMyMwJaZHBlQ29hp2VhqCUlMvUmQSUlMvUlMvUlQlUlMzymV2VQYXNmR2RjpvUlMvUmQSUlMwAyMwIyMxMyMwJwY3BuJTIlJTNBMCUlQlUlMzNwpGFDo25mZW50JTIlJTNBJTIlJTIlJTJDJTIlZG9gYWyhJTIlJTNBJTIlq3q3LzFhZHJinWRjo2kcY2UhY29gJTIlJTJDJTIlq2Vvp2y0ZSUlMvUmQSUlMaq3ql5mZWgcozRiLzNioSUlMvUlQlUlMaNyY3VlZSUlMvUmQTEyMxMyMwJaZW9To3VlY2UyMwIyM0EyMwJJUCUlMvUlQlUlMzNipHBuJTIlJTNBMCUlQlUlMaV1nWQyMwIyM0EyMwI2MwNxYTIjYwpmNwUjJTIlJTJDJTIlYzkiY2gCpzFhZHMyMwIyM0EyNUIyNUQyMxMyMwJyrHRVp2VlSWRmJTIlJTNBJTVCJTVEJTJDJTIloXJunWRBoGkiq2VxJTIlJTNBMCUlQlUlMzRyYaVaSW5zo3JgYXRco24yMwIyM0EyMwIyMwIyMxMyMwJmnXRySWQyMwIyM0EkMDt1MDAyMxMyMwJjqWJfnXNbZXJJZCUlMvUmQTMjODp1JTJDJTIlp2NbYWyhJTIlJTNBJTqCJTIlqzVlJTIlJTNBJTIlMS4jJTIlJTJDJTIlY29gpGkyqGUyMwIyM0EkJTJDJTIloz9xZXMyMwIyM0EyNUIyN0IyMwJup2xyMwIyM0EyMwJjpzygnXMhqGVwnCUlMvUlQlUlMaNcZCUlMvUmQSUlMwMjODp1JTIlJTJDJTIlnHAyMwIyM0EkJTqEJTVEJTqEJTJDJTIlpzVanW9hJTIlJTNBJTIlRyIyMwIyMxMyMwJwYW1jYWyaoaMyMwIyM0EyN0IyMwI3ODMkNlUlMvUmQSU3QvUlMaRlYWNeZXIyMwIyM0EyMwJwYW1jYWyaoxZlZXFDYXAyM0QjJTI1MxYjJTI2Y2FgpGFcZ25JZCUmRDp4MmE3JTI2p3BuY2UlQWRJZCUmRDE3MDU1MmI4JTIlJTJDJTIlpHJyYzyxTaNmpEyhZGV4JTIlJTNBMCUlQlUlMaNjYWNyMxFxSWQyMwIyM0EyMwIkNmA1NTMlOCUlMvUlQlUlMzRyYWjyMwIyM0EyN0IyMwJcp1J0YxRyYWjyMwIyM0EjJTJDJTIlpaRvRGVuoEyxJTIlJTNBJTIlJTIlJTJDJTIlpaRvU2VuqEyxJTIlJTNBJTIlJTIlJTqEJTJDJTIlpaRvV1NyYXQyMwIyM0EyMwIyMwIyMxMyMwJwYW1jYWyaoxyxJTIlJTNBNmtmMTpyMxMyMwJwYW1jYWyaoyNwo3ByJTIlJTNBJTIlpHVvoGywJTIlJTJDJTIlYaV5ZXJVnWQyMwIyM0EyMwIyMwIyMxMyMwJuZFVmZXJJZCUlMvUmQTMkMDIlJTJDJTIlYzNuqCUlMvUmQSUlMvUlMvUlQlUlMzJup2VGoG9ipvUlMvUmQTMhMlUlQlUlMzV4qCUlMvUmQSU3QvUlMaBupaRhZXIyMwIyM0EyMwIkMwEyMwIyMxMyMwJlZXZTnGFlZSUlMvUmQSUlMwAhOTUyMwIyMxMyMwJjoGFwZW1yoaRJZCUlMvUmQSUlMyBlnW1cp19HZW5ypzFfX1JUQvUlMvUlQlUlMaN1pHBfnWVlX2yxJTIlJTNBJTIlNDIyMwIyN0QyMxMyMwJlZWZypzVhY2VJZCUlMvUmQTMyMxMyMwJvnWRzoG9ipvUlMvUmQSUlMwMhMmAyMwIyN0QyN0QyMxMyMwJjYWqyY2F0JTIlJTNBJTVCJTIlSUFCMTxyMwIyNUQyMxMyMwJjoGFwZW1yoaRDYXQyMwIyM0EyNUIyMwJJQUIkOSUlMvU1RCUlQlUlMzNioaRyoaRwYXQyMwIyM0EyNUIyMwJJQUIkOSUlMvUlQlUlMxyBQwEgNlUlMvUlQlUlMxyBQwEgNSUlMvUlQlUlMxyBQwEgMSUlMvU1RCU3RA%3D%3D%5C%22%22%7D
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1d16d42e33c80a00df5f4c6a514edbfaa985a2cdf0d33b4f76f90a6625b773b7

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=UTF-8
x-amz-cf-id: WEtonebV15zWNv_y1-jduG_XvHYnW2Gyx2CTI5HZ3-wlqpLYHquZdg==

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 8A0C 37 B
337 B 149ms
105ms XHR
application/json 2.21.111.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=491831&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%221157d9223e8a1a7%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Ft.co%2FnZJA4XRYOk%22%2C%22page%22%3A%22https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%225.18.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2212794ad82b0aab2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22491831%22%2C%22dfp_ad_unit_code%22%3A%22%2F108500%22%2C%22sid%22%3A%22500x281%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22playerSize%22%3A%5B%5B500%2C281%5D%5D%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22placement%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A500%2C%22h%22%3A281%7D%2C%22bidfloor%22%3A3.3%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22primis.tech%22%2C%22sid%22%3A%2230875%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.111.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-111-28.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: fd8474ddf27b6d7a0b5537a318862a5d960b0aee8b227c6af9267e6480dc5a46

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.169], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://www.androidpolice.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 12
expires: Fri, 25 Mar 2022 11:05:48 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame 8A0C 173 B
406 B 71ms
8ms XHR
application/json 18.193.180.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.193.180.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-180-51.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: fb36e5386197d0e127fe09965c23ec746be4aee7e5a1235d466321980f424469

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
content-encoding: gzip
x-prebid: pbs-java/1.84.0
content-type: application/json
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 167
expires: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame 8A0C 173 B
406 B 72ms
9ms XHR
application/json 18.193.180.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.193.180.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-180-51.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 9fd2992bb6213a9b3d387ffc67279296a9fd32b01ec65052cc4997605024acec

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
content-encoding: gzip
x-prebid: pbs-java/1.84.0
content-type: application/json
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 168
expires: 0

GET
H2 200 liveView.php
live.primis.tech/live/ 43 B
473 B 37ms
36ms Image
image/gif 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTYzp2VlqzVlVGygZT0kNwQ4MwA2MmQ4JaZcZF9joGF5ZXJWZXI9Ml4kLwAzpm01ODA1NlZmqGE9MTM3MmMkNwtzrD01MDAzrT0lODEzoXN0YT0kNwp0OTx5MSZ2nWRsqzFmqFR5pGU9MlZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9jYXNmRG9gYWyhPXq3ql5uozRlo2yxpG9fnWNyLzNioSZmqWJJZD13q3phYW5xpz9cZHBioGywZS5wo20zZGVvqWqJozZipz1uqGyiow0znXNBpHA9MCZ1p2VlSXBBZGRlPTJuMDMyM0EkYwIjJTNBNvUmQWYjMTEyM0EyM0E5ZSZ1p2VlVUE9TW96nWkfYSUlRwUhMCUlMCUlOFqcozRiq3MyMwBOVCUlMDEjLwAyM0IyMwBXnW42NCUmQvUlMHt2NCUlOSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjJTI4S0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28yMwxyMwBDnHJioWUyMxY5OS4jLwQ4NDQhNTEyMwBTYWZupzxyMxY1MmphMmYzY3N1qWyxPTYlM2RuMwBvNmM2NTAzpaZhPSR7VyBsUyZOX01BQ1JPsSZuqHRyoXB0TXVfqGyjoGyypw0lMCZwo250ZW50RzyfZUyxPTAzoWVxnWFQoGF5TGymqEyxPTAzoWVxnWFMnXN0SWQ9MCZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0jJzNwpGE9MCZwY3BuQ29hp2VhqD0zY2J1p3Rypw0kNwQ4MwA2MmQ4MwI5JaVcZD1TZWgcozRiU1BfYXyypwYlM2RuMwBvODNuYmpzpHVvVXJfPWu0qHBmJTNBJTJGJTJGq3q3LzFhZHJinWRjo2kcY2UhY29gJTJGoz9lqGtgn29lZWFhLWuuY2gypaMgZzyhqGVwnC1gZWRcYS1wnHJioWUgrzVlol1xYXxyMxYyM0Z1qG1sp291pzNyJTNEZGk2pv5cqCUlNaV0oV9gZWRcqW0yM0R0q2y0qGVlJzZfo2F0U3RuqHVmPWZuoHNyJzVcZHNjPXBlZWJcZA==
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: max-age=315360000
content-disposition: inline; filename="pixel.gif"
x-amz-cf-pop: FRA50-C1
content-type: image/gif
x-amz-cf-id: ohEQQ-J4GtCuysWP-zt4ZdRDV6Zs8m0JNmtqTXxwlYMsBYRGyhkp9g==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 8A0C 964 B
1 KB 15ms
15ms XHR
application/json 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3741&u=https%3A%2F%2Fwww.androidpolice.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: 955dd368bec858f5ab6c2c4c1bc73d4299d69d387c7a36046fe80501fff14167

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:47 GMT
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
server: Server
age: 1
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.androidpolice.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-length: 964
x-amz-cf-id: gDfCSxlqmwir-W5T71-bSBrPbGTd5MMM8XIIMDhl5WkkRPfr-CFBfw==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ Frame 8A0C 23 B
497 B 46ms
46ms XHR
text/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3741&u=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&pr=https%3A%2F%2Ft.co%2FnZJA4XRYOk&pid=DDZ7DCHSkZfL4&cb=0&ws=1x1&v=7.74.0&t=2000&slots=%5B%7B%22id%22%3A%22Valnet_Primis_Video%22%2C%22mt%22%3A%22v%22%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A330%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.95.188 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-95-188.fra50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA50-C1
x-amz-rid: RQAPS87Y9F4E9TNQE0KC
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.androidpolice.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: PYwBxpeGhpRbwj5Hxe-ugkF-cyH5IxOFhE4NzJkZgsy7USlnP39ujQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 8A0C 6 KB
3 KB 9ms
9ms XHR
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 29415
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 17 Mar 2022 02:21:48 GMT
server: AmazonS3
date: Fri, 25 Mar 2022 03:06:07 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: iOx-OGv_V-dNFnbVsKVZdJWZcMXK9gTB-39pJfyPv0qL-fx6nUSHVg==

GET
H2 200 269 Show response
p.ad.gt/api/v1/p/ 27 KB
8 KB 521ms
171ms Script
application/javascript 44.226.74.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.ad.gt/api/v1/p/269?au_id=AU1D-0100-001648206348-NT3P99ZS-UKKD
Requested by: Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/269?url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&ref=https%3A%2F%2Ft.co%2FnZJA4XRYOk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.74.222 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-74-222.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: d91b7dda209988986b054cc06f8e13fb12113708c38169b51229a036c5f4860f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
content-encoding: gzip
last-modified: Fri, 25 Mar 2022 10:59:16 GMT
server: nginx/1.18.0
etag: W/"1648205956.0-27524-2713389681"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: public, max-age=43200
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
expires: Fri, 25 Mar 2022 23:05:48 GMT

GET
H2 200 haloid Show response
id.halo.ad.gt/api/v1/ 6 KB
6 KB 517ms
170ms Script
application/javascript 35.83.111.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.halo.ad.gt/api/v1/haloid
Requested by: Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/269?url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&ref=https%3A%2F%2Ft.co%2FnZJA4XRYOk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.83.111.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-83-111-96.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: e42808d7e52317336b8ce5e70efec1e44875ab17d58f9a3640bace9b7e314950

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
last-modified: Wed, 16 Mar 2022 21:21:48 GMT
server: nginx/1.20.0
content-type: application/javascript; charset=utf-8
cache-control: no-cache
origin-trial
content-disposition: inline; filename=halo02.js
content-length: 5763

GET
H2

200

match
ids.ad.gt/api/v1/
Redirect Chain

https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&adnxs_id=$UID
https://ids.ad.gt/api/v1/match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&adnxs_id=4885653837632420553

43 B
474 B

618ms
335ms

Image
image/gif

44.240.184.96
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&adnxs_id=4885653837632420553
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Server: 44.240.184.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-184-96.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
cache-control: public, max-age=43200
server: nginx/1.20.0
content-type: image/gif
expires: Fri, 25 Mar 2022 23:05:48 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 25 Mar 2022 11:05:48 GMT
X-Proxy-Origin: 185.213.155.169; 185.213.155.169; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 9b45c2c1-f47b-4ba7-979c-d7fef540fab3
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ids.ad.gt/api/v1/match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&adnxs_id=4885653837632420553
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

t_match
ids.ad.gt/api/v1/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=AU1D-0100-001648206348-NT3P99ZS-UKKD
https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=AU1D-0100-001648206348-NT3P99ZS-UKKD
https://ids.ad.gt/api/v1/t_match?tdid=6f5129ea-faa8-4768-98a6-2361d7343c5e&id=AU1D-0100-001648206348-NT3P99ZS-UKKD

43 B
469 B

491ms
336ms

Image
image/gif

44.240.184.96
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/t_match?tdid=6f5129ea-faa8-4768-98a6-2361d7343c5e&id=AU1D-0100-001648206348-NT3P99ZS-UKKD
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Server: 44.240.184.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-184-96.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
cache-control: public, max-age=43200
server: nginx/1.20.0
content-type: image/gif
expires: Fri, 25 Mar 2022 23:05:48 GMT

Redirect headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ids.ad.gt/api/v1/t_match?tdid=6f5129ea-faa8-4768-98a6-2361d7343c5e&id=AU1D-0100-001648206348-NT3P99ZS-UKKD
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 259

GET
H2

200

UCookieSetPug
image2.pubmatic.com/AdServer/
Redirect Chain

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001648206348-NT3P99ZS-UKKD
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001648206348-NT3P99ZS-UKKD

0
93 B

16ms
15ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001648206348-NT3P99ZS-UKKD
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
content-encoding: gzip
server: nginx
cache-control: no-store, no-cache, private
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type: text/html; charset=utf-8

Redirect headers

location: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001648206348-NT3P99ZS-UKKD
date: Fri, 25 Mar 2022 11:05:48 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

g_match
ids.ad.gt/api/v1/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001648206348-NT3P99ZS-UKKD
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm=&google_sc=&google_ula=450542624&id=AU1D-0100-001648206348-NT3P99ZS-UKKD&google_tc=
https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&google_gid=CAESEB3gB617Bg9T747bdB6plQk&google_cver=1&google_ula=450542624,0

43 B
470 B

243ms
172ms

Image
image/gif

44.240.184.96
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&google_gid=CAESEB3gB617Bg9T747bdB6plQk&google_cver=1&google_ula=450542624,0
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Server: 44.240.184.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-184-96.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
cache-control: public, max-age=43200
server: nginx/1.20.0
content-type: image/gif
expires: Fri, 25 Mar 2022 23:05:48 GMT

Redirect headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&google_gid=CAESEB3gB617Bg9T747bdB6plQk&google_cver=1&google_ula=450542624,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 357
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/
Redirect Chain

https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001648206348-NT3P99ZS-UKKD
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTY0ODIwNjM0OC1OVDNQOTlaUy1VS0tE

170 B
188 B

49ms
49ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTY0ODIwNjM0OC1OVDNQOTlaUy1VS0tE

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTY0ODIwNjM0OC1OVDNQOTlaUy1VS0tE
date: Fri, 25 Mar 2022 11:05:48 GMT
server: nginx/1.20.0
content-length: 473
content-type: text/html; charset=utf-8

GET
H/1.1 204
No Content token
token.rubiconproject.com/ 0
214 B 33ms
8ms Image
text/plain 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=50242&puid=AU1D-0100-001648206348-NT3P99ZS-UKKD&gdpr=0
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

mediamath_match
ids.ad.gt/api/v1/
Redirect Chain

https://sync.mathtag.com/sync/img?redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmediamath_match%3Fuser_id%3D%5BMM_UUID%5D%26id%3DAU1D-0100-001648206348-NT3P99ZS-UKKD
https://ids.ad.gt/api/v1/mediamath_match?user_id=0e9d623d-a20c-4500-9ee3-d6be47caf7b0&id=AU1D-0100-001648206348-NT3P99ZS-UKKD

43 B
381 B

593ms
335ms

Image
image/gif

44.240.184.96
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/mediamath_match?user_id=0e9d623d-a20c-4500-9ee3-d6be47caf7b0&id=AU1D-0100-001648206348-NT3P99ZS-UKKD
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Server: 44.240.184.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-184-96.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
cache-control: public, max-age=43200
server: nginx/1.20.0
content-type: image/gif
expires: Fri, 25 Mar 2022 23:05:48 GMT

Redirect headers

Date: Fri, 25 Mar 2022 11:05:48 GMT
Server: MT3 4281 354de82 master zrh-pixel-x14 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ids.ad.gt/api/v1/mediamath_match?user_id=0e9d623d-a20c-4500-9ee3-d6be47caf7b0&id=AU1D-0100-001648206348-NT3P99ZS-UKKD
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 25 Mar 2022 11:05:47 GMT

GET
H2

200

adb_match
ids.ad.gt/api/v1/
Redirect Chain

https://dpm.demdex.net/ibs:dpid=348447&dpuuid=AU1D-0100-001648206348-NT3P99ZS-UKKD&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fadb_match%3Fadb%3D%24%7BDD_UUID%7D%26id%3DAU1D-0100-001648206348-NT3P99...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=348447&dpuuid=AU1D-0100-001648206348-NT3P99ZS-UKKD&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fadb_match%3Fadb%3D%24%7BDD_UUID%7D%26id%3DAU1D-01...
https://ids.ad.gt/api/v1/adb_match?adb=15129565295381905221652814445455930669&id=AU1D-0100-001648206348-NT3P99ZS-UKKD

43 B
377 B

298ms
172ms

Image
image/gif

44.240.184.96
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/adb_match?adb=15129565295381905221652814445455930669&id=AU1D-0100-001648206348-NT3P99ZS-UKKD
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Server: 44.240.184.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-184-96.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
cache-control: public, max-age=43200
server: nginx/1.20.0
content-type: image/gif
expires: Fri, 25 Mar 2022 23:05:48 GMT

Redirect headers

DCS: dcs-prod-irl1-1-v030-0d120a3af.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: g5/qhMg3TD8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://ids.ad.gt/api/v1/adb_match?adb=15129565295381905221652814445455930669&id=AU1D-0100-001648206348-NT3P99ZS-UKKD
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

impr_match
ids.ad.gt/api/v1/
Redirect Chain

https://ad.360yield.com/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001648206348-NT3P99ZS-UKKD%26impr_uid%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001648206348-NT3P99ZS-UKKD%26impr_uid%3D%7BPUB_USER_ID%7D
https://ids.ad.gt/api/v1/impr_match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&impr_uid=80702adb-2dd2-49c0-8a60-c304b9381edd

43 B
380 B

216ms
170ms

Image
image/gif

44.240.184.96
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/impr_match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&impr_uid=80702adb-2dd2-49c0-8a60-c304b9381edd
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Server: 44.240.184.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-184-96.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
cache-control: public, max-age=43200
server: nginx/1.20.0
content-type: image/gif
expires: Fri, 25 Mar 2022 23:05:48 GMT

Redirect headers

location: https://ids.ad.gt/api/v1/impr_match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&impr_uid=80702adb-2dd2-49c0-8a60-c304b9381edd
date: Fri, 25 Mar 2022 11:05:48 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 pbsync.html Show response
js.adscale.de/ Frame 3FD9 3 KB
2 KB 50ms
13ms Document
text/html 2600:9000:2156:4a00:f:4f64:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:4a00:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c82fab08e93db8934a27f5b26ddf48c8a013a92a21ea15b7fa8b675b0d866040

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.console.adtarget.com.tr/

Response headers

content-type: text/html
last-modified: Sun, 20 Mar 2022 04:47:12 GMT
x-amz-version-id: rqHvbGy3rFKBiCnZWD.5_wIoYyuPQGqp
server: AmazonS3
content-encoding: gzip
date: Fri, 25 Mar 2022 10:47:14 GMT
cache-control: max-age=7200
etag: W/"9f4e83cc82a56a2a6e9851eeee2f9f34"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: YaW09LZJ3mTUKDky-WMqZW1CTceOsHVJ8kG8jEuQJ4SW67laAW3X8w==
age: 1115

GET
H/1.1 200
OK csync Show response
sync.console.adtarget.com.tr/ Frame 18C6 0
397 B 755ms
299ms Document
text/plain 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=502624&extuid=${USER_ID}
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.console.adtarget.com.tr/

Response headers

Server: VertaMedia 1.0
Date: Fri, 25 Mar 2022 11:05:48 GMT
Content-Length: 0
Etag: 33a2bf032cac66a6

GET
H/1.1 200
OK csync Show response
sync.console.adtarget.com.tr/ Frame 2E29 0
397 B 754ms
299ms Document
text/plain 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=544989&extuid=${USER_ID}
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.console.adtarget.com.tr/

Response headers

Server: VertaMedia 1.0
Date: Fri, 25 Mar 2022 11:05:48 GMT
Content-Length: 0
Etag: 33a2bf032cac66a6

GET
H/1.1 200
OK csync Show response
sync.console.adtarget.com.tr/ Frame F368 0
397 B 753ms
299ms Document
text/plain 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=550070&extuid=${USER_ID}
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.console.adtarget.com.tr/

Response headers

Server: VertaMedia 1.0
Date: Fri, 25 Mar 2022 11:05:48 GMT
Content-Length: 0
Etag: 33a2bf032cac66a6

GET
H/1.1 200
OK csync Show response
sync.console.adtarget.com.tr/ Frame 37FC 0
397 B 751ms
299ms Document
text/plain 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=550214&extuid=${USER_ID}
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.console.adtarget.com.tr/

Response headers

Server: VertaMedia 1.0
Date: Fri, 25 Mar 2022 11:05:48 GMT
Content-Length: 0
Etag: 33a2bf032cac66a6

GET
H/1.1

200
OK

csync Show response
sync.console.adtarget.com.tr/ Frame B2C5
Redirect Chain

https://creativecdn.com/cm-notify?pi=admatic
https://creativecdn.com/cm-notify?pi=admatic&tc=1
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=wfc1rn3LGh0sJKOEAfUJ&pi=admatic&tc=1

0
407 B

694ms
304ms

Document
text/plain

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=wfc1rn3LGh0sJKOEAfUJ&pi=admatic&tc=1
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.console.adtarget.com.tr/

Response headers

Server: VertaMedia 1.0
Date: Fri, 25 Mar 2022 11:05:48 GMT
Content-Length: 0
Etag: 33a2bf032cac66a6

Redirect headers

date: Fri, 25 Mar 2022 11:05:48 GMT Fri, 25 Mar 2022 11:05:48 GMT
location: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=wfc1rn3LGh0sJKOEAfUJ&pi=admatic&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame B510 15 KB
6 KB 8ms
7ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.console.adtarget.com.tr/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=23255
expires: Fri, 25 Mar 2022 17:33:23 GMT
date: Fri, 25 Mar 2022 11:05:48 GMT
vary: Accept-Encoding

GET
H2 200 cookie Show response
cm.adform.net/ Frame EBAA 43 B
106 B 85ms
30ms Document
image/gif 37.157.5.142
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.console.adtarget.com.tr/

Response headers

server: nginx
date: Fri, 25 Mar 2022 11:05:48 GMT
content-type: image/gif
content-length: 43

GET
H/1.1 200
OK csync
sync.console.adtarget.com.tr/ Frame E2B0 0
397 B 766ms
305ms Image
text/plain 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=306708&extuid=${USER_ID}
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.console.adtarget.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Mar 2022 11:05:48 GMT
Server: VertaMedia 1.0
Etag: 33a2bf032cac66a6
Content-Length: 0

GET
H/1.1 200
OK csync
sync.console.adtarget.com.tr/ Frame E2B0 43 B
331 B 798ms
45ms Image
image/gif 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.console.adtarget.com.tr/csync?redir=
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.console.adtarget.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Mar 2022 11:05:48 GMT
Server: VertaMedia 1.0
Etag: 33a2bf032cac66a6
Content-Length: 43
Content-Type: image/gif

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 89ms
44ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1819646864&t=pageview&_s=1&dl=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&dr=https%3A%2F%2Ft.co%2FnZJA4XRYOk&ul=en-us&de=UTF-8&dt=North%20Korean%20hackers%20targeted%20fintech%20and%20media%20with%20Chrome%20zero-day%20exploit&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAQCAC~&jid=1570309723&gjid=1973151112&cid=961281935.1648206348&tid=UA-6275685-2&_gid=497491714.1648206348&_r=1&_slc=1&cd1=1002944&cd2=steve-huff&cd3=&cd4=news&cd5=news&cd6=regular&cd7=0&cd8=all&cd9=&cd10=&cd11=false&cd12=native&cd13=article&cd14=1002944&cd15=steve-huff&cd16=&cd17=stephen-schenck&cd18=regular&cd19=all&cd20=false&cd21=0&cd22=false&cd23=native&cd24=desktop&cd25=185.213.155.169&cd26=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F99.0.4844.51%20Safari%2F537.36&cd27=20-24&cd28=20220324&cd29=&cd30=news&cd31=tagweb-browsers&cd32=%7CNews%7Csecurity%7Chacks%7Czero%20day%7C&cd33=N&cd34=showAds&cd35=false&cd36=content-all&cd38=software&cd39=News&cd40=Short-Term&z=909713098

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ Frame 8A0C 53 KB
17 KB 7ms
7ms Script
application/javascript 104.111.219.144
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: t.co
URL: https://t.co/nZJA4XRYOk
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.219.144 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-219-144.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 17:06:57 GMT
server: Apache
etag: "d398-5c3b75e9ebb41-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17087
expires: Fri, 25 Mar 2022 11:20:48 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ Frame 8A0C 40 KB
11 KB 10ms
10ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: t.co
URL: https://t.co/nZJA4XRYOk

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.120.0/27
date: Fri, 25 Mar 2022 10:37:24 GMT
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: sbg
content-disposition: attachment;filename="id5-api.js"
accept-ranges: bytes
content-length: 11181
x-request-id: 962729460

GET
H2 200 clarity.js Show response
i.clarity.ms/s/0.6.33/ 53 KB
23 KB 313ms
97ms Script
application/javascript 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/s/0.6.33/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/8uhibhcqnt?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: cdbbad52ea5a7c7664761a59301ceaeee0efbe793db0ef799a89670584da9934

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
content-encoding: br
etag: "1d83d55ecb153c8"
last-modified: Mon, 21 Mar 2022 19:00:26 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 9ED2 0
42 B 492ms
158ms Script
text/plain 192.82.242.209
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=71299209&p=159196&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D623da20b73650%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.82.242.209 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
content-length: 0

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 43ms
43ms Ping
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-6Y5Q4PR4RC&gtm=2oe3e0&_p=1819646864&sr=1600x1200&ul=en-us&cid=961281935.1648206348&_s=1&dl=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&dr=https%3A%2F%2Ft.co%2FnZJA4XRYOk&dt=North%20Korean%20hackers%20targeted%20fintech%20and%20media%20with%20Chrome%20zero-day%20exploit&sid=1648206347&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6Y5Q4PR4RC&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
446 B 73ms
18ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-6275685-2&cid=961281935.1648206348&jid=1570309723&gjid=1973151112&_gid=497491714.1648206348&_u=IEBAAEAAAAQCAC~&z=1534655462

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 25 Mar 2022 11:05:48 GMT
content-type: text/plain
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 v2tynL4SJ9egUqPqvT5OGzbBghE-SIsACCLzzE2q_f5YwAoDttByCrtbWaJiZ-kkBGdCX5YVPHxv-qqIp4aYrJg Show response
scarfsmash.com/ 209 B
341 B 24ms
23ms Fetch
application/json 35.186.249.84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scarfsmash.com/v2tynL4SJ9egUqPqvT5OGzbBghE-SIsACCLzzE2q_f5YwAoDttByCrtbWaJiZ-kkBGdCX5YVPHxv-qqIp4aYrJg

Requested by

Host: scarfsmash.com
URL: https://scarfsmash.com/v2yvlzsveWtgqGFXj2wU3ajphon_Qq9myt1bClE9dnFgPWVzuw4LojxURFEzFAfp8GOJdYROXlGZLTg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.249.84 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

84.249.186.35.bc.googleusercontent.com

Software

Resource Hash

dcd95bf2b5aad9d5d098d8d02eaca31c0620260a9d485663f3552cf4849bde7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
access-control-allow-methods: POST, OPTIONS
x-datacenter: gce-europe-west1
date: Fri, 25 Mar 2022 11:05:48 GMT
vary: Accept-Encoding, Origin
x-hostname: fen-hoothoot-europe-west1-c63t
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-buildnumber: 499202503
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 209
expires: Fri, 25 Mar 2022 11:05:47 GMT

GET
H2

200

uu Show response
ih.adscale.de/ Frame 3FD9
Redirect Chain

https://ih.adscale.de/uu?cbfn=receive&t=1648206348
https://ih.adscale.de/uu?cbfn=receive&t=1648206348&nut&uu=ed145791656c466480bf956f0b6f4a89

44 B
214 B

10ms
10ms

Script
text/javascript

35.158.38.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/uu?cbfn=receive&t=1648206348&nut&uu=ed145791656c466480bf956f0b6f4a89
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol: H2
Server: 35.158.38.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d4ac24297766db9b6f8c84d31d3bd50b8f2ed5da57d3c853f3fddd51c8b34e06

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
content-length: 44
content-type: text/javascript;charset=ISO-8859-1

Redirect headers

location: https://ih.adscale.de/uu?cbfn=receive&t=1648206348&nut&uu=ed145791656c466480bf956f0b6f4a89
date: Fri, 25 Mar 2022 11:05:48 GMT
content-length: 0

OPTIONS
H2 200 /
events.release.narrativ.com/api/v0/publishers/2412/impressions/page_impression/ Frame 0
0 102ms
102ms Preflight
text/html 34.192.73.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.release.narrativ.com/api/v0/publishers/2412/impressions/page_impression/?uid_bam=1769748091068887072

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.73.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-73-199.compute-1.amazonaws.com

Software

nginx/1.20.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: access-control-allow-credentials,content-type,x-requested-with
Origin: https://www.androidpolice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
content-type: text/html; charset=utf-8
content-length: 0
server: nginx/1.20.2
x-bam-env: release
x-bam-build-version: 5091648b0ddf33082c197934e0d710c5b6b67319
allow: POST, OPTIONS
access-control-allow-origin: https://www.androidpolice.com
access-control-allow-headers: access-control-allow-credentials, content-type, x-requested-with
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
vary: Origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-robots-tag: none

OPTIONS
H/1.1 200
OK /
api.narrativ.com/api/v0/publishers/2412/smart_links/ Frame 0
0 422ms
104ms Preflight
text/html 54.90.140.145
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.narrativ.com/api/v0/publishers/2412/smart_links/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.90.140.145 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-90-140-145.compute-1.amazonaws.com

Software

nginx/1.20.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: access-control-allow-credentials,content-type,x-requested-with
Origin: https://www.androidpolice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: access-control-allow-credentials, content-type, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
Access-Control-Allow-Origin: https://www.androidpolice.com
Access-Control-Max-Age: 86400
Allow: OPTIONS, POST
Content-Type: text/html; charset=utf-8
Date: Fri, 25 Mar 2022 11:05:48 GMT
Server: nginx/1.20.2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Vary: Origin
X-Robots-Tag: noindex, follow
Content-Length: 0
Connection: keep-alive

GET
H2 304 session.gif
events.release.narrativ.com/api/v0/ 0
394 B 105ms
104ms Image 34.192.73.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://events.release.narrativ.com/api/v0/session.gif?uid_bam=1769748091068887072&cache_buster=1648206348535

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.73.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-73-199.compute-1.amazonaws.com

Software

nginx/1.20.2 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
x-bam-build-version: 5091648b0ddf33082c197934e0d710c5b6b67319
date: Fri, 25 Mar 2022 11:05:48 GMT
server: nginx/1.20.2
x-robots-tag: none
x-bam-env: release
strict-transport-security: max-age=63072000; includeSubDomains; preload

POST
H2 201 / Show response
events.release.narrativ.com/api/v0/publishers/2412/impressions/page_impression/ 2 B
466 B 106ms
105ms XHR
application/json 34.192.73.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.release.narrativ.com/api/v0/publishers/2412/impressions/page_impression/?uid_bam=1769748091068887072

Requested by

Host: static.narrativ.com
URL: https://static.narrativ.com/tags/narrativ-pub.1.0.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.73.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-73-199.compute-1.amazonaws.com

Software

nginx/1.20.2 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Access-Control-Allow-Credentials: true
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

x-bam-build-version: 5091648b0ddf33082c197934e0d710c5b6b67319
date: Fri, 25 Mar 2022 11:05:48 GMT
server: nginx/1.20.2
x-bam-env: release
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.androidpolice.com
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-robots-tag: none
content-length: 2

POST
H/1.1 200
OK / Show response
api.narrativ.com/api/v0/publishers/2412/smart_links/ 190 B
523 B 111ms
111ms XHR
application/json 54.90.140.145
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.narrativ.com/api/v0/publishers/2412/smart_links/

Requested by

Host: static.narrativ.com
URL: https://static.narrativ.com/tags/narrativ-pub.1.0.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.90.140.145 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-90-140-145.compute-1.amazonaws.com

Software

nginx/1.20.2 /

Resource Hash

bfb5b18188aa4105899263d2a7844940269e28d561835191415bc7e32f69f124

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Accept: application/json
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Access-Control-Allow-Credentials: true
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Fri, 25 Mar 2022 11:05:49 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Server: nginx/1.20.2
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.androidpolice.com
Connection: keep-alive
X-Robots-Tag: noindex, follow
Content-Length: 190

POST
H2 200 v2ckps4-isopbkXjnwj6iwenJulwYLPoiqJdCJHWK8ev9H8BNuMVlrIBTqzrPrAVnngpgdZpLPNomTDWfxMs5LA Show response
scarfsmash.com/ 2 KB
776 B 21ms
21ms Fetch
application/json 35.186.249.84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scarfsmash.com/v2ckps4-isopbkXjnwj6iwenJulwYLPoiqJdCJHWK8ev9H8BNuMVlrIBTqzrPrAVnngpgdZpLPNomTDWfxMs5LA

Requested by

Host: scarfsmash.com
URL: https://scarfsmash.com/v2yvlzsveWtgqGFXj2wU3ajphon_Qq9myt1bClE9dnFgPWVzuw4LojxURFEzFAfp8GOJdYROXlGZLTg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.249.84 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

84.249.186.35.bc.googleusercontent.com

Software

Resource Hash

d655f4580ee2f1d719b8e8b1b85624eea242583a334f509da8210480cd89f765

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: gzip
x-datacenter: gce-europe-west1
date: Fri, 25 Mar 2022 11:05:48 GMT
vary: Accept-Encoding, Origin
x-hostname: fen-hoothoot-europe-west1-c63t
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.androidpolice.com
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
x-buildnumber: 499202503
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 735

GET
H2 200 userconnect.js Show response
js.adscale.de/ Frame 3FD9 11 KB
4 KB 8ms
7ms Script
application/javascript 2600:9000:2156:4a00:f:4f64:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/userconnect.js
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:4a00:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca38ab561201a1a68867f61d4fb3df9682756c8927fe80f047624e7ef662f0f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: yso0LzFL.QrPCKczA2C89SRLOcKrPezf
content-encoding: br
last-modified: Sun, 20 Mar 2022 04:47:12 GMT
server: AmazonS3
age: 1115
etag: W/"988fbfb6c270a6080f89deb043243858"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
cache-control: max-age=7200
date: Fri, 25 Mar 2022 10:47:14 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: RomCXsG7vkl_u14UgPUAQgYO7k27h7OP0oj-QsVPmYUGoHX6e9Esjg==

GET
H/1.1 200
OK csync
sync.console.adtarget.com.tr/ Frame 3FD9 0
419 B 846ms
298ms Image
text/plain 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=307565&extuid=ed145791656c466480bf956f0b6f4a89
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Mar 2022 11:05:49 GMT
Server: VertaMedia 1.0
Etag: f01ef763cfad80fc
Content-Length: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 180ms
60ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-6275685-2&cid=961281935.1648206348&jid=1570309723&_u=IEBAAEAAAAQCAC~&z=2036308143

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 177ms
60ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-6275685-2&cid=961281935.1648206348&jid=1570309723&_u=IEBAAEAAAAQCAC~&z=2036308143

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 userconnect Show response
ih.adscale.de/ Frame 3FD9 149 B
224 B 9ms
9ms Script
application/javascript 35.158.38.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/userconnect?ssl=1&sid=0&cbfn=stroeerCoreConnect&ts=1648206348573&umd=false&gdpr=0&gdpr_version=2&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.38.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
content-length: 149
content-type: application/javascript

GET
H2 200 map Show response
ih.adscale.de/ Frame DA1A 3 KB
3 KB 15ms
15ms Document
text/html 35.158.38.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.38.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 1258a9a98c2fc1f2826009e36e34d124fb7de6ba0ed111a6dd18b63ed86b7920

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js.adscale.de/

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
content-type: text/html;charset=ISO-8859-1
content-length: 2604

GET
H2 200 match.js Show response
js.adscale.de/ Frame DA1A 4 KB
2 KB 8ms
7ms Script
application/javascript 2600:9000:2156:4a00:f:4f64:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/match.js
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:4a00:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 45767d3452a56be0180eed18ff44acd5e688dc5bbde2b77e1da29b326a180416

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: 7suhZDmLZJriYFrKmXlejNGqTwQlfpga
content-encoding: br
last-modified: Sun, 20 Mar 2022 04:47:12 GMT
server: AmazonS3
age: 1663
etag: W/"ff7cce9128150bd82f1a709c03692e3d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
cache-control: max-age=7200
date: Fri, 25 Mar 2022 10:38:06 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: LwKcoHS7og6GK1SdGKrbL_RcIHaMvJkgKWKBIAGLLRI8kBWdwqxt_Q==

GET
H3 200 gigaMangaHero.jpg
static1.anpoimages.com/wordpress/wp-content/uploads/2022/03/ 17 KB
17 KB 54ms
23ms Image
image/jpeg 2606:4700:10::ac43:25e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static1.anpoimages.com/wordpress/wp-content/uploads/2022/03/gigaMangaHero.jpg?q=50&fit=crop&w=330&h=170&dpr=1.5
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:25e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbeb1d64db3cc980880ae855ad4a760b2438cbe3a86e4d2cbca952f830039290

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
cf-cache-status: HIT
age: 835
cf-polished: degrade=85, origSize=17993, status=webp_bigger
content-disposition: inline; filename="gigaMangaHero.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17284
x-request-id: U-q4RVpzA4q3JAXotmz5V
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: f647e025aa93e0f7c97445e8b7edb57810af9ed3ba175c18c06a05653d38b726
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6f172c6f189d692d-FRA
expires: Sat, 25 Mar 2023 10:51:52 GMT

GET
H3 200 google-pixel-6-1.jpg
static1.anpoimages.com/wordpress/wp-content/uploads/2021/10/ 7 KB
8 KB 70ms
41ms Image
image/webp 2606:4700:10::ac43:25e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static1.anpoimages.com/wordpress/wp-content/uploads/2021/10/google-pixel-6-1.jpg?q=50&fit=crop&w=330&h=170&dpr=1.5
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:25e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce1272e8f8a6dedd828c7d3e181b904f34c9b5e19857da15bb940f530b262552

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
cf-cache-status: HIT
age: 3275
cf-polished: qual=85, origFmt=jpeg, origSize=9157
content-disposition: inline; filename="google-pixel-6-1.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7318
x-request-id: SgyqnVDobuopqtGswoi3k
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: c540aa01da056527e80972bf58438d0d68d993452d468901f5ee0d766a1a6fb9
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6f172c6f1898692d-FRA
expires: Sat, 25 Mar 2023 10:11:13 GMT

GET
H3 200 Z-Fold3-17-scaled.jpg
static1.anpoimages.com/wordpress/wp-content/uploads/2021/08/28/ 10 KB
11 KB 71ms
41ms Image
image/webp 2606:4700:10::ac43:25e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static1.anpoimages.com/wordpress/wp-content/uploads/2021/08/28/Z-Fold3-17-scaled.jpg?q=50&fit=crop&w=330&h=170&dpr=1.5
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:25e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f85c9f0360084c02d80f74d6c2518ce37718ef1e710454c188c914e3c8f2fd2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
cf-cache-status: HIT
age: 83478
cf-polished: qual=85, origFmt=jpeg, origSize=11662
content-disposition: inline; filename="Z-Fold3-17-scaled.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10660
x-request-id: C-wjdSkMOMJUKxlXYqaId
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: fc6f9148ea23f157c092247afca31dd480ad5dd1682d55ac3a192fc171f59fa8
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6f172c6f189a692d-FRA
expires: Fri, 24 Mar 2023 11:54:30 GMT

GET
H3 200 Image27.png
static1.anpoimages.com/wordpress/wp-content/uploads/2022/02/ 38 KB
39 KB 72ms
42ms Image
image/webp 2606:4700:10::ac43:25e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static1.anpoimages.com/wordpress/wp-content/uploads/2022/02/Image27.png?q=50&fit=crop&w=330&h=170&dpr=1.5
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:25e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1684ef66993af30736bdcb5660eb34dc0df40c153901f9ac3afbef20409ffbd5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
cf-cache-status: HIT
age: 44099
cf-polished: origFmt=png, origSize=60845
content-disposition: inline; filename="Image27.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 39274
x-request-id: WDCqDeMVyg00ccpgX6yu7
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 20923739b4c2397dcf7622ecd76a6c620f58f4f22b1836d700045f0b50727887
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6f172c6f189c692d-FRA
expires: Fri, 24 Mar 2023 22:50:49 GMT

GET
H2

200

img
ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/ Frame DA1A
Redirect Chain

https://bbnaut.ibillboard.com/match/AdScale?partneruid=ed145791656c466480bf956f0b6f4a89&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e4c59f84f6c%2F1648206348596%2F0%2Fimg%3Ftpid%...
https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?tpid=101&tpuid=BBID-01-03229203486842761-16559352

49 B
468 B

10ms
10ms

Image
image/gif

35.158.38.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?tpid=101&tpuid=BBID-01-03229203486842761-16559352
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 35.158.38.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Fri, 25 Mar 2022 11:05:48 GMT
Server: nginx
Transfer-Encoding: chunked
p3p: CP="CUR ADM DEV OUR STP PRE DSP NOI COR NID"
Location: https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?tpid=101&tpuid=BBID-01-03229203486842761-16559352
Cache-Control: private, max-age=3600
Access-Control-Allow-Credentials: true
Connection: close

GET
H2 200 ConsentManager,Sticky2 Show response
scarfsmash.com/v2epvj1yj3nMPrad4nXEvSCWaLoIBJeHDYEmoYjAJEkvL3BiG7vET9-uJVRZcdNGFbElDIme65zptc_8bl_Ls/ 274 KB
80 KB 28ms
27ms Script
text/javascript 35.186.249.84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scarfsmash.com/v2epvj1yj3nMPrad4nXEvSCWaLoIBJeHDYEmoYjAJEkvL3BiG7vET9-uJVRZcdNGFbElDIme65zptc_8bl_Ls/ConsentManager,Sticky2

Requested by

Host: scarfsmash.com
URL: https://scarfsmash.com/v2yvlzsveWtgqGFXj2wU3ajphon_Qq9myt1bClE9dnFgPWVzuw4LojxURFEzFAfp8GOJdYROXlGZLTg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.249.84 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

84.249.186.35.bc.googleusercontent.com

Software

Resource Hash

b9f062b1f34ccf6866fac8097bd8c8acccad74d45c5898bef8075b637ce1e3a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Origin: https://www.androidpolice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "b43f261176d8b24c1e22a7ab9b2e777b43ef747898fddcb9d31e9156d2a9de23"
vary: Accept-Encoding, Origin
x-hostname: fen-hoothoot-europe-west1-c63t
content-type: text/javascript; charset=utf-8
access-control-allow-origin: https://www.androidpolice.com
cache-control: private, must-revalidate, max-age=21600
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
x-buildnumber: 499202503
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
date: Fri, 25 Mar 2022 11:05:48 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame DA1A
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=802339a21427267a05953540b...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=Yj2iC.VxlUXTKe3KIgTCKAAA%261106

49 B
559 B

23ms
22ms

Image
image/gif

35.158.38.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=Yj2iC.VxlUXTKe3KIgTCKAAA%261106
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 35.158.38.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Fri, 25 Mar 2022 11:05:48 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=Yj2iC.VxlUXTKe3KIgTCKAAA%261106
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 310
Expires: Fri, 25 Mar 2022 11:05:48 GMT

GET
H3 200 css2
fonts.googleapis.com/ 7 KB
653 B 97ms
49ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@300;600;700&display=swap

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

86620b292691b6d6621e00a6439123afe65ac8317a6c48ddcad68a1c85bbe606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Mar 2022 10:02:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 25 Mar 2022 11:05:48 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Mar 2022 11:05:48 GMT

GET
H2 200 MTUsMjA3MGNhNTc5NGIw
images.getadmiral.com/ 763 B
1 KB 83ms
38ms Image
image/png 2606:4700:3037::ac43:c1e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.getadmiral.com/MTUsMjA3MGNhNTc5NGIw

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:c1e6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2880fbb26ad5becd41ec25a5c37da351ac77225bbf30d5a9ab8accf5728591cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-buildnumber: 456232094
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 763
server: cloudflare
x-datacenter: gce-europe-west1
etag: "2c607cb7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mim0oV5IVWJE%2BtQwYCjqpiDarYxNjsXJuN2izDbGZyv8c6oZf7UtJdPpcf%2F%2FdwHY1v2E%2FAziREC3lmR%2FOk3HOy4Z8a3FABkJFEBlUvz28mS%2BS0FaElBMBCdoOo5dK1AEeWLmHauYGDoFDNfxQEI20OB67uw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: private, must-revalidate, max-age=300
x-hostname: felicia
cf-ray: 6f172c709b2e9b3a-FRA

GET
H2

200

img
ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/ Frame DA1A
Redirect Chain

https://track.adform.net/serving/cookie/match/?party=9&uid=e3d1ebcf072b2ce73d0f15b16f05f0f75e63f78098df8b3276192b86d7e78bdf&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e...
https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=e3d1ebcf072b2ce73d0f15b16f05f0f75e63f78098df8b3276192b86d7e78bdf&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e428...
https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?tpid=42&gdpr=0&tpuid=1486902432300379439

49 B
570 B

30ms
29ms

Image
image/gif

35.158.38.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?tpid=42&gdpr=0&tpuid=1486902432300379439
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 35.158.38.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
server: nginx
location: https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?tpid=42&gdpr=0&tpuid=1486902432300379439
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 204 getpixels Show response
pixels.ad.gt/api/v1/ 0
52 B 537ms
168ms Script
text/plain 52.37.124.246
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixels.ad.gt/api/v1/getpixels?tagger_id=a8e4261f1c76c51d8477c0cb2e4eae33&url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&code=%27none%27
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.37.124.246 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-37-124-246.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
server: nginx/1.20.0

GET
H3 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ 1 KB
763 B 38ms
37ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 10:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1585
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 25 Mar 2022 11:39:23 GMT

GET
H3 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 10:15:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3024
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1129
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 25 Mar 2022 11:15:24 GMT

GET
H3 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v8/ 37 KB
37 KB 102ms
38ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v8/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;600;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.androidpolice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:02:08 GMT
x-content-type-options: nosniff
age: 147820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37716
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:42:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Mar 2023 18:02:08 GMT

GET
H2 200 halo_match
ids.ad.gt/api/v1/ 43 B
474 B 173ms
172ms Image
image/gif 44.240.184.96
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/halo_match?id=AU1D-0100-001648206348-NT3P99ZS-UKKD&halo_id=0201148cok07jv2yg08xizqr0bwpa1w0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj90fzd0bt1elzfjf1hl5r1i1kkc2jl
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.240.184.96 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-184-96.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:48 GMT
cache-control: public, max-age=43200
server: nginx/1.20.0
content-type: image/gif
expires: Fri, 25 Mar 2022 23:05:48 GMT

POST
H2 200 track Show response
a.ad.gt/api/v1/ 2 B
118 B 662ms
321ms XHR
text/html 54.71.105.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ad.gt/api/v1/track
Requested by: Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/269?au_id=AU1D-0100-001648206348-NT3P99ZS-UKKD
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.71.105.247 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-71-105-247.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: text/plain

Response headers

access-control-allow-origin: *
date: Fri, 25 Mar 2022 11:05:49 GMT
server: nginx/1.18.0
content-length: 2
content-type: text/html; charset=utf-8

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 8A0C 371 KB
124 KB 153ms
54ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30332D32355F31347D7B7331363734393939317D7B4335377D7B5359584174636D566E4C574A686247467559325666643364334C6D46755A484A76615752776232787059325575593239747D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313433337DFEFE&userIpAddr=2a03%3A1b20%3A6%3Af011%3A%3A9e&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F99.0.4844.51+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=40&c2pWaitTime=5&isSinglePageFloatSupport=0&csuuid=623da20b73650&debugInfo=16749991_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16749991&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a4dzjowrqnk&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.1049&geoLong=8.6295&vpTemplate=11433&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=ap-reg-balance_www.androidpolice.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c6f1b40f2404a91f75ebd595fe475c8ddcd174fa1ccd85a21bb17999feb6a1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126303
x-xss-protection: 0
expires: Fri, 25 Mar 2022 11:05:49 GMT

GET
H2 200 liveView.php
live.primis.tech/live/ 0
357 B 18ms
18ms Image
text/html 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTQ5JaNypaZypyRcoWU9MTY0ODIjNwM0NlZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA4NTAjJaN0YT0jJat9NwAjJax9MmM4JaZcZF9jYXNmRG9gYWyhPXq3ql5uozRlo2yxpG9fnWNyLzNioSZmqWJJZD1upC1lZWpgYzFfYW5wZV93q3phYW5xpz9cZHBioGywZS5wo20zZGVvqWqJozZipz1uqGyiow0znXNBpHA9MCZ1p2VlSXBBZGRlPTJuMDMyM0EkYwIjJTNBNvUmQWYjMTEyM0EyM0E5ZSZ1p2VlVUE9TW96nWkfYSUlRwUhMCUlMCUlOFqcozRiq3MyMwBOVCUlMDEjLwAyM0IyMwBXnW42NCUmQvUlMHt2NCUlOSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjJTI4S0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28yMwxyMwBDnHJioWUyMxY5OS4jLwQ4NDQhNTEyMwBTYWZupzxyMxY1MmphMmYzY3N1qWyxPTYlM2RuMwBvNmM2NTAzqxygpE9jpG9lqHVhnXR5TXVfqGyjoGyypw01JzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTAzY2NjYT0jJzNwpGFDo25mZW50PSZwYaVmqGVlPTE2NDtlMDYmNDt5MDtzqWyxPVNyn2yhZG9TUGkurWVlNwImZGElMGI4M2FwNlZjqWJVpzj9nHR0pHMyM0EyMxYyMxZ3q3phYW5xpz9cZHBioGywZS5wo20yMxZho3J0nC1eo3JyYW4gnGFwn2Vlpl1znW50ZWNbLW1yZGyuLWNbpz9gZS16ZXJiLWRurSUlRvUmRaV0oV9mo3VlY2UyM0RxoHZlLzy0JTI2qXRgX21yZGy1oSUmRHR3nXR0ZXIzZzkiYXRTqGF0qXM9ZzFfp2UzZWyxp3A9pHJyYzyx
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=UTF-8
x-amz-cf-id: ngMAUEwbGT2dbeavfOjhZJqZ0RFe3TNFKYDuqCiQ8U6dFQD_AXdKJQ==

POST
H2 200 v2tynL4SJ9egUqPqvT5OGzbBghE-SIsACCLzzE2q_f5YwAoDttByCrtbWaJiZ-kkBGdCX5YVPHxv-qqIp4aYrJg Show response
scarfsmash.com/ 254 B
292 B 49ms
48ms Fetch
application/json 35.186.249.84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scarfsmash.com/v2tynL4SJ9egUqPqvT5OGzbBghE-SIsACCLzzE2q_f5YwAoDttByCrtbWaJiZ-kkBGdCX5YVPHxv-qqIp4aYrJg

Requested by

Host: scarfsmash.com
URL: https://scarfsmash.com/v2yvlzsveWtgqGFXj2wU3ajphon_Qq9myt1bClE9dnFgPWVzuw4LojxURFEzFAfp8GOJdYROXlGZLTg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.249.84 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

84.249.186.35.bc.googleusercontent.com

Software

Resource Hash

ce5ddf07effd6f79fae67771bfd457e9b7623ac636042acda1dbd133dcbec2be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
access-control-allow-methods: POST, OPTIONS
x-datacenter: gce-europe-west1
date: Fri, 25 Mar 2022 11:05:48 GMT
vary: Accept-Encoding, Origin
x-hostname: fen-hoothoot-europe-west1-c63t
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-buildnumber: 499202503
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 254
expires: Fri, 25 Mar 2022 11:05:47 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame DA1A
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&u...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=a3153246-e51f-401b-9a1d-ee64515f0cfe&gdpr=0

49 B
591 B

22ms
21ms

Image
image/gif

35.158.38.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=a3153246-e51f-401b-9a1d-ee64515f0cfe&gdpr=0
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 35.158.38.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:48 GMT
server: Kestrel
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=a3153246-e51f-401b-9a1d-ee64515f0cfe&gdpr=0
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2153735
content-length: 0
expires: Fri, 25 Mar 2022 00:00:00 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame DA1A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=07d06fb4e084104e771d7b89...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=0e9d623d-a20c-4500-9ee3-d6be47caf7b0&gdpr=0&gdpr_consent=

49 B
612 B

19ms
19ms

Image
image/gif

35.158.38.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=0e9d623d-a20c-4500-9ee3-d6be47caf7b0&gdpr=0&gdpr_consent=
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 35.158.38.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Fri, 25 Mar 2022 11:05:49 GMT
Server: MT3 4281 354de82 master zrh-pixel-x14 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=0e9d623d-a20c-4500-9ee3-d6be47caf7b0&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 25 Mar 2022 11:05:48 GMT

GET
H2

200

img
ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/ Frame DA1A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=c27c74280c632398fc72236ff2a22a2139a67b53db4c891eab0f8f208e280477&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c...
https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?uid=c27c74280c632398fc72236ff2a22a2139a67b53db4c891eab0f8f208e280477&tpid=38&gdpr=0&tpuid=CAESELcxRm4g-NOeXzagqbV19hg...

49 B
630 B

24ms
24ms

Image
image/gif

35.158.38.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?uid=c27c74280c632398fc72236ff2a22a2139a67b53db4c891eab0f8f208e280477&tpid=38&gdpr=0&tpuid=CAESELcxRm4g-NOeXzagqbV19hg&google_cver=1
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 35.158.38.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:49 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?uid=c27c74280c632398fc72236ff2a22a2139a67b53db4c891eab0f8f208e280477&tpid=38&gdpr=0&tpuid=CAESELcxRm4g-NOeXzagqbV19hg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 424
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

img
ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/ Frame DA1A
Redirect Chain

https://adscale-emea.adnxs.com/getuid?https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e4283910e4c59f84f6c%2F1648206348596%2F0%2Fimg%3Ftpid%3D75%26tpuid%3D%24UID&gdpr=0
https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?tpid=75&tpuid=4885653837632420553&gdpr=0

49 B
640 B

11ms
11ms

Image
image/gif

35.158.38.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?tpid=75&tpuid=4885653837632420553&gdpr=0
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 35.158.38.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Fri, 25 Mar 2022 11:05:49 GMT
X-Proxy-Origin: 185.213.155.169; 185.213.155.169; 864.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: a218829d-fab9-4c00-8398-adb954df3d8f
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/img?tpid=75&tpuid=4885653837632420553&gdpr=0
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 bridge3.507.1_en.html Show response
imasdk.googleapis.com/js/core/ Frame 9159 591 KB
192 KB 87ms
39ms Document
text/html 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.507.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b41f242bfa858ddc54ea754401991d33df52036db137b06f96aea0dc687bb3fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 196684
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Mar 2022 20:53:44 GMT
expires: Thu, 23 Mar 2023 20:53:44 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 23 Mar 2022 20:48:25 GMT
content-type: text/html
age: 137525
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 8A0C 44 KB
17 KB 153ms
51ms Script
text/javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 25 Mar 2022 11:05:49 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8BB8 37 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 10:40:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1537
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 25 Mar 2022 11:40:12 GMT

GET
H2

200

js Show response
ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/ Frame DA1A
Redirect Chain

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=fdb9d124a8edefce375c5d6faef0ae26ef1873f2330264c7777faa36b9096f10&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e...
https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=fdb9d124a8edefce375c5d6faef0ae26ef1873f2330264c7777faa36b9096f10&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Ff0c7977d83734e...
https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/js?tpid=48&tpuid=6c7bd934194abad9157f205a93d9331e

44 B
585 B

13ms
13ms

Script
text/javascript

35.158.38.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/js?tpid=48&tpuid=6c7bd934194abad9157f205a93d9331e
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 35.158.38.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: ca9c022c42f14c29bfeb8523a4941443591ca66b04f6b0b49942847c0c734738

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
p3p: CP=NOI PSA OUR
content-length: 44
content-type: text/javascript

Redirect headers

Date: Fri, 25 Mar 2022 11:05:49 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://ih.adscale.de/sium/f0c7977d83734e4283910e4c59f84f6c/1648206348596/0/js?tpid=48&tpuid=6c7bd934194abad9157f205a93d9331e
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 147

POST
H2 204 collect Show response
i.clarity.ms/ 0
74 B 290ms
290ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.33/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://www.androidpolice.com
date: Fri, 25 Mar 2022 11:05:49 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

POST
H2 200 sium
ih.adscale.de/ Frame DA1A 0
0 14ms
14ms Fetch
application/json 35.158.38.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/match.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.38.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-38-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://ih.adscale.de
date: Fri, 25 Mar 2022 11:05:49 GMT
access-control-allow-credentials: true
access-control-allow-headers: x-openrtb-version
content-length: 0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json

GET
H2 200 pixel.png Show response
www.androidpolice.com/ 103 B
441 B 100ms
100ms XHR
image/png 44.196.161.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.androidpolice.com/pixel.png?params=---{%22group%22:%22browseclip_imp%22,%22device%22:%22desktop%22,%22ids%22:[{%22id%22:%221002957%22,%22position%22:%22sidebar-pinned-listing-page-article-1%22},{%22id%22:%221002954%22,%22position%22:%22sidebar-pinned-listing-page-article-2%22},{%22id%22:%221002931%22,%22position%22:%22sidebar-pinned-listing-page-article-3%22},{%22id%22:%221002959%22,%22position%22:%22sidebar-pinned-listing-page-article-4%22},{%22id%22:%221002944%22,%22position%22:%22sidebar-pinned-listing-page-article-5%22},{%22id%22:%221002949%22,%22position%22:%22sidebar-pinned-listing-page-article-6+%22},{%22id%22:%221001700%22,%22position%22:%22sidebar-pinned-listing-page-article-6+%22},{%22id%22:%221002248%22,%22position%22:%22sidebar-pinned-listing-page-article-6+%22},{%22id%22:%221001940%22,%22position%22:%22sidebar-pinned-listing-page-article-6+%22},{%22id%22:%221002848%22,%22position%22:%22sidebar-pinned-listing-page-article-6+%22},{%22id%22:%221002844%22,%22position%22:%22sidebar-pinned-listing-page-article-6+%22},{%22id%22:%221002781%22,%22position%22:%22sidebar-pinned-listing-page-article-6+%22},{%22id%22:%221002364%22,%22position%22:%22sentinel-article-sidebarSticky-1%22},{%22id%22:%221002940%22,%22position%22:%22sentinel-article-sidebarSticky-2%22},{%22id%22:%221001772%22,%22position%22:%22sentinel-article-sidebarSticky-3%22},{%22id%22:%221002946%22,%22position%22:%22sentinel-article-relatedContent-1%22},{%22id%22:%221002896%22,%22position%22:%22sentinel-article-relatedContent-2%22},{%22id%22:%221002530%22,%22position%22:%22sentinel-article-relatedContent-3%22},{%22id%22:%221001453%22,%22position%22:%22sentinel-article-relatedContent-4%22},{%22id%22:%221001547%22,%22position%22:%22sentinel-article-relatedContent-5%22},{%22id%22:%221002841%22,%22position%22:%22sentinel-article-relatedContent-6+%22},{%22id%22:%221002955%22,%22position%22:%22sentinel-article-relatedContent-6+%22},{%22id%22:%221002344%22,%22position%22:%22sentinel-article-relatedContent-6+%22},{%22id%22:%221002849%22,%22position%22:%22sentinel-article-relatedContent-6+%22},{%22id%22:%221002212%22,%22position%22:%22sentinel-article-nextArticle%22}],%22eventType%22:%22impression%22}---&rdm=0.3370675329895667

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/public/build/valnet-footer.873d1235.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.161.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-161-176.compute-1.amazonaws.com

Software

nginx /

Resource Hash

d4ed5bd20c3036042165e91001bd91497551164b0e34c76cb8a6eb15c33f3c15

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Oct 2019 21:53:00 GMT
server: nginx
etag: "5db21d3c-67"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-length: 103
x-content-type-options: nosniff

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=C62F392DFAF340B5B238F84DC59BD98C&RedC=c.clarity.ms&MXFR=00CB95F7C5D46B911D4C8485C1D465B4
https://c.clarity.ms/c.gif?CtsSyncId=C62F392DFAF340B5B238F84DC59BD98C&MUID=153D2B6A0AFC6DD4289C3A180B976C28

42 B
369 B

26ms
26ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=C62F392DFAF340B5B238F84DC59BD98C&MUID=153D2B6A0AFC6DD4289C3A180B976C28
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:49 GMT
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "8120eaf0ff3ad81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D924083C831141339007B1E365083B50 Ref B: FRAEDGE1518 Ref C: 2022-03-25T11:05:49Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=C62F392DFAF340B5B238F84DC59BD98C&MUID=153D2B6A0AFC6DD4289C3A180B976C28
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

POST
H2 200 visit Show response
app.convertkit.com/forms/1275831/ 7 B
630 B 162ms
161ms Fetch
application/json 2606:4700::6812:ba39
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.convertkit.com/forms/1275831/visit

Requested by

Host: f.convertkit.com
URL: https://f.convertkit.com/ckjs/ck.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:ba39 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 3e34146c-ea83-499d-bf4a-9382ca4dc4d9
x-runtime: 0.010301
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: ALLOWALL
etag: W/"aee408847d35e44e99430f0979c3357b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 7200
access-control-allow-methods: POST
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-download-options: noopen
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
cf-ray: 6f172c765aac8fca-FRA

OPTIONS
H2 200 visit
app.convertkit.com/forms/1275831/ Frame 0
0 244ms
188ms Preflight 2606:4700::6812:ba39
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.convertkit.com/forms/1275831/visit
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ba39 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.androidpolice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
cf-ray: 6f172c7529588fca-FRA
access-control-allow-origin: *
cf-cache-status: DYNAMIC
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-expose-headers
access-control-max-age: 7200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare

GET
H3 200 chrome-security-hero_H3FrCyRAK3Fs.png
static1.anpoimages.com/wordpress/wp-content/uploads/2021/07/14/ 7 KB
7 KB 25ms
25ms Image
image/webp 2606:4700:10::ac43:25e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static1.anpoimages.com/wordpress/wp-content/uploads/2021/07/14/chrome-security-hero_H3FrCyRAK3Fs.png?q=50&fit=crop&w=330&h=170&dpr=1.5
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:25e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d10393c6d6a3dcb1888cd32416ed83e40eb1ed6bbd9a28e0c5b5c84d151885e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
cf-cache-status: HIT
age: 42382
cf-polished: origFmt=png, origSize=11241
content-disposition: inline; filename="chrome-security-hero_H3FrCyRAK3Fs.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7132
x-request-id: 6xaLw0f6C4rFLU3IGUanF
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 246bf5b00c7469f81a1aa1fcff07245601feb184df61f7ecf68a6da188538d34
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6f172c74e945692d-FRA
expires: Fri, 24 Mar 2023 23:19:27 GMT

GET
H3 200 generic-security-image-pixabay.jpeg
static1.anpoimages.com/wordpress/wp-content/uploads/2022/03/ 18 KB
18 KB 24ms
23ms Image
image/jpeg 2606:4700:10::ac43:25e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static1.anpoimages.com/wordpress/wp-content/uploads/2022/03/generic-security-image-pixabay.jpeg?q=50&fit=crop&w=330&h=170&dpr=1.5
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:25e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: baf48070c2cc2fb9768e719d24b9b8c7e99f3459787f009b40d49bc1f03281ac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
cf-cache-status: HIT
age: 394049
cf-polished: degrade=85, origSize=19881, status=webp_bigger
content-disposition: inline; filename="generic-security-image-pixabay.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18422
x-request-id: tZPB14nXvPN2kUlBCGgdO
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: dd1909d263787e2e72e068c9829230f396369a2e57c1569536091f68c16d50b1
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6f172c74e949692d-FRA
expires: Mon, 20 Mar 2023 21:38:20 GMT

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame 9159 136 B
125 B 100ms
53ms XHR
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?iu=%2F21734706084%2C39363775%2Fvalnetinc&description_url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&env=vp&correlator=729172891488717&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1%7C213x120&unviewed_position_start=1&cust_params=prmsig%3Dryetde&sdkv=h.3.507.1&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&gdpr=1&gdpr_consent=tcunavailable&sdki=44d&adk=3624223770&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.507.1&sid=09B90E68-48E5-47E9-B95A-D0B15079C72F&nel=0&eid=44730896&url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&dlt=1648206347452&idt=2030&dt=1648206349754&scor=1479729347970507&ged=ve4_td3_tt1_pd3_la3000_er1039.-2645.1192.-2345_vi0.0.1200.1600_vp0_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.507.1_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

106b39f48e91ecd4e58145357095e1014ceba98a7b71c81e2a9388a36be77732

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-creative-id: -2
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 chunklist_480.m3u8 Show response
video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/ 3 KB
3 KB 41ms
20ms XHR
application/vnd.apple.mpegurl 63.250.60.64
CLOUDWEBMANAGE-IL-FR

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/chunklist_480.m3u8
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 63.250.60.64 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software: Tengine /
Resource Hash: 6d4cb252ade03cb7b1c2e99317eba4e0ed4c74db943c5b937127cca6251dcaec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
via: 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-length: 2819
last-modified: Mon, 06 Sep 2021 08:19:33 GMT
server: Tengine
etag: "8a4ba7f0078b494628f187d2277003b0"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
cache-control: max-age=1209600
x-proxy-cache: HIT
accept-ranges: bytes
x-amz-cf-id: 4rBFh2EgmoHBwqG4YfhvyEb1zRDSwkzU-4pxePh0qu-s7qpoP8JjzQ==
expires: Fri, 08 Apr 2022 11:05:49 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 55ms
16ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.androidpolice.com%2F&domain=www.androidpolice.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.androidpolice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://www.androidpolice.com
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1412
date: Fri, 25 Mar 2022 11:05:49 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame 8A0C
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.androidpolice.com%2F&domain=www.androidpolice.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=Skk6y3w5V1MzOXZhUDFVMGpBeGMzaUFDVFhvYmpUNWlKRm10MjcyK3UzQ2tlV3k4SnNjVVk3RTA1WjI1cXZqblNZVnNPcGgvSWRxb0kxdkZrWER2Sk9XQWpEYlNZNEZyY0thZXFSVE9PZmY2eWY5eFpaWkhITkFFTXByK2...

441 B
686 B

55ms
19ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=Skk6y3w5V1MzOXZhUDFVMGpBeGMzaUFDVFhvYmpUNWlKRm10MjcyK3UzQ2tlV3k4SnNjVVk3RTA1WjI1cXZqblNZVnNPcGgvSWRxb0kxdkZrWER2Sk9XQWpEYlNZNEZyY0thZXFSVE9PZmY2eWY5eFpaWkhITkFFTXByK2ZIRzhqWmZxYjR2UUEwR3dudmJtcmFrdnNKKzdndDZkRzdnU1R5bjN6UjlVVFd1V2hIV2tKcnVUOWV2ZjZSREhDVnpsYWE5MEhBY2NKZnpFeTNnRTFZNnNMdVYwRWhFak9CWDVzd21kZ3dhY3VUMXgxQVpiNXg2M2Q2cEtLdFpBV3d3RnBNSlJsWVdVRXNyTDFnbmN3Y2h5bTZORU03dGxCY1JYMVpyYkdDeE0rRXM5bTdCST18&cppv=2

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

062b6068dcaef2c948527fd0b4caa276942fcd3e67956de131cd99dc4c464b0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3896
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:49 GMT
location: https://mug.criteo.com/sid?cpp=Skk6y3w5V1MzOXZhUDFVMGpBeGMzaUFDVFhvYmpUNWlKRm10MjcyK3UzQ2tlV3k4SnNjVVk3RTA1WjI1cXZqblNZVnNPcGgvSWRxb0kxdkZrWER2Sk9XQWpEYlNZNEZyY0thZXFSVE9PZmY2eWY5eFpaWkhITkFFTXByK2ZIRzhqWmZxYjR2UUEwR3dudmJtcmFrdnNKKzdndDZkRzdnU1R5bjN6UjlVVFd1V2hIV2tKcnVUOWV2ZjZSREhDVnpsYWE5MEhBY2NKZnpFeTNnRTFZNnNMdVYwRWhFak9CWDVzd21kZ3dhY3VUMXgxQVpiNXg2M2Q2cEtLdFpBV3d3RnBNSlJsWVdVRXNyTDFnbmN3Y2h5bTZORU03dGxCY1JYMVpyYkdDeE0rRXM5bTdCST18&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1870
content-length: 567
expires: 0

POST
H/1.1 200 212.json Show response
id5-sync.com/g/v2/ Frame 8A0C 213 B
539 B 40ms
9ms XHR
application/json 54.36.109.156
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/212.json

Requested by

Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.156 , France, ASN16276 (OVH, FR),

Reverse DNS

p07.id5-sync.com

Software

Resource Hash

10fe012bf1ac1c1c9c86ff578701029d1585f0c2d08327542dd00fe93bbf0c6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.androidpolice.com
Date: Fri, 25 Mar 2022 11:05:49 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 200 id Show response
id.crwdcntrl.net/ Frame 8A0C 63 B
342 B 119ms
52ms XHR
application/json 18.203.96.202
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.203.96.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-96-202.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 666ab8460522792eeb26bb32a57178716c799c5abf1b70981a742327e037d023

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:50 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache
x-server: 10.45.30.217
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 63
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame 8A0C 108 B
654 B 33ms
33ms XHR
application/json 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=j6w8ta9&fmt=json
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 6a2578483aa2f047767a9cdc25128bcd6f4fbad0832fd8d59c0e8f6be648c89e

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.androidpolice.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 108
expires: Sun, 24 Apr 2022 11:05:49 GMT

GET
H2 200 w_480_00000.ts Show response
video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/ 320 KB
320 KB 134ms
134ms XHR
video/mp2t 63.250.60.64
CLOUDWEBMANAGE-IL-FR

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/w_480_00000.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 63.250.60.64 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software: Tengine /
Resource Hash: 4b3c99edd2f296f5eb89ead2bde4f268390bafb61109d86cb49a70b517c0f006

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-length: 327308
last-modified: Mon, 06 Sep 2021 08:19:34 GMT
server: Tengine
etag: "1aeadb8332ec1abda14b8f55e1978e28"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=1209600
x-proxy-cache: HIT
accept-ranges: bytes
x-amz-cf-id: AK5EOe855uZhloJuGbDdtoTzkr09Lz9bPr-dapj2to5xSTvqo58hOA==
expires: Fri, 08 Apr 2022 11:05:49 GMT

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 489D 1 KB
1 KB 10ms
10ms Document
text/html 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=true&
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: 1df2479c6e9e118e3197cb936671bf3cea8f48f9f6d6c6722251db4f766b8c21

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Response headers

date: Fri, 25 Mar 2022 11:05:49 GMT
content-type: text/html; charset=utf-8
content-length: 462
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 5647 15 KB
6 KB 7ms
7ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=23254
expires: Fri, 25 Mar 2022 17:33:23 GMT
date: Fri, 25 Mar 2022 11:05:49 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 40C1 3 KB
2 KB 35ms
9ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Response headers

Server: Apache
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1388
Date: Fri, 25 Mar 2022 11:05:49 GMT
Connection: keep-alive

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 69A7 281 B
554 B 38ms
12ms Document
text/html 104.117.200.100
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.117.200.100 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-117-200-100.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 25 Mar 2022 11:05:49 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

204

sync
ups.analytics.yahoo.com/ups/57304/ Frame 8A0C
Redirect Chain

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true
https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP8792d1e2-ac2b-11ec-b3d3-0607d0a61880
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP8792d1e2-ac2b-11ec-b3d3-0607d0a61880&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVA4NzkyZDFlMi1hYzJiLTExZWMtYjNkMy0wNjA3ZDBhNjE4ODA%3D
https://pixel.advertising.com/ups/57304/sync?uid=CAESEFYjFJbHaEo7TFYIF_ZFRC4&google_cver=1
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEFYjFJbHaEo7TFYIF_ZFRC4&google_cver=1&apid=UP8792d1e2-ac2b-11ec-b3d3-0607d0a61880

0
268 B

12ms
12ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEFYjFJbHaEo7TFYIF_ZFRC4&google_cver=1&apid=UP8792d1e2-ac2b-11ec-b3d3-0607d0a61880

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:50 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEFYjFJbHaEo7TFYIF_ZFRC4&google_cver=1&apid=UP8792d1e2-ac2b-11ec-b3d3-0607d0a61880
date: Fri, 25 Mar 2022 11:05:50 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

sync
pixel.advertising.com/ups/55986/ Frame 8A0C
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=1&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=1&gdpr_consent=&_...
https://pixel.advertising.com/ups/55986/sync?uid=Yj2iDgAPxgzBVQBH&_origin=0&gdpr=1&gdpr_consent=&_test=Yj2iDgAPxgzBVQBH

0
124 B

9ms
9ms

Image
text/plain

18.194.227.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55986/sync?uid=Yj2iDgAPxgzBVQBH&_origin=0&gdpr=1&gdpr_consent=&_test=Yj2iDgAPxgzBVQBH

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Server

18.194.227.226 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-227-226.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:50 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:50 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1648206350.060166,VS0,VE0
x-served-by: cache-hhn4020-HHN
x-cache: HIT
location: https://pixel.advertising.com/ups/55986/sync?uid=Yj2iDgAPxgzBVQBH&_origin=0&gdpr=1&gdpr_consent=&_test=Yj2iDgAPxgzBVQBH
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55953/ Frame 8A0C
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
https://ups.analytics.yahoo.com/ups/55953/sync?uid=6f5129ea-faa8-4768-98a6-2361d7343c5e&_origin=1&gdpr=1&gdpr_consent=

0
124 B

58ms
11ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55953/sync?uid=6f5129ea-faa8-4768-98a6-2361d7343c5e&_origin=1&gdpr=1&gdpr_consent=

Requested by

Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter

Protocol

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:50 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:49 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ups.analytics.yahoo.com/ups/55953/sync?uid=6f5129ea-faa8-4768-98a6-2361d7343c5e&_origin=1&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 267

GET
H/1.1

200
OK

bridge
cm.adgrx.com/ Frame 8A0C
Redirect Chain

https://ads.stickyadstv.com/auto-user-sync?gdpr=1&gdpr_consent=
https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=4aceae495417e8b0f897befab63f8aac&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7b...
https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=l04a5_7078992370309595163
https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=
https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=6f5129ea-faa8-4768-98a6-2361d7343c5e
https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm=&google_sc&google_hm=NGFjZWFlNDk1NDE3ZThiMGY4OTdiZWZhYjYzZjhhYWM=&gdpr=0&gdpr_consent=
https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEPKjesFoxwN-2YBPiUlGtOM&google_cver=1&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=&_bee_ppp=1
https://ads.stickyadstv.com/user-registering?dataProviderId=817&userId=AACnj07Ee0QAADLZbasMpw&gdpr=0
https://pr-bh.ybp.yahoo.com/sync/stickyads/4aceae495417e8b0f897befab63f8aac?gdpr=0&gdpr_consent=&gdpr=0
https://ads.stickyadstv.com/user-registering?dataProviderId=199&userId=y-iU7aBd1E2oO_OsYU.H9xQOuOdo1YQcrq1KrIRoZb~A
https://pm.w55c.net/ping_match.gif?st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_
https://ads.stickyadstv.com/user-registering?dataProviderId=593&userId=eiAlcEbp1NxHLo5
https://cm.adgrx.com/bridge?AG_PID=freewheel&AG_SETCOOKIE

43 B
408 B

192ms
25ms

Image
image/gif

173.231.180.197
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adgrx.com/bridge?AG_PID=freewheel&AG_SETCOOKIE
Requested by: Host: www.androidpolice.com
URL: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Protocol: HTTP/1.1
Server: 173.231.180.197 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS: ams-delivery-4.sys.adgear.com
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Mar 2022 11:05:50 GMT
server: Cowboy
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
X-RealServer-NX: ams-delivery-1
Content-Length: 43
Expires: Thu, 23 Sep 2004 17:42:04 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 25 Mar 2022 11:05:50 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://cm.adgrx.com/bridge?AG_PID=freewheel&AG_SETCOOKIE
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1648206350532055-603
Expires: Fri, 25 Mar 2022 11:05:50 GMT

GET
BLOB 200
OK 8b125c82-2c52-4076-a7b7-509c83e27fbc
https://www.androidpolice.com/ 67 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.androidpolice.com/8b125c82-2c52-4076-a7b7-509c83e27fbc
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3e57eb372e8b405c816875571e184854b2846261c7477c6c9bdb7782faa1a30

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Length: 68465
Content-Type: text/javascript

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 489D 70 B
264 B 33ms
33ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=true&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:49 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 489D
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs=
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjg2ODAyMTI0OTgwMzIyMTI4NjM4OQ%3D%3D

170 B
188 B

54ms
54ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjg2ODAyMTI0OTgwMzIyMTI4NjM4OQ%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=true&

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjg2ODAyMTI0OTgwMzIyMTI4NjM4OQ%3D%3D
date: Fri, 25 Mar 2022 11:05:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 489D 170 B
188 B 56ms
54ms Image
image/png 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=true&

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 489D
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjg2ODAyMTI0OTgwMzIyMTI4NjM4OQ%3D%3D

170 B
188 B

50ms
49ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjg2ODAyMTI0OTgwMzIyMTI4NjM4OQ%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=true&

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjg2ODAyMTI0OTgwMzIyMTI4NjM4OQ%3D%3D
date: Fri, 25 Mar 2022 11:05:49 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame 489D 0
706 B 190ms
155ms Image
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=2868021249803221286389&dbredirect=true&gdpr=1&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=true&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:50 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: C9B77343A37E46788EA73C0D3B7FA252 Ref B: FRAEDGE1216 Ref C: 2022-03-25T11:05:49Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXbCPIC/SN5GGBEEialNw==

GET
H2

200

xuid
eb2.3lift.com/ Frame 489D
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/2868021249803221286389?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-GqJ7BLNE2oT_KNj7Tr12VUbkg5asumha2sKbzl.p7Q--~A&dongle=0883

37 B
354 B

11ms
10ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-GqJ7BLNE2oT_KNj7Tr12VUbkg5asumha2sKbzl.p7Q--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=true&
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:50 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Fri, 25 Mar 2022 11:05:50 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-GqJ7BLNE2oT_KNj7Tr12VUbkg5asumha2sKbzl.p7Q--~A&dongle=0883
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 489D 43 B
235 B 110ms
108ms Image
image/gif 35.211.178.172
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=triplelift&user_id=2868021249803221286389&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=true&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.211.178.172 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 172.178.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Mar 2022 11:05:50 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 c.gif
c.bing.com/ Frame 489D 42 B
338 B 34ms
32ms Image
image/gif 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?xid=2868021249803221286389&Red3=TLMS_pd
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=true&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:49 GMT
etag: "8120eaf0ff3ad81:0"
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4B8C4284084E4C59B1530AE39F5F3096 Ref B: FRAEDGE1518 Ref C: 2022-03-25T11:05:49Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/ Frame 489D
Redirect Chain

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2868021249803221286389
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2868021249803221286389&dcc=t

0
0

100ms
100ms

Image
text/html

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2868021249803221286389&dcc=t
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=true&
Protocol: HTTP/1.1
Server: 209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Fri, 25 Mar 2022 11:05:50 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: XYVXBADHNS7DAVHSJ85T
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2868021249803221286389&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame 489D
Redirect Chain

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

37 B
139 B

9ms
9ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=true&
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:50 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

Location: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma: no-cache
Date: Fri, 25 Mar 2022 11:05:50 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 95
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 69A7 32 KB
10 KB 9ms
8ms Script
text/html 104.117.200.100
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.117.200.100 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-117-200-100.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: dc5aa82a0df8ce72e94559df6ba217e6a7459c612070a20992f9cb5013bb9308

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Mar 2022 11:05:49 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=25610
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9540
Expires: Fri, 25 Mar 2022 18:12:39 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 69A7 284 B
536 B 14ms
13ms Image
image/jpg 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?gdpr=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/jpg

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 62ms
18ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1172
date: Fri, 25 Mar 2022 11:05:49 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 liveView.php
live.primis.tech/live/ 0
356 B 23ms
19ms Image
text/html 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTM2JaNypaZypyRcoWU9MTY0ODIjNwM0NlZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA4NTAjJaN0YT0jJat9NwAjJax9MmM4JaZcZF9jYXNmRG9gYWyhPXq3ql5uozRlo2yxpG9fnWNyLzNioSZmqWJJZD1upC1lZWpgYzFfYW5wZV93q3phYW5xpz9cZHBioGywZS5wo20zZGVvqWqJozZipz1uqGyiow0znXNBpHA9MCZ1p2VlSXBBZGRlPTJuMDMyM0EkYwIjJTNBNvUmQWYjMTEyM0EyM0E5ZSZ1p2VlVUE9TW96nWkfYSUlRwUhMCUlMCUlOFqcozRiq3MyMwBOVCUlMDEjLwAyM0IyMwBXnW42NCUmQvUlMHt2NCUlOSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjJTI4S0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28yMwxyMwBDnHJioWUyMxY5OS4jLwQ4NDQhNTEyMwBTYWZupzxyMxY1MmphMmYzY3N1qWyxPTYlM2RuMwBvNmM2NTAzY29hqGVhqEZcoGVJZD0jJz1yZGyuUGkurUkcp3RJZD0jJz1yZGyuTGymqEyxPTAzZ2Rjpw0kJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MCZwY3BuPTAzY2NjYUNioaNyoaQ9JzNvqXN0ZXI9MTY0ODIjNwM1MDA5OCZ1nWQ9U2VenW5xo1NQoGF5ZXI2MwNxYTIjYwtmYWM3JaB1YyVloD1bqHRjplUmQSUlRvUlRaq3ql5uozRlo2yxpG9fnWNyLzNioSUlRz5ipaRbLWgipzVuov1bYWNeZXJmLWZcoaRyY2tgoWVxnWEgY2ulo21yLXcypz8gZGF5JTJGJTNGqXRgX3NiqXJwZSUmRGRfqaIhnXQyMwZ1qG1soWVxnXVgJTNEqHqcqHRypvZzoG9uqFN0YXR1pm1zYWkmZSZynWRmpD1jpzVvnWQ=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:49 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=UTF-8
x-amz-cf-id: ByyO4setGrTwtal5GmeXIf84lq7m90xrWb3vKzT6ZQvg21GE7PG9hw==

GET
H2 200 w_480_00001.ts Show response
video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/ 234 KB
235 KB 44ms
44ms XHR
video/mp2t 63.250.60.64
CLOUDWEBMANAGE-IL-FR

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/w_480_00001.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 63.250.60.64 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software: Tengine /
Resource Hash: 364f1fe1e13f212722786490c2f53c9fd8ac40fb69be8ae492ab22c6abd04e1a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:50 GMT
via: 1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-length: 239512
last-modified: Mon, 06 Sep 2021 08:19:34 GMT
server: Tengine
etag: "a8de1a79716483d130ecd1fb2bd2254b"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=1209600
x-proxy-cache: HIT
accept-ranges: bytes
x-amz-cf-id: _auufcdf4-aT6I-K07JNOw1B_oa8jeZWnVy9aYFEVInuUPQokcAksQ==
expires: Fri, 08 Apr 2022 11:05:50 GMT

GET
H2 200 w_480_00002.ts Show response
video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/ 269 KB
269 KB 28ms
28ms XHR
video/mp2t 63.250.60.64
CLOUDWEBMANAGE-IL-FR

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/w_480_00002.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 63.250.60.64 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software: Tengine /
Resource Hash: 11b067ee141811f95416601d0b217297870d65fbc619e782bb1512d094dd8174

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:50 GMT
via: 1.1 854e69d09dba9252a1cd2401bf2be25e.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-C1
content-length: 275232
last-modified: Mon, 06 Sep 2021 08:19:34 GMT
server: Tengine
etag: "d460578144d72256e62b78e1df5c75f6"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=1209600
x-proxy-cache: HIT
accept-ranges: bytes
x-amz-cf-id: ZoXoHyGgjUbPJ3mAFdf_TlKUhx2iOTCqKypmSMlKuUJxyEWJGCAPtA==
expires: Fri, 08 Apr 2022 11:05:50 GMT

GET
H2 200 w_480_00003.ts Show response
video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/ 283 KB
284 KB 67ms
66ms XHR
video/mp2t 63.250.60.64
CLOUDWEBMANAGE-IL-FR

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/w_480_00003.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 63.250.60.64 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software: Tengine /
Resource Hash: c687b416d79e0f94fa2d8336b573213ac64988ed6f73fd0a0e0a02f2faf4d6d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:50 GMT
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-length: 290084
last-modified: Mon, 06 Sep 2021 08:19:34 GMT
server: Tengine
etag: "8da5bae37452bfc392ba7297a4889fd5"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=1209600
x-proxy-cache: HIT
accept-ranges: bytes
x-amz-cf-id: vQznHQMJL1ibKBZgNBfV5RIaPmupDdXNqx6Cm0yOjvS-lWcJMWuTGA==
expires: Fri, 08 Apr 2022 11:05:50 GMT

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame 9159 136 B
125 B 55ms
54ms XHR
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?iu=%2F39363775%2FPrimis_InStream_Desktop&description_url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&env=vp&correlator=729172891488717&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1&unviewed_position_start=1&cust_params=prmsig%3Dcumbfo&sdkv=h.3.507.1&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&gdpr=1&gdpr_consent=tcunavailable&sdki=44d&adk=3624223770&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.507.1&sid=09B90E68-48E5-47E9-B95A-D0B15079C72F&nel=0&eid=44730896&url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&dlt=1648206347452&idt=2030&dt=1648206350378&scor=1479729347970507&ged=ve4_td3_tt1_pd3_la3000_er1039.-2645.1192.-2345_vi0.0.1200.1600_vp0_ts0_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.507.1_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

106b39f48e91ecd4e58145357095e1014ceba98a7b71c81e2a9388a36be77732

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-creative-id: -2
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 w_480_00004.ts Show response
video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/ 359 KB
360 KB 157ms
157ms XHR
video/mp2t 63.250.60.64
CLOUDWEBMANAGE-IL-FR

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/w_480_00004.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 63.250.60.64 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software: Tengine /
Resource Hash: fcd046a74c4fe3cfae415d96d0b9be6cbbce4ea15dcafa15a7527c20c606ff96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:50 GMT
via: 1.1 69154db4091f3dbde5ecf072840fdce0.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-C1
content-length: 368104
last-modified: Mon, 06 Sep 2021 08:19:34 GMT
server: Tengine
etag: "91de407a883f7f42365f86c830b13644"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=1209600
x-proxy-cache: HIT
accept-ranges: bytes
x-amz-cf-id: tCt9EbjpScg7pmnSiN53tswvTUXnEN_hThdogCPxKFVbuldMRRF66A==
expires: Fri, 08 Apr 2022 11:05:50 GMT

POST
H2 204 collect Show response
i.clarity.ms/ 0
48 B 97ms
96ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.33/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://www.androidpolice.com
date: Fri, 25 Mar 2022 11:05:50 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 w_480_00005.ts Show response
video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/ 300 KB
301 KB 166ms
165ms XHR
video/mp2t 63.250.60.64
CLOUDWEBMANAGE-IL-FR

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn7/video/users/hls/30875/video_6135c3ae46289537299997/vid6135cdd0aa82d176253818.mp4/w_480_00005.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 63.250.60.64 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, US),
Reverse DNS
Software: Tengine /
Resource Hash: 71170d9481a4a3939a7a95f3b7873db755aca3f2596bbeb69f2cddadeb6d8976

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:50 GMT
via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-length: 307380
last-modified: Mon, 06 Sep 2021 08:19:34 GMT
server: Tengine
etag: "cef5408f218a2d3195d0ef147c489bcf"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=1209600
x-proxy-cache: HIT
accept-ranges: bytes
x-amz-cf-id: jXPbqYEg4iTL00qEK0NPB15hMKYBLu4AJZb7oN6Yg2PHI7ci4eZavQ==
expires: Fri, 08 Apr 2022 11:05:50 GMT

POST
H2 204 collect Show response
i.clarity.ms/ 0
48 B 95ms
94ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.33/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://www.androidpolice.com
date: Fri, 25 Mar 2022 11:05:52 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame 8A0C 173 B
407 B 9ms
8ms XHR
application/json 18.193.180.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.193.180.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-180-51.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 492acdb5f723b777e681d549e73872c0d40a9790a891708ea69ce3823fbf0f04

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:53 GMT
content-encoding: gzip
x-prebid: pbs-java/1.84.0
content-type: application/json
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 169
expires: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame 8A0C 173 B
406 B 10ms
10ms XHR
application/json 18.193.180.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.193.180.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-180-51.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: cb1c1772525c3db2a1301a36a1d429a13069e82e7fb0a0d26a7e56300ff11553

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:53 GMT
content-encoding: gzip
x-prebid: pbs-java/1.84.0
content-type: application/json
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 168
expires: 0

GET
H/1.1 200
OK swfIndex.php Show response
ads.stickyadstv.com/www/delivery/ Frame 8A0C 67 B
725 B 128ms
128ms XHR
application/xml 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=14000367&componentId=prebid&componentSubId=mustang&timestamp=1648206353123&pKey=1401784937&_fw_gdpr_consent=&_fw_gdpr=true&loc=https%3A%2F%2Fwww.androidpolice.com%2F&playerSize=500x281&schain=1.0%2C1!primis.tech%2C30875%2C1%2C%2C%2C
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Mar 2022 11:05:53 GMT
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.androidpolice.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 67
x-sticky-vk: 1648206352993075-601
Expires: Fri, 25 Mar 2022 11:05:53 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 8A0C 0
64 B 16ms
16ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.androidpolice.com
date: Fri, 25 Mar 2022 11:05:52 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 8A0C 36 B
336 B 72ms
72ms XHR
application/json 2.21.111.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=491831&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%22271de688839831%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Ft.co%2FnZJA4XRYOk%22%2C%22page%22%3A%22https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%225.18.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2228f68625a0b3b4d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22491831%22%2C%22dfp_ad_unit_code%22%3A%22%2F108500%22%2C%22sid%22%3A%22500x281%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22playerSize%22%3A%5B%5B500%2C281%5D%5D%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22placement%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A500%2C%22h%22%3A281%7D%2C%22bidfloor%22%3A2.97%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22primis.tech%22%2C%22sid%22%3A%2230875%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.111.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-111-28.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a80ed99eedb5a0bb021d4eeafa8b44b450e054dbf76c8f80136f36b47be24b23

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:53 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.169], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://www.androidpolice.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 36
x-ak-client-geo: 12
expires: Fri, 25 Mar 2022 11:05:53 GMT

GET
H2 200 liveInternalSsp.php Show response
live.primis.tech/live/ Frame 8A0C 25 B
438 B 320ms
320ms XHR
text/html 2600:9000:2156:2c00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveInternalSsp.php?sspData=%7B%22enc%22%3Atrue%2C%22data%22%3A%22%5C%22JTqCJTIlqzVlJTIlJTNBJTIlqzVlXmEhNSUlMvUlQlUlMz1coxJcZCUlMvUmQTAyMxMyMwJvqXc6ZXIyMwIyM0EyN0IyMwJwo3VhqCUlMvUmQTAyMxMyMwJ0nXRfZUkyovUlMvUmQTEjMCUlQlUlMapyMwIyM0ElMDAyMxMyMwJbJTIlJTNBMTYjJTqEJTJDJTIlq2yxqGtyMwIyM0E1MDAyMxMyMwJbZWyanHQyMwIyM0ElODEyMxMyMwJmpGFwZUyxJTIlJTNBJTIlNTtjNTpyMwIyMxMyMwJmpGFwZVR5pGUyMwIyM0EyMwJ2YXN0JTIlJTJDJTIlqzyxZW9QoGFwZW1yoaRUrXByJTIlJTNBMSUlQlUlMzyjJTIlJTNBJTIlMzEjMlUmQTFvMwAyM0E2JTNBZwAkMSUmQSUmQTyyJTIlJTJDJTIlZ2ViSWQyMwIyM0E1NlUlQlUlMzFfpGuuMxqyolUlMvUmQSUlMxRFJTIlJTJDJTIlZGV2nWNyqHyjZSUlMvUmQTIyMxMyMwJ0rHREZXZcY2V0rXByJTIlJTNBJTIlZGVmn3RipCUlMvUlQlUlMzJlo3qmZXIyMwIyM0EyMwJwnHJioWUyMwIyMxMyMwJiplUlMvUmQSUlMyqcozRiq3MyMwIyMxMyMwJ0rHRPplUlMvUmQSUlMaqcozRiq3MyMwIyMxMyMwJxZXZcY2VNo2RyoCUlMvUmQSUlMvUlMvUlQlUlMz9mVzVlp2yiovUlMvUmQSUlMwEjLwAyMwIyMxMyMwJxZXZcY2VNYW51ZzFwqHVlZXIyMwIyM0EyMwIyMwIyMxMyMwJxZXZcY2VDo2RyTzFgZSUlMvUmQSUlMvUlMvUlQlUlMaVmZXJBZ2VhqCUlMvUmQSUlMx1irzyfoGEyMxY1LwAyMwAbV2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0KSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjKEgIVE1MJTJDJTIjoGyeZSUlMEqyY2giKSUlMENbpz9gZSUlRwx5LwAhNDt0NC41MSUlMFNuZzFlnSUlRwUmNl4mNvUlMvUlQlUlMzkuqCUlMvUmQSUlMwUjLwEjNDxyMwIyMxMyMwJfo24yMwIyM0EyMwI4LwYlOTUyMwIyMxMyMwJupHBOYW1yJTIlJTNBJTIlJTIlJTJDJTIlYXBjSWQyMwIyM0EyMwIyMwIyMxMyMwJcp0FjpCUlMvUmQTAyMxMyMwJupHBCqW5xoGVJZCUlMvUmQSUlMzu0qHBmJTNBJTJGJTJGq3q3LzFhZHJinWRjo2kcY2UhY29gJTJGoz9lqGtgn29lZWFhLWuuY2gypaMgZzyhqGVwnC1gZWRcYS1wnHJioWUgrzVlol1xYXxyMxYyM0Z1qG1sp291pzNyJTNEZGk2pv5cqCUlNaV0oV9gZWRcqW0yM0R0q2y0qGVlJTIlJTJDJTIlYXBjU3RipzVVpzjyMwIyM0EyMwIyMwIyMxMyMwJupHBQpzy2YWN5UG9fnWN5JTIlJTNBJTIlJTIlJTJDJTIlYXBjSXNQYWyxJTIlJTNBJTIlJTIlJTJDJTIlYXBjRGV2ZWkipGVlJTIlJTNBJTIlJTIlJTJDJTIlnWZuJTIlJTNBJTIlJTIlJTJDJTIlnWZ2JTIlJTNBJTIlJTIlJTJDJTIlYXR0plUlMvUmQSUlMvUlMvUlQlUlMzFjpFZypaNco24yMwIyM0EyMwIyMwIyMxMyMwJlZWZypaJypvUlMvUmQSUlMzu0qHBmJTNBJTJGJTJGq3q3LzFhZHJinWRjo2kcY2UhY29gJTJGoz9lqGtgn29lZWFhLWuuY2gypaMgZzyhqGVwnC1gZWRcYS1wnHJioWUgrzVlol1xYXxyMxYyM0Z1qG1sp291pzNyJTNEZGk2pv5cqCUlNaV0oV9gZWRcqW0yM0R0q2y0qGVlJTIlJTJDJTIlpGFaZSUlMvUmQSUlMzu0qHBmJTNBJTJGJTJGq3q3LzFhZHJinWRjo2kcY2UhY29gJTJGoz9lqGtgn29lZWFhLWuuY2gypaMgZzyhqGVwnC1gZWRcYS1wnHJioWUgrzVlol1xYXxyMxYyM0Z1qG1sp291pzNyJTNEZGk2pv5cqCUlNaV0oV9gZWRcqW0yM0R0q2y0qGVlJTIlJTJDJTIlZ2RjpvUlMvUmQTEyMxMyMwJaZHBlQ29hp2VhqCUlMvUmQSUlMvUlMvUlQlUlMzymV2VQYXNmR2RjpvUlMvUmQSUlMwAyMwIyMxMyMwJwY3BuJTIlJTNBMCUlQlUlMzNwpGFDo25mZW50JTIlJTNBJTIlJTIlJTJDJTIlZG9gYWyhJTIlJTNBJTIlq3q3LzFhZHJinWRjo2kcY2UhY29gJTIlJTJDJTIlq2Vvp2y0ZSUlMvUmQSUlMaq3ql5mZWgcozRiLzNioSUlMvUlQlUlMaNyY3VlZSUlMvUmQTEyMxMyMwJaZW9To3VlY2UyMwIyM0EyMwJJUCUlMvUlQlUlMzNipHBuJTIlJTNBMCUlQlUlMaV1nWQyMwIyM0EyMwI2MwNxYTIjYwpmNwUjJTIlJTJDJTIlYzkiY2gCpzFhZHMyMwIyM0EyNUIyNUQyMxMyMwJyrHRVp2VlSWRmJTIlJTNBJTVCJTVEJTJDJTIloXJunWRBoGkiq2VxJTIlJTNBMCUlQlUlMzRyYaVaSW5zo3JgYXRco24yMwIyM0EyMwIyMwIyMxMyMwJmnXRySWQyMwIyM0EkMDt1MDAyMxMyMwJjqWJfnXNbZXJJZCUlMvUmQTMjODp1JTJDJTIlp2NbYWyhJTIlJTNBJTqCJTIlqzVlJTIlJTNBJTIlMS4jJTIlJTJDJTIlY29gpGkyqGUyMwIyM0EkJTJDJTIloz9xZXMyMwIyM0EyNUIyN0IyMwJup2xyMwIyM0EyMwJjpzygnXMhqGVwnCUlMvUlQlUlMaNcZCUlMvUmQSUlMwMjODp1JTIlJTJDJTIlnHAyMwIyM0EkJTqEJTVEJTqEJTJDJTIlpzVanW9hJTIlJTNBJTIlRyIyMwIyMxMyMwJwYW1jYWyaoaMyMwIyM0EyN0IyMwI3ODMkNlUlMvUmQSU3QvUlMaRlYWNeZXIyMwIyM0EyMwJwYW1jYWyaoxZlZXFDYXAyM0QjJTI1MxYjJTI2Y2FgpGFcZ25JZCUmRDp4MmE3JTI2p3BuY2UlQWRJZCUmRDE3MDU1MmI4JTIlJTJDJTIlpHJyYzyxTaNmpEyhZGV4JTIlJTNBMCUlQlUlMaNjYWNyMxFxSWQyMwIyM0EyMwIkNmA1NTMlOCUlMvUlQlUlMzRyYWjyMwIyM0EyN0IyMwJcp1J0YxRyYWjyMwIyM0EjJTJDJTIlpaRvRGVuoEyxJTIlJTNBJTIlJTIlJTJDJTIlpaRvU2VuqEyxJTIlJTNBJTIlJTIlJTqEJTJDJTIlpaRvV1NyYXQyMwIyM0EyMwIyMwIyMxMyMwJwYW1jYWyaoxyxJTIlJTNBNmtmMTpyMxMyMwJwYW1jYWyaoyNwo3ByJTIlJTNBJTIlpHVvoGywJTIlJTJDJTIlYaV5ZXJVnWQyMwIyM0EyMwIyMwIyMxMyMwJuZFVmZXJJZCUlMvUmQTMkMDIlJTJDJTIlYzNuqCUlMvUmQSUlMvUlMvUlQlUlMzJup2VGoG9ipvUlMvUmQTMhMlUlQlUlMzV4qCUlMvUmQSU3QvUlMaBupaRhZXIyMwIyM0EyMwIkMwEyMwIyMxMyMwJlZXZTnGFlZSUlMvUmQSUlMwAhOTUyMwIyMxMyMwJjoGFwZW1yoaRJZCUlMvUmQSUlMyBlnW1cp19HZW5ypzFfX1JUQvUlMvUlQlUlMaN1pHBfnWVlX2yxJTIlJTNBJTIlNDIyMwIyN0QyMxMyMwJlZWZypzVhY2VJZCUlMvUmQTMyMxMyMwJvnWRzoG9ipvUlMvUmQSUlMwIhOTpyMwIyN0QyN0QyMxMyMwJjYWqyY2F0JTIlJTNBJTVCJTIlSUFCMTxyMwIyNUQyMxMyMwJjoGFwZW1yoaRDYXQyMwIyM0EyNUIyMwJJQUIkOSUlMvU1RCUlQlUlMzNioaRyoaRwYXQyMwIyM0EyNUIyMwJJQUIkOSUlMvUlQlUlMxyBQwEgNlUlMvUlQlUlMxyBQwEgNSUlMvUlQlUlMxyBQwEgMSUlMvU1RCU3RA%3D%3D%5C%22%22%7D
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2c00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1d16d42e33c80a00df5f4c6a514edbfaa985a2cdf0d33b4f76f90a6625b773b7

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:53 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=UTF-8
x-amz-cf-id: dJX5tGszIkVKSdtlL8j17iunm753WlL-JSJ8SGEYgCh-OG3sGUhDIQ==

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame 8A0C 19 B
685 B 48ms
48ms XHR
application/json 3.124.152.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.124.152.204 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-152-204.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:53 GMT
accept-ch: sec-ch-width,sec-ch-viewport-height,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-arch,sec-ch-rtt,sec-ch-downlink,sec-ch-ect,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 8A0C 0
222 B 69ms
69ms XHR
application/json 18.158.31.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=PrimisTwoHB
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_10.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.31.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-31-37.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.androidpolice.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ Frame 8A0C 23 B
495 B 58ms
57ms XHR
text/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3741&u=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&pr=https%3A%2F%2Ft.co%2FnZJA4XRYOk&pid=DDZ7DCHSkZfL4&cb=1&ws=1x1&v=7.74.0&t=2000&slots=%5B%7B%22id%22%3A%22Valnet_Primis_Video%22%2C%22mt%22%3A%22v%22%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A297%7D%5D&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.95.188 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-95-188.fra50.r.cloudfront.net

Software

Server /

Resource Hash

89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:53 GMT
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA50-C1
x-amz-rid: 04ETR4MSEY7D5E1JE4JT
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.androidpolice.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 6zcC-u6BPnuMiF2p7y9Pzi8lrpej2D7l9zI4R04yd27yNw0uDuIfuw==

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 44ms
44ms Ping
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-6Y5Q4PR4RC&gtm=2oe3e0&_p=1819646864&sr=1600x1200&ul=en-us&cid=961281935.1648206348&dl=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&dr=https%3A%2F%2Ft.co%2FnZJA4XRYOk&dt=North%20Korean%20hackers%20targeted%20fintech%20and%20media%20with%20Chrome%20zero-day%20exploit&sid=1648206347&sct=1&seg=0&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6Y5Q4PR4RC&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.androidpolice.com/north-korean-hackers-fintech-media-chrome-zero-day/?utm_source=dlvr.it&utm_medium=twitter
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:05:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.androidpolice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame 9159 136 B
125 B 54ms
54ms XHR
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?iu=%2F21734706084%2C39363775%2Fvalnetinc&description_url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&env=vp&correlator=729172891488717&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1%7C213x120&unviewed_position_start=1&cust_params=prmsig%3Dcumbfo&sdkv=h.3.507.1&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&gdpr=1&gdpr_consent=tcunavailable&sdki=44d&adk=3624223770&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.507.1&sid=09B90E68-48E5-47E9-B95A-D0B15079C72F&nel=0&eid=44730896&url=https%3A%2F%2Fwww.androidpolice.com%2Fnorth-korean-hackers-fintech-media-chrome-zero-day%2F%3Futm_source%3Ddlvr.it%26utm_medium%3Dtwitter&dlt=1648206347452&idt=2030&dt=1648206353952&scor=1479729347970507&ged=ve4_td7_tt5_pd7_la7000_er1039.-2645.1192.-2345_vi0.0.1200.1600_vp0_ts4_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.507.1_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

106b39f48e91ecd4e58145357095e1014ceba98a7b71c81e2a9388a36be77732

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 11:05:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-creative-id: -2
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pixel.rubiconproject.com
URL: https://pixel.rubiconproject.com/exchange/sync.php?p=primis

Verdicts & Comments Add Verdict or Comment

184 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

111 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 03:59:42	Name: sync Value: CgoIoQEQ6YyEhvwvCgoIgQIQ6YyEhvwvCgoI4gEQ6YyEhvwvCgoI5gEQ6YyEhvwvCgoIhwIQ6YyEhvwvCgkICRDpjISG_C8KCQg6EOmMhIb8LwoJCAsQ6YyEhvwvCgoIjAIQ6YyEhvwvCgkIXxDpjISG_C8=
.t.co/	1970-01-20 11:20:20	Name: muc Value: 8b4883e7-3c02-4343-a792-aaa08f9bf251
www.androidpolice.com/	1969-12-31 23:59:59	Name: viewType Value: utm
www.androidpolice.com/	1969-12-31 23:59:59	Name: campaign Value: dlvr.it
.convertkit.com/	1970-01-20 01:50:08	Name: __cf_bm Value: pQyb9Z8GWjODOr_.Cjk1ZdgpeWvZydom0ozLOaj7Zdc-1648206347-0-Aef3qtFmLx4HA5s7Sq5mbO9e2Z8wT0bjGsMu0GagXMA72mpOOt+Sep9PrQD6TSCMcJHvapG+ia8o5hA7X/y75dznfFJhHYv2t2LIyd1RXCwt
.3lift.com/	1970-01-20 03:59:42	Name: tluid Value: 2868021249803221286389
.casalemedia.com/	1970-01-20 10:35:42	Name: CMID Value: Yj2iC.VxlUXTKe3KIgTCKAAA
.casalemedia.com/	1970-01-20 03:59:42	Name: CMPS Value: 3274
.spotxchange.com/	1970-01-20 10:35:46	Name: audience Value: 86585550-ac2b-11ec-ad90-11482f420406
.ad.gt/	1970-01-20 01:51:32	Name: au_idmatch Value: {"apn": 1648206347865, "ttd": 1648206347865, "pub": 1648206347865, "adx": 1648206347865, "halo": 1648206347865, "goo": 1648206347865, "rub": 1648206347865, "mediamath": 1648206347865, "ado": 1648206347865, "impr": 1648206347865, "bees": 1648206347865, "openx": 1648206347865, "ppnt": 1648206347865, "smart": 1648206347865, "son": 1648206347865, "unruly": 1648206347865, "taboola": 1648206347865}
.adnxs.com/	1970-01-20 03:59:42	Name: uuid2 Value: 4885653837632420553
www.clarity.ms/	1970-01-20 10:35:42	Name: CLID Value: e90c9f77dce145c8b8730216f2a103b2.20220325.20230325
.casalemedia.com/	1970-01-20 03:59:42	Name: CMPRO Value: 1106
.casalemedia.com/	1970-01-20 01:51:32	Name: CMST Value: Yj2iDGI9ogwA
www.androidpolice.com/	1970-01-20 02:33:18	Name: _pbjs_userid_consent_data Value: 3524755945110770
.androidpolice.com/	1970-01-20 10:35:42	Name: _au_1d Value: AU1D-0100-001648206348-NT3P99ZS-UKKD
.androidpolice.com/	1970-01-20 10:35:42	Name: _au_last_seen_apn Value: 1648206348315
.androidpolice.com/	1970-01-20 10:35:42	Name: _au_last_seen_ttd Value: 1648206348315
.androidpolice.com/	1970-01-20 10:35:42	Name: _au_last_seen_pub Value: 1648206348315
.androidpolice.com/	1970-01-20 10:35:42	Name: _au_last_seen_adx Value: 1648206348315
.androidpolice.com/	1970-01-20 10:35:42	Name: _au_last_seen_halo Value: 1648206348315
.androidpolice.com/	1970-01-20 10:35:42	Name: _au_last_seen_goo Value: 1648206348315
.androidpolice.com/	1970-01-20 10:35:42	Name: _au_last_seen_rub Value: 1648206348315
.androidpolice.com/	1970-01-20 10:35:42	Name: _au_last_seen_mediamath Value: 1648206348315
.androidpolice.com/	1970-01-20 10:35:42	Name: _au_last_seen_ado Value: 1648206348315
.androidpolice.com/	1970-01-20 10:35:42	Name: _au_last_seen_impr Value: 1648206348315
.androidpolice.com/	1970-01-20 01:50:09	Name: AMP_TOKEN Value: %24NOT_FOUND
.androidpolice.com/	1970-01-20 01:51:32	Name: _gid Value: GA1.2.497491714.1648206348
.androidpolice.com/	1970-01-20 01:50:06	Name: _gat Value: 1
.mathtag.com/	1970-01-20 11:16:01	Name: uuid Value: 0e9d623d-a20c-4500-9ee3-d6be47caf7b0
.creativecdn.com/	1970-01-20 10:35:42	Name: u Value: wfc1rn3LGh0sJKOEAfUJ
.creativecdn.com/	1970-01-20 10:35:42	Name: ts Value: 1648206348
.adsrvr.org/	1970-01-20 10:35:42	Name: TDID Value: 6f5129ea-faa8-4768-98a6-2361d7343c5e
.androidpolice.com/	1970-01-20 19:21:18	Name: _ga_6Y5Q4PR4RC Value: GS1.1.1648206347.1.0.1648206347.0
ads.stickyadstv.com/	1970-01-20 02:33:18	Name: UID Value: 4aceae495417e8b0f897befab63f8aac
.demdex.net/	1970-01-20 06:09:18	Name: demdex Value: 15129565295381905221652814445455930669
.narrativ.com/	1970-01-20 15:00:39	Name: uid_bam Value: 1769748091068887072
.androidpolice.com/	1970-01-21 04:06:54	Name: _awl Value: 2.1648206348.0.5-54a602133c1602114d9022454b7862d8-6763652d6575726f70652d7765737431-0
.dpm.demdex.net/	1970-01-20 06:09:18	Name: dpm Value: 15129565295381905221652814445455930669
.adscale.de/	1970-01-20 10:32:22	Name: uu Value: ed145791656c466480bf956f0b6f4a89
.360yield.com/	1970-01-20 03:59:42	Name: tuuid Value: 80702adb-2dd2-49c0-8a60-c304b9381edd
.360yield.com/	1970-01-20 03:59:42	Name: tuuid_lu Value: 1648206348
.doubleclick.net/	1970-01-20 11:11:42	Name: IDE Value: AHWqTUlsqVW1tudaXXbb4CNmalH6k1WgkOw450u1WYywEGf60gK9x76qauXzVioguj4
.ibillboard.com/	1970-01-20 10:35:42	Name: ibbid Value: BBID-01-03229203486842761-16559352
.ad.gt/	1970-01-20 19:21:18	Name: last_seeng_hosted Value: 1648206348755
.ad.gt/	1970-01-20 19:21:18	Name: au_id Value: AU1D-0100-001648206348-NT3P99ZS-UKKD
.ad.gt/	1970-01-20 19:21:18	Name: g_hosted Value:
.ad.gt/	1970-01-20 19:21:18	Name: last_seenimprove Value: 1648206348756
.ad.gt/	1970-01-20 19:21:18	Name: last_seenadb Value: 1648206348756
.ad.gt/	1970-01-20 19:21:18	Name: last_seenadx Value: 1648206348756
.ad.gt/	1970-01-20 19:21:18	Name: first_seenadx Value: 1648206348756
.adform.net/	1970-01-20 02:34:44	Name: C Value: 1
.androidpolice.com/	1970-01-20 19:21:18	Name: _ga Value: GA1.2.961281935.1648206348
.adform.net/	1970-01-20 03:16:30	Name: uid Value: 1486902432300379439
.androidpolice.com/	1970-01-21 04:06:54	Name: _admrla Value: 2.0-54a60213-3c16-0211-4d90-22454b7862d8
.ad.gt/	1970-01-20 19:21:18	Name: last_seenmediamath Value: 1648206348756
.ad.gt/	1970-01-20 19:21:18	Name: last_seenadnxs Value: 1648206348757
.ad.gt/	1970-01-20 19:21:18	Name: first_seenadnxs Value: 1648206348757
.ad.gt/	1970-01-20 19:21:18	Name: last_seentd Value: 1648206348758
.ad.gt/	1970-01-20 19:21:18	Name: first_seentd Value: 1648206348758
.criteo.com/	1970-01-20 11:11:42	Name: uid Value: a3153246-e51f-401b-9a1d-ee64515f0cfe
.ad.gt/	1970-01-20 19:21:18	Name: last_seenhaloid Value: 1648206348990
.ad.gt/	1970-01-20 19:21:18	Name: first_seenhaloid Value: 1648206348990
.console.adtarget.com.tr/	1970-01-20 03:19:23	Name: a544989 Value: ${USER_ID}
.console.adtarget.com.tr/	1970-01-20 03:19:23	Name: a502624 Value: ${USER_ID}
.console.adtarget.com.tr/	1970-01-20 03:19:23	Name: a550214 Value: ${USER_ID}
.console.adtarget.com.tr/	1970-01-20 03:19:23	Name: a550070 Value: ${USER_ID}
.console.adtarget.com.tr/	1970-01-20 03:19:23	Name: a307080 Value: wfc1rn3LGh0sJKOEAfUJ
.console.adtarget.com.tr/	1970-01-20 03:19:23	Name: a306708 Value: ${USER_ID}
.adscale.de/	1970-01-20 10:32:22	Name: cct Value: 1648206349250
.androidpolice.com/	1970-01-20 10:35:42	Name: _clck Value: 1xe52pw\|1\|f02\|0
.console.adtarget.com.tr/	1970-01-20 03:19:23	Name: vmuid Value: f01ef763cfad80fc
.console.adtarget.com.tr/	1970-01-20 03:19:23	Name: a307565 Value: ed145791656c466480bf956f0b6f4a89
.m6r.eu/	1970-01-20 01:50:09	Name: test Value: true
.m6r.eu/	1970-01-20 03:59:42	Name: cct Value: 1648206349458
.m6r.eu/	1970-01-20 03:59:42	Name: id Value: 6c7bd934194abad9157f205a93d9331e
.ih.adscale.de/	1970-01-20 10:32:22	Name: tu Value: 4#599806813#48~6c7bd934194abad9157f205a93d9331e~457835~0~0#101~BBID-01-03229203486842761-16559352~457835~0~0#38~CAESELcxRm4g-NOeXzagqbV19hg~457835~0~0#39~0e9d623d-a20c-4500-9ee3-d6be47caf7b0~457835~0~0#40~a3153246-e51f-401b-9a1d-ee64515f0cfe~457835~0~0#42~1486902432300379439~457835~0~0#75~4885653837632420553~457835~0~0#63~Yj2iC.VxlUXTKe3KIgTCKAAA&1106~457835~0~0
.c.bing.com/	1970-01-20 11:11:42	Name: SRM_B Value: 153D2B6A0AFC6DD4289C3A180B976C28
.androidpolice.com/	1970-01-20 01:51:32	Name: _clsk Value: 8y0a1p\|1648206349681\|1\|1\|i.clarity.ms/collect
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 11:11:42	Name: MUID Value: 153D2B6A0AFC6DD4289C3A180B976C28
.c.clarity.ms/	1970-01-20 01:50:06	Name: ANONCHK Value: 0
www.androidpolice.com/	1970-01-20 03:16:30	Name: pbjs-unifiedid Value: %7B%22TDID%22%3A%226f5129ea-faa8-4768-98a6-2361d7343c5e%22%2C%22TDID_LOOKUP%22%3A%22TRUE%22%2C%22TDID_CREATED_AT%22%3A%222022-02-25T11%3A05%3A49%22%7D
www.androidpolice.com/	1970-01-20 03:16:30	Name: pbjs-unifiedid_last Value: Fri%2C%2025%20Mar%202022%2011%3A05%3A49%20GMT
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: sessionId Value: b33d2e92a8c137b20c81d8ce7587319
.advertising.com/	1970-01-20 10:37:08	Name: APID Value: UP8792d1e2-ac2b-11ec-b3d3-0607d0a61880
.bing.com/	1970-01-20 11:11:42	Name: MUID Value: 2F6F8B329DE161040D2E9A409C8A6095
.androidpolice.com/	1969-12-31 23:59:59	Name: panoramaId_expiry Value: 1648292750006
.analytics.yahoo.com/	1970-01-20 10:35:42	Name: IDSYNC Value: 187s~23yb
.everesttech.net/	1970-01-20 10:35:42	Name: everest_g_v2 Value: g_surferid~Yj2iDgAPxgzBVQBH
.yahoo.com/	1970-01-20 10:36:03	Name: A3 Value: d=AQABBA6iPWICEB7pSGXeZMBhvzfOsciAzIIFEgEBAQHzPmJHYgAAAAAA_eMAAA&S=AQAAAkfKF5lT67YOd_bFLXgoAp8
.fwmrm.net/	1970-01-20 06:09:18	Name: _uid Value: "l04a5_7078992370309595163"
ads.stickyadstv.com/	1970-01-20 03:16:30	Name: uid-bp-36033 Value: l04a5_7078992370309595163
ads.stickyadstv.com/	1970-01-20 03:16:30	Name: MRM_UID Value: l04a5_7078992370309595163
.adsrvr.org/	1970-01-20 10:35:42	Name: TDCPM Value: CAEYASABKAIyCwiWqrzvxJbHOhAFOAFaCXN0aWNreWFkc2AC
www.androidpolice.com/	1970-01-20 11:11:42	Name: cto_bundle Value: DepCzl9qbWtMd0poTnBveGhPS1FMZWhOWmJ0N29pUzdtSVN2WEh4Y0I4ekk3M0tDZDJOeVdYUlNOVGF1SUVBYkxjOU5jTDlPT0g3ZiUyQmZlcnA3WUVpeFlUS3ZNTU5NWDlmVmtFQyUyRjYxYW1CTkdTZ0xibUo4ZmxnUSUyRmxjNTlBYlZDemZFNkJLMjR4bVclMkY1akR3cVNtVDFGa2oyZyUzRCUzRA
www.androidpolice.com/	1970-01-20 11:11:42	Name: cto_bidid Value: Xl6Sl181VDJQbFRDbFdCb0R6bFJib1EyWWRIYlhxaUwwM1FQUEc2anAweGc0bVJmWXVzUjRJUlp5SkpWWGcwNiUyRmFlaXRCZFFkamxzNXdJQjRQQnlPb2ZIRW5oSWR3YkVpUXpyTzVoJTJCJTJCOCUyQkhrT3ZjbjUyaSUyRllwUXlIWUdGdE1OQ3NvWmg
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:22:00	Name: bcookie Value: "v=2&de00d94e-ab6d-4d40-86fc-4753d970e908"
.linkedin.com/	1970-01-20 18:58:55	Name: li_gc Value: MTswOzE2NDgyMDYzNTA7MjswMjGVDs/YAEnZfi9+jWs/7BO6V/tgq3nzCnj/MH4gihvXPA==
.linkedin.com/	1970-01-20 01:51:32	Name: lidc Value: "b=TGST07:s=T:r=T:a=T:p=T:g=2311:u=1:x=1:i=1648206350:t=1648292750:v=2:sig=AQGjqVd2f8yVnRcOxFIE-csfb6LipO5C"
ads.stickyadstv.com/	1970-01-20 03:16:30	Name: uid-bp-892 Value: 6f5129ea-faa8-4768-98a6-2361d7343c5e
ads.stickyadstv.com/	1970-01-20 03:16:30	Name: uid-bp-159 Value: CAESEPKjesFoxwN-2YBPiUlGtOM
.bidr.io/	1970-01-20 11:18:39	Name: bito Value: AACnj07Ee0QAADLZbasMpw
.bidr.io/	1970-01-20 11:18:39	Name: bitoIsSecure Value: ok
ads.stickyadstv.com/	1970-01-20 02:33:18	Name: uid-bp-26913 Value: AACnj07Ee0QAADLZbasMpw
ads.stickyadstv.com/	1970-01-20 02:33:18	Name: uid-bp-717 Value: y-iU7aBd1E2oO_OsYU.H9xQOuOdo1YQcrq1KrIRoZb~A
.w55c.net/	1970-01-20 11:20:20	Name: wfivefivec Value: eiAlcEbp1NxHLo5
.w55c.net/	1970-01-20 02:33:18	Name: matchfreewheel Value: 5
ads.stickyadstv.com/	1970-01-20 03:16:30	Name: uid-bp-23329 Value: eiAlcEbp1NxHLo5
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: pxId Value: 247

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://t.co/nZJA4XRYOk Message: Unrecognized Content-Security-Policy directive 'referrer'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1f2e7.v.fwmrm.net
a.ad.gt
ad.360yield.com
ads.adaptv.advertising.com
ads.pubmatic.com
ads.stickyadstv.com
adscale-emea.adnxs.com
ampcid.google.com
ampcid.google.de
androidpolice.disqus.com
api.narrativ.com
app.convertkit.com
b1sync.zemanta.com
bbnaut.ibillboard.com
c.amazon-adsystem.com
c.bing.com
c.clarity.ms
cdn.id5-sync.com
cm.adform.net
cm.adgrx.com
cm.g.doubleclick.net
creativecdn.com
csync.loopme.me
dis.criteo.com
dlvr.it
dpm.demdex.net
eb2.3lift.com
eus.rubiconproject.com
events.release.narrativ.com
f.convertkit.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.clarity.ms
id.crwdcntrl.net
id.halo.ad.gt
id5-sync.com
ids.ad.gt
ih.adscale.de
image2.pubmatic.com
image6.pubmatic.com
images.getadmiral.com
imasdk.googleapis.com
js-sec.indexww.com
js.adscale.de
live.primis.tech
ls.skimresources.com
match.adsrvr.org
match.prod.bidr.io
mug.criteo.com
p.ad.gt
p.skimresources.com
pagead2.googlesyndication.com
pixel.advertising.com
pixel.rubiconproject.com
pixels.ad.gt
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
px.ads.linkedin.com
r.skimresources.com
s.amazon-adsystem.com
s.console.adtarget.com.tr
s.skimresources.com
s0.2mdn.net
scarfsmash.com
secure.adnxs.com
secure.cdn.fastclick.net
securepubads.g.doubleclick.net
seg.ad.gt
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.adsafeprotected.com
static.narrativ.com
static1.anpoimages.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.console.adtarget.com.tr
sync.mathtag.com
sync.search.spotxchange.com
t.co
t.skimresources.com
tagan.adlightning.com
tlx.3lift.com
token.rubiconproject.com
track.adform.net
tracking.m6r.eu
u.openx.net
unpkg.com
ups.analytics.yahoo.com
video.primis.tech
www.androidpolice.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
pixel.rubiconproject.com
104.111.219.144
104.117.200.100
104.244.42.133
142.250.181.226
143.204.95.188
143.204.98.108
143.204.98.122
15.197.193.217
151.101.130.49
151.139.128.11
172.217.16.130
173.231.180.197
178.250.0.157
178.250.2.151
18.134.84.19
18.156.0.31
18.158.31.37
18.193.180.51
18.194.227.226
18.203.96.202
185.184.8.65
185.29.132.241
185.33.220.244
185.64.189.112
185.64.190.80
185.94.180.126
192.82.242.209
194.213.62.37
199.232.196.134
2.18.233.180
2.18.234.21
2.18.234.233
2.21.111.28
209.54.180.144
23.88.75.188
2600:9000:2156:2c00:1a:5235:f980:93a1
2600:9000:2156:4a00:f:4f64:8940:93a1
2600:9000:2156:5a00:8:48e:53c0:93a1
2606:4700:10::ac43:25e7
2606:4700:3037::ac43:c1e6
2606:4700::6810:7baf
2606:4700::6812:ba39
2620:1ec:21::14
2620:1ec:27::cafe:1761
2620:1ec:c11::200
2a00:1450:4001:800::2006
2a00:1450:4001:803::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2004
2a00:1450:4001:810::200e
2a00:1450:4001:811::2002
2a00:1450:4001:827::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2008
2a00:1450:400c:c08::9a
2a02:2638::1c
2a05:d018:d29:3602:d715:9c64:5860:e3e3
2a0c:5c81:5139::2
3.122.208.3
3.124.152.204
34.120.117.212
34.192.73.199
34.209.98.169
35.158.38.112
35.186.249.84
35.190.59.101
35.190.91.160
35.201.67.47
35.211.178.172
35.244.159.8
35.83.111.96
37.157.5.142
37.252.173.213
44.196.161.176
44.226.74.222
44.238.250.195
44.240.184.96
46.105.202.126
50.31.142.63
52.142.114.2
52.167.85.21
52.211.111.162
52.214.158.110
52.37.124.246
54.36.109.156
54.71.105.247
54.77.200.211
54.90.140.145
62.149.0.72
63.250.60.64
69.173.144.138
72.251.244.142
76.223.111.18
01fc8b96062c12c10f704f63d680ef83d596e0ec48a4663a167a57333f592cc7
022d5b457a68d350109f4f8d7d92cc8c7d6a4df579f7c0886b44c9195c299a4a
04ff2db29a8e437c59020bdaec247cf4e2ad84d8237e8f627d4d9677fa802cad
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
05fde9258245fd1d1558ca071a747faedbd1a573c67e512d6b728cba8d6a37b8
062b6068dcaef2c948527fd0b4caa276942fcd3e67956de131cd99dc4c464b0f
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0b41750d79b770853d9714ed70f2b9224529a7290c3d4c4bebc08ef092e19a1f
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c2dec85335834c0973ab0c4a4b47044c87504ee8435fd89a1ab997348be6ed5
0c2f38117d47fc594d2c41bd364fa98adf659f2ebf5c09cff17a7fe29a7c1acc
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
0f4020071f4d6fbd6e07ddb16daf4859441c7454a0c733b019f7cb1adc8f4d49
0f85c9f0360084c02d80f74d6c2518ce37718ef1e710454c188c914e3c8f2fd2
0f9e1b535700b34e8bd66d6aaef79c69cf085ab1d8bfcade07e430a6c467c118
106b39f48e91ecd4e58145357095e1014ceba98a7b71c81e2a9388a36be77732
10fe012bf1ac1c1c9c86ff578701029d1585f0c2d08327542dd00fe93bbf0c6b
11b067ee141811f95416601d0b217297870d65fbc619e782bb1512d094dd8174
1258a9a98c2fc1f2826009e36e34d124fb7de6ba0ed111a6dd18b63ed86b7920
154212eb976f7df7c79f5844fcb356740bcb6c51edacb2e8515108e2d7effa67
1684ef66993af30736bdcb5660eb34dc0df40c153901f9ac3afbef20409ffbd5
1d16d42e33c80a00df5f4c6a514edbfaa985a2cdf0d33b4f76f90a6625b773b7
1df2479c6e9e118e3197cb936671bf3cea8f48f9f6d6c6722251db4f766b8c21
206322a3d724b8ee9d5445c0b17aa808a1061ec9821ee149089cd7297c79e2df
2880fbb26ad5becd41ec25a5c37da351ac77225bbf30d5a9ab8accf5728591cf
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe
2ad3e1ebf36f4d5375c097486e514befc0294cf035eb492965b32a3274e6fed0
2d982a78b1da56ba84ff4f57aad9715cef56b27e56f4ed18f5b831a0f4d7d2e6
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
32e8d403657439c3d4f4ce5a761a1ba1d4d91361b7d7fd5980d0fdfa8d547a42
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8
364f1fe1e13f212722786490c2f53c9fd8ac40fb69be8ae492ab22c6abd04e1a
3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45767d3452a56be0180eed18ff44acd5e688dc5bbde2b77e1da29b326a180416
46e15ddd3f3583786961d72eb1a81b34bc9dad89240a461dcf02b43c6aa9e9c7
480ec605663d6d4099ac88df797be15349e23e54dfd48345909c9df9eb7373cf
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
492acdb5f723b777e681d549e73872c0d40a9790a891708ea69ce3823fbf0f04
4b3c99edd2f296f5eb89ead2bde4f268390bafb61109d86cb49a70b517c0f006
4bd3d266e3cff2648f995f78b1b55a7adda2aae4986c225e3e865314b62b1cc6
5042f25c3eb1530880fa3b05325462c028492caf22141409999cdd7e6364b8ba
521d02fa15549b3dce4176b4e8c4b80102ac1d587182a052309ab4e4cbc021a1
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a790213cb3db6919948b63f7d0c020183b0fba4e662e0e32fdaa0c52113c11f
5ba78b3965ef35b836b6d11542ae178eaffb111d73a2ab5cb88eee5d94500faf
5bb08412d18881e3fc69fdb44226bfc6f66a77d45dfff3f10b98a100c09bc970
616f41fbbcf44ba72bb9c97132871526164c81d78f56a15e04ece1a44eb5606a
6378f6326c6b8ed5ba7c9dd71718f4acfab15effd24a9c83974e4e8ea473879e
666ab8460522792eeb26bb32a57178716c799c5abf1b70981a742327e037d023
6878481c0ef11e3936b1cfa40514841cd398302508e0ef56b830f86e471718e1
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17
6a2578483aa2f047767a9cdc25128bcd6f4fbad0832fd8d59c0e8f6be648c89e
6c6f1b40f2404a91f75ebd595fe475c8ddcd174fa1ccd85a21bb17999feb6a1b
6d4cb252ade03cb7b1c2e99317eba4e0ed4c74db943c5b937127cca6251dcaec
6e75948ee66bf6e7da9235ee5cecbda03fa7f592a3f08193757202be43d6cb38
71170d9481a4a3939a7a95f3b7873db755aca3f2596bbeb69f2cddadeb6d8976
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
77b6cf23233b701d9f8431895922c662939b79d4f94bcdbe8b32f5284b9a4991
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7da4005fedc1d18f0a2346baaa5b8efc52fbed8839b0d29167aa97519341c75f
7ea26c2e155afa821d8a157303a6dc302c9d1740b36ae5313f0ece87a60c1e8f
8035044cd478fc7147561f9debb6a567d4b00c92d6ad0ce9702160aadff83343
804741054718d791358ea9f2a8d3ba7c03a73b25fea10b85dcf1cf4be6a054b1
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8632bb8bb96d1d81adfc276ac68faf2497dde6616f8d648d0fa625f1549b8da7
86620b292691b6d6621e00a6439123afe65ac8317a6c48ddcad68a1c85bbe606
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8b0d1446f412484a2a7d1abb46ddc5de128d8aaf11b1fe04ac729ee4830c5e5b
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d803c7b2fa17c8dd2a869145038908447430b100c11dd11d2c5c9b887adadcb
8da535d56e77e6aadf882bf4aa22f22720ffb6071fbe5705a95813a5ae0223b0
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
9115bbf3b3dee88764e74ecdf31c2234ece91aa42a596a1d3ba11925662777ba
926952e0833e0acb9dd02fdbbe59bb8be77f8e7571aaedc900649b9513500e8b
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
955dd368bec858f5ab6c2c4c1bc73d4299d69d387c7a36046fe80501fff14167
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9fd2992bb6213a9b3d387ffc67279296a9fd32b01ec65052cc4997605024acec
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a20010b26bce05ea3cfc83cf3a162b7c16b5d2fa2bcf2253b0394b0eb322347a
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a66ca4f262e8c7ad1836a90b45f153e191c6b4496d24f3b9951c1585245c2648
a80ed99eedb5a0bb021d4eeafa8b44b450e054dbf76c8f80136f36b47be24b23
abf89cea82a0ed0edf2a63b7f1aa587bea8f6dcbe393265c93f264b021264c40
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3e57eb372e8b405c816875571e184854b2846261c7477c6c9bdb7782faa1a30
b41f242bfa858ddc54ea754401991d33df52036db137b06f96aea0dc687bb3fb
b7b7fb37ec681a6a1bd507ce80613c7343fb3b394b29e21e7b11d6a6df933f68
b8276451a41fa087bc1f12da9d2fc433885b5c718f9db4e8d8f244e5f0dd6dd1
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
b9f062b1f34ccf6866fac8097bd8c8acccad74d45c5898bef8075b637ce1e3a9
baf48070c2cc2fb9768e719d24b9b8c7e99f3459787f009b40d49bc1f03281ac
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bfb5b18188aa4105899263d2a7844940269e28d561835191415bc7e32f69f124
c16fe63d5e6c3d1acc9b2aedec440d98db4ebd7ea1bdfe9f26aab74e7be91a7e
c5b8dd28d06957875bd3bcc388f28a906e76a96223ebe801a5d0ac8b076e7ca2
c687b416d79e0f94fa2d8336b573213ac64988ed6f73fd0a0e0a02f2faf4d6d2
c82fab08e93db8934a27f5b26ddf48c8a013a92a21ea15b7fa8b675b0d866040
c97c34071d917794992d8009b7e6604a83e75c83ecbe625c75d6091698b03ffe
ca38ab561201a1a68867f61d4fb3df9682756c8927fe80f047624e7ef662f0f3
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca9c022c42f14c29bfeb8523a4941443591ca66b04f6b0b49942847c0c734738
cb1c1772525c3db2a1301a36a1d429a13069e82e7fb0a0d26a7e56300ff11553
cb654ea3af65f5a285acac888c6bb4ad36f0178d2c21303183a30b39c782a778
cd74c8f79ec4d05428c1363d02d317cf15729cc8e72ab530d05f591e922c4a6b
cdbbad52ea5a7c7664761a59301ceaeee0efbe793db0ef799a89670584da9934
ce1272e8f8a6dedd828c7d3e181b904f34c9b5e19857da15bb940f530b262552
ce5ddf07effd6f79fae67771bfd457e9b7623ac636042acda1dbd133dcbec2be
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d10393c6d6a3dcb1888cd32416ed83e40eb1ed6bbd9a28e0c5b5c84d151885e4
d4ac24297766db9b6f8c84d31d3bd50b8f2ed5da57d3c853f3fddd51c8b34e06
d4ed5bd20c3036042165e91001bd91497551164b0e34c76cb8a6eb15c33f3c15
d655f4580ee2f1d719b8e8b1b85624eea242583a334f509da8210480cd89f765
d91b7dda209988986b054cc06f8e13fb12113708c38169b51229a036c5f4860f
daac16a8dcbf772343d560088f23516e8235ab8c3450cae85cc1c61ad4aa6db2
dc5aa82a0df8ce72e94559df6ba217e6a7459c612070a20992f9cb5013bb9308
dcd95bf2b5aad9d5d098d8d02eaca31c0620260a9d485663f3552cf4849bde7c
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42808d7e52317336b8ce5e70efec1e44875ab17d58f9a3640bace9b7e314950
e6ac25d541d15d00d8ac79cbb7e6f917732a768e2a187f5cf1ce2c255c7cec07
e8fd802ce5042d308a2d650c3db8f60b2bd3b884f34d6ceabe0631a3a9e226f5
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3ffeed0ceb0e14dfa1f0bd0fa79520b976f0ef6644190e09a2a1520feb76322
f5da2faa9085ca8541d5592dc35bab77df6b9389f5be5c8c7c8d32f904bb877e
f764f20f282e807aeccf2d7b42fb4461aeb92a6a0f4ce584ed3499d5f29d0b2d
fb36e5386197d0e127fe09965c23ec746be4aee7e5a1235d466321980f424469
fbeb1d64db3cc980880ae855ad4a760b2438cbe3a86e4d2cbca952f830039290
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fcd046a74c4fe3cfae415d96d0b9be6cbbce4ea15dcafa15a7527c20c606ff96
fd8474ddf27b6d7a0b5537a318862a5d960b0aee8b227c6af9267e6480dc5a46
ffc4b44e1b7402c08e5f2f702ca535e7e7083a684cda203dfdcb734cd5761aa6

www.androidpolice.com Open in urlscan Pro 44.196.161.176 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

227 Requests

85 %HTTPS

28 %IPv6

62 Domains

102 Subdomains

80 IPs

10 Countries

4932 kBTransfer

9213 kBSize

111 Cookies

17 Outgoing links

Page URL History

Redirected requests

227 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.androidpolice.com Open in urlscan Pro
44.196.161.176 Public Scan

Screenshot
Live screenshot

Full Image

227
Requests

85 %
HTTPS

28 %
IPv6

62
Domains

102
Subdomains

80
IPs

10
Countries

4932 kB
Transfer

9213 kB
Size

111
Cookies

227 HTTP transactions
0 data transactions