threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Submission: On July 01 via api (July 1st 2020, 3:52:23 pm UTC) from US

Summary HTTP 239 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 56 IPs in 7 countries across 43 domains to perform 239 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 10th 2020. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
11	13.224.102.80 13.224.102.80	16509 (AMAZON-02) (AMAZON-02)
5	2606:4700:e4:... 2606:4700:e4::ac40:a60d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
8	2600:9000:219... 2600:9000:2190:2e00:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
10	2600:9000:219... 2600:9000:2190:1000:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
4 10	2a00:1450:400... 2a00:1450:4001:821::2004	15169 (GOOGLE) (GOOGLE)
22	63.250.56.119 63.250.56.119	41436 (CLOUDWEBM...) (CLOUDWEBMANAGE-EU)
7	216.58.208.34 216.58.208.34	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
4	185.33.220.240 185.33.220.240	29990 (ASN-APPNEX) (ASN-APPNEX)
1 3	216.52.2.48 216.52.2.48	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	134.209.129.254 134.209.129.254	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	54.246.176.10 54.246.176.10	16509 (AMAZON-02) (AMAZON-02)
4	23.210.249.164 23.210.249.164	16625 (AKAMAI-AS) (AKAMAI-AS)
4	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT)
10 15	2606:2800:233... 2606:2800:233:97b6:26be:138a:cba8:bb01	15133 (EDGECAST) (EDGECAST)
4	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 6	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:825::200e	15169 (GOOGLE) (GOOGLE)
1 3	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1 1	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:219... 2600:9000:2190:e800:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:816::2001	15169 (GOOGLE) (GOOGLE)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
2	13.224.102.234 13.224.102.234	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:825::200a	15169 (GOOGLE) (GOOGLE)
4	23.210.249.92 23.210.249.92	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
19	185.167.96.211 185.167.96.211	41436 (CLOUDWEBM...) (CLOUDWEBMANAGE-EU)
1 2	3.127.169.241 3.127.169.241	16509 (AMAZON-02) (AMAZON-02)
1 1	148.251.129.84 148.251.129.84	24940 (HETZNER-AS) (HETZNER-AS)
3	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
3	18.185.15.67 18.185.15.67	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	2a03:2880:f02... 2a03:2880:f02d:e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	199.232.53.140 199.232.53.140	54113 (FASTLY) (FASTLY)
17	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
2	35.157.226.170 35.157.226.170	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81d::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
2	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
2	151.101.113.108 151.101.113.108	54113 (FASTLY) (FASTLY)
2 3	54.229.128.207 54.229.128.207	16509 (AMAZON-02) (AMAZON-02)
2 5	35.157.252.175 35.157.252.175	16509 (AMAZON-02) (AMAZON-02)
2 2	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1	13.224.102.40 13.224.102.40	16509 (AMAZON-02) (AMAZON-02)
1 1	134.209.131.220 134.209.131.220	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	205.185.216.10 205.185.216.10	20446 (HIGHWINDS3) (HIGHWINDS3)
1	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1430	41041 (VCLK-EU-) (VCLK-EU-)
239	56

19 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 13.224.102.80 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-102-80.zrh50.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:e4::ac40:a60d (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:2190:2e00:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland) 1 redirects

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:2190:1000:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:821::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 63.250.56.119 (United States)

ASN41436 (CLOUDWEBMANAGE-EU, GB)

live.sekindo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 216.58.208.34 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra15s12-in-f34.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.220.240 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.52.2.48 (United States) 1 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.209.129.254 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.246.176.10 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-176-10.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.210.249.164 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-164.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:2800:233:97b6:26be:138a:cba8:bb01 (United States) 10 redirects

ASN15133 (EDGECAST, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.244.159.8 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:51e4:db4b:4436:b305 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9b (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:e800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

05271505f1376639d2adc2f31a57eb63.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:816::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.102.234 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-102-234.zrh50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:825::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.210.249.92 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-92.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (Netherlands) 2 redirects

ASN35220 (SPOTX-AMS, NL)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 185.167.96.211 (Amsterdam, Netherlands)

ASN41436 (CLOUDWEBMANAGE-EU, GB)

video.sekindo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.169.241 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-169-241.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 148.251.129.84 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.84.129.251.148.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.185.15.67 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-15-67.eu-central-1.compute.amazonaws.com

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.53.140 (Manchester, United Kingdom)

ASN54113 (FASTLY, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.157.226.170 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-226-170.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.230.142 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.229.128.207 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-128-207.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.157.252.175 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-252-175.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.194 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.0.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.102.40 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-102-40.zrh50.r.cloudfront.net

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.209.131.220 (North Bergen, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

sync.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.10 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

serverbid-sync.nyc3.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1430 (Sweden)

ASN41041 (VCLK-EU-, SE)

aol-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	sekindo.com live.sekindo.com video.sekindo.com	3 MB
36	threatpost.com threatpost.com assets.threatpost.com media.threatpost.com	737 KB
31	googlesyndication.com 05271505f1376639d2adc2f31a57eb63.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	175 KB
23	advertising.com 12 redirects adserver-us.adtech.advertising.com ads.adaptv.advertising.com pixel.advertising.com sync.adaptv.advertising.com Failed	9 KB
17	ampproject.org cdn.ampproject.org	408 KB
13	doubleclick.net 3 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	109 KB
11	adlightning.com tagan.adlightning.com	156 KB
10	google.com 4 redirects www.google.com	1 KB
8	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	292 B
8	rubiconproject.com fastlane.rubiconproject.com prebid-server.rubiconproject.com eus.rubiconproject.com	4 KB
7	openx.net 2 redirects teachingaids-d.openx.net u.openx.net eu-u.openx.net	2 KB
6	adnxs.com ib.adnxs.com acdn.adnxs.com	4 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	287 KB
5	admetricspro.com qd.admetricspro.com	175 KB
4	googleapis.com fonts.googleapis.com	3 KB
3	adsrvr.org 2 redirects match.adsrvr.org	1 KB
3	quantserve.com 1 redirects secure.quantserve.com pixel.quantserve.com	9 KB
3	casalemedia.com as-sec.casalemedia.com	3 KB
3	lijit.com 1 redirects ap.lijit.com	1 KB
2	yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	2 KB
2	bidswitch.net 1 redirects x.bidswitch.net	1016 B
2	spotxchange.com 2 redirects sync.search.spotxchange.com	1 KB
2	amazon-adsystem.com c.amazon-adsystem.com	29 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	servenobid.com ads.servenobid.com public.servenobid.com	370 B
2	serverbid.com 1 redirects e.serverbid.com sync.serverbid.com	267 B
2	google.de adservice.google.de www.google.de	281 B
1	dotomi.com aol-match.dotomi.com	104 B
1	indexww.com js-sec.indexww.com
1	digitaloceanspaces.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	reddit.com www.reddit.com	3 KB
1	linkedin.com www.linkedin.com
1	facebook.com graph.facebook.com	505 B
1	twitter.com analytics.twitter.com	652 B
1	loopme.me 1 redirects csync.loopme.me	224 B
1	t.co t.co	449 B
1	quantcount.com rules.quantcount.com	356 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googletagmanager.com www.googletagmanager.com	38 KB
1	wp.com i1.wp.com	65 B
1	gravatar.com 1 redirects secure.gravatar.com	385 B
1	kasperskycontenthub.com kasperskycontenthub.com	398 B
1	googletagservices.com www.googletagservices.com	16 KB
239	43

	Domain	Requested by
25	tpc.googlesyndication.com	tagan.adlightning.com threatpost.com cdn.ampproject.org
22	live.sekindo.com	threatpost.com live.sekindo.com
19	video.sekindo.com	threatpost.com live.sekindo.com
18	threatpost.com	threatpost.com
17	cdn.ampproject.org	threatpost.com
15	adserver-us.adtech.advertising.com	10 redirects threatpost.com
11	tagan.adlightning.com	threatpost.com tagan.adlightning.com
10	www.google.com	4 redirects threatpost.com tagan.adlightning.com
10	media.threatpost.com	threatpost.com
8	assets.threatpost.com	threatpost.com
7	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net threatpost.com
5	pixel.advertising.com	2 redirects threatpost.com
5	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
5	qd.admetricspro.com	threatpost.com
4	ads.pubmatic.com	live.sekindo.com qd.admetricspro.com
4	fonts.googleapis.com	live.sekindo.com threatpost.com
4	hbopenbid.pubmatic.com	qd.admetricspro.com live.sekindo.com
4	fastlane.rubiconproject.com	qd.admetricspro.com
4	ib.adnxs.com	qd.admetricspro.com live.sekindo.com
3	match.adsrvr.org	2 redirects
3	googleads.g.doubleclick.net	threatpost.com
3	ads.adaptv.advertising.com	live.sekindo.com
3	fonts.gstatic.com	live.sekindo.com threatpost.com
3	u.openx.net	2 redirects live.sekindo.com
3	teachingaids-d.openx.net	qd.admetricspro.com live.sekindo.com
3	as-sec.casalemedia.com	qd.admetricspro.com live.sekindo.com
3	ap.lijit.com	1 redirects qd.admetricspro.com
2	cm.g.doubleclick.net	2 redirects
2	acdn.adnxs.com	live.sekindo.com qd.admetricspro.com
2	eus.rubiconproject.com	live.sekindo.com qd.admetricspro.com
2	prebid-server.rubiconproject.com	live.sekindo.com
2	x.bidswitch.net	1 redirects threatpost.com
2	sync.search.spotxchange.com	2 redirects
2	pixel.quantserve.com	1 redirects threatpost.com
2	c.amazon-adsystem.com	live.sekindo.com c.amazon-adsystem.com
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	www.gstatic.com	www.google.com
1	aol-match.dotomi.com
1	eu-u.openx.net	qd.admetricspro.com
1	js-sec.indexww.com	qd.admetricspro.com
1	serverbid-sync.nyc3.cdn.digitaloceanspaces.com	qd.admetricspro.com
1	sync.serverbid.com	1 redirects
1	public.servenobid.com	qd.admetricspro.com
1	pr-bh.ybp.yahoo.com	threatpost.com
1	ups.analytics.yahoo.com	threatpost.com
1	www.reddit.com	threatpost.com
1	www.linkedin.com	threatpost.com
1	graph.facebook.com	threatpost.com
1	analytics.twitter.com	tagan.adlightning.com
1	csync.loopme.me	1 redirects
1	t.co	threatpost.com
1	05271505f1376639d2adc2f31a57eb63.safeframe.googlesyndication.com	tagan.adlightning.com
1	rules.quantcount.com	secure.quantserve.com
1	www.google.de	threatpost.com
1	stats.g.doubleclick.net	1 redirects
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.googletagmanager.com	threatpost.com
1	ads.servenobid.com	qd.admetricspro.com
1	e.serverbid.com	qd.admetricspro.com
1	adservice.google.de	tagan.adlightning.com
1	i1.wp.com	threatpost.com
1	secure.gravatar.com	1 redirects
1	kasperskycontenthub.com	threatpost.com
1	www.googletagservices.com	threatpost.com
0	sync.adaptv.advertising.com Failed	threatpost.com
239	66

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
security.paloaltonetworks.com
knowledgebase.paloaltonetworks.com
attendee.gotowebinar.com
akismet.com
t.co
indd.adobe.com
spotlight.threatpost.com

Subject Issuer	Validity	Valid
threatpost.com DigiCert SHA2 Secure Server CA	`2020-06-10` - `2021-06-15`	a year	crt.sh
*.adlightning.com Amazon	`2019-08-19` - `2020-09-19`	a year	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-02-04` - `2020-10-09`	8 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
assets.threatpost.com Amazon	`2020-03-04` - `2021-04-04`	a year	crt.sh
kasperskycontenthub.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2021-06-09`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
media.threatpost.com Amazon	`2020-03-04` - `2021-04-04`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
www.sekindo.com Go Daddy Secure Certificate Authority - G2	`2020-05-27` - `2022-06-18`	2 years	crt.sh
*.google.de GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
e.serverbid.com Let's Encrypt Authority X3	`2020-06-22` - `2020-09-20`	3 months	crt.sh
*.servenobid.com Amazon	`2020-03-12` - `2021-04-12`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.adtech.advertising.com DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
www.google.de GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2019-10-07` - `2020-09-29`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-03-01` - `2020-08-28`	6 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-05-14` - `2020-08-05`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2020-04-10` - `2020-10-10`	6 months	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2020-04-06` - `2020-10-03`	6 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2020-04-13` - `2021-04-14`	a year	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2020-03-11` - `2020-09-07`	6 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-05-27` - `2020-11-23`	6 months	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-06-02` - `2020-11-29`	6 months	crt.sh
*.nyc3.cdn.digitaloceanspaces.com DigiCert SHA2 Secure Server CA	`2020-03-11` - `2021-04-14`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh

This page contains 29 frames:

Primary Page: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Frame ID: 27229F2EC7CC4872A268578F1AF1AB8B
Requests: 94 HTTP requests in this frame

Frame: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593618724&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Frame ID: 864CEF3E40464999D82EA5EF1A68631D
Requests: 41 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: D442D7F590F2FA2608D0FB6F901A49F5
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: ECD41F7AC5530BD500CD452005E2DE64
Requests: 18 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Frame ID: A605045812BBA319209A8E8F03B80CDF
Requests: 1 HTTP requests in this frame

Frame: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=94&advUuid=cfc0d5ec-bbb2-11ea-98cb-1df4c96b2406
Frame ID: E0492FF6DD87C4EBF6D05A8842AF501F
Requests: 1 HTTP requests in this frame

Frame: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=98&advUuid=3aca70f8-a37c-4f08-acb2-c9d394dbb6fb
Frame ID: 6DF8E7DF185A8086F837221342A0213A
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&theme=standard&size=normal&cb=4yqcv2wqaz4i
Frame ID: CC5FA2023BB07EE1EBFBAC49615453DD
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-8ce16fa-7f9cbf32.js
Frame ID: 342F555047B6364824ED37880B4A891F
Requests: 17 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-8ce16fa-7f9cbf32.js
Frame ID: 52785E5FA7D6BD9C9685D07FC5B9A8A8
Requests: 17 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-8ce16fa-7f9cbf32.js
Frame ID: 3BC4FEF354FBDC640900660AEE4046E5
Requests: 22 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-8ce16fa-7f9cbf32.js
Frame ID: F129FE291E1EC9FE322A11955BD49209
Requests: 10 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&theme=light&size=normal&cb=mmk59yf1kule
Frame ID: FDD0C041AE56983533A6A1F2FB2B2837
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=n6zm3jbnam64
Frame ID: 0A7E3C7665126A9E025249817A991BA8
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=wzge3cqrzqr
Frame ID: 4B900DA474309ED2CE0CB339AB21F58A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: 315E96AF90D0A6E741A52C76AF3467AE
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Frame ID: 1BD82A8E67D84985381F59D22963979F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 3552BE76CDC515254DE2993FA65264C1
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: CE850F2DAA3F7C53F0DA52DB80A9E900
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 8CA5C81716CE2ACD807AFC2B2B97901E
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=
Frame ID: E5FD781A7C53843E89F9690221DB3B66
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: A3A151ABDA03FA0275D15A4399597917
Requests: 1 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: 8F252F1FFCA9BFEBE207D9AD053345E6
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 3535FFEA3724D38488A4C9279F13D12A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 0E1DCAE9945FBB13605B033B00258FAC
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437&dnr=1
Frame ID: 231AEE5ABD33751ECE59091F179FED64
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 9B8CF401602A12846D9A86961E8C4A53
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
Frame ID: 74D22D7E8C28BB83D685A52D8C8DED7D
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 11EC26DE7C6006AC82A2CD6B49CBD901
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /\/prebid\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Page Statistics

239
Requests

99 %
HTTPS

43 %
IPv6

43
Domains

66
Subdomains

56
IPs

7
Countries

4803 kB
Transfer

8836 kB
Size

8
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/CNMF_CyberAlert/status/1277674547542659074
Title: tweet

Search URL Search Domain Scan URL

URL: https://security.paloaltonetworks.com/CVE-2020-2021
Title: posted an advisory

Search URL Search Domain Scan URL

URL: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXK.
Title: details

Search URL Search Domain Scan URL

URL: https://twitter.com/Sihegee/status/1277677527943671809
Title: wrote

Search URL Search Domain Scan URL

URL: https://twitter.com/Sihegee
Title: Sihegee USA / Social

Search URL Search Domain Scan URL

URL: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXK
Title: online

Search URL Search Domain Scan URL

URL: https://attendee.gotowebinar.com/register/441045308082589963?source=art
Title: FREE webinar

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23ransomware
Title: #ransomware

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23macOS
Title: #macOS

Search URL Search Domain Scan URL

URL: https://t.co/3jPBZk8Ejo
Title: https://t.co/3jPBZk8Ejo

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost
Title: Follow @threatpost

Search URL Search Domain Scan URL

URL: https://indd.adobe.com/view/01579c19-a6ca-4cb0-8106-ed4d5d02a292
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://spotlight.threatpost.com/
Title: HackerOne Spotlight

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://secure.gravatar.com/avatar/fab896982b5c9974407bc14bd8b50b84?s=60&d=https%3A%2F%2Fkasperskycontenthub.com%2Fwp-content%2Fthemes%2Fkaspersky-root%2Fassets%2Fimages%2Favatar_default.jpg&r=g HTTP 302
https://i1.wp.com/kasperskycontenthub.com/wp-content/themes/kaspersky-root/assets/images/avatar_default.jpg?ssl=1

Request Chain 45

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=500b452bf8758ae;misc=1593618724194; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=500b452bf8758ae;misc=1593618724194 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1Acf482144-bbb2-11ea-bace-121160e138ec;cfp=1;rndc=1593618724;v=2;cmd=bid;cors=yes;alias=500b452bf8758ae;misc=1593618724194

Request Chain 46

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=5110ebaa49f2add;misc=1593618724195; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=5110ebaa49f2add;misc=1593618724195 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1Acf48bbf4-bbb2-11ea-8955-12caad116dbc;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=5110ebaa49f2add;misc=1593618724195

Request Chain 47

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=521d5c720de5fcd;misc=1593618724195; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=521d5c720de5fcd;misc=1593618724195 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1Acf48c572-bbb2-11ea-8576-12caad116dbc;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=521d5c720de5fcd;misc=1593618724195

Request Chain 48

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=53377c1e759781d;misc=1593618724195; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=53377c1e759781d;misc=1593618724195 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1Acf48e67e-bbb2-11ea-8a7a-1256e9c0edc4;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=53377c1e759781d;misc=1593618724195

Request Chain 49

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=548c9b9d4d77c85;misc=1593618724195; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=548c9b9d4d77c85;misc=1593618724195 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1Acf4636c2-bbb2-11ea-bba7-12ff01cc4d58;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=548c9b9d4d77c85;misc=1593618724195

Request Chain 76

https://www.google-analytics.com/r/collect?v=1&_v=j83&aip=1&a=1442815985&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&ul=en-us&de=UTF-8&dt=CISA%3A%20Nation-State%20Attackers%20Likely%20to%20Exploit%20Palo%20Alto%20Networks%20Bug%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=1591018421&gjid=340859967&cid=1924463279.1593618725&tid=UA-35676203-21&_gid=1604028730.1593618725&_r=1&gtm=2wg6o0PM29HLF&z=1440397821 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-35676203-21&cid=1924463279.1593618725&jid=1591018421&_gid=1604028730.1593618725&gjid=340859967&_v=j83&z=1440397821 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1924463279.1593618725&jid=1591018421&_v=j83&z=1440397821 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1924463279.1593618725&jid=1591018421&_v=j83&z=1440397821&slf_rd=1&random=3707279638

Request Chain 88

https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=cfc0d639-bbb2-11ea-98cb-1df4c96b2406 HTTP 302
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=94&advUuid=cfc0d5ec-bbb2-11ea-98cb-1df4c96b2406

Request Chain 89

https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D98%26advUuid%3D HTTP 302
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=98&advUuid=3aca70f8-a37c-4f08-acb2-c9d394dbb6fb

Request Chain 101

https://x.bidswitch.net/sync?ssp=sekindo&user_id=5efcb1246aea7&custom_data=5efcb1246aea7&gdpr=1&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5efcb1246aea7&custom_data=5efcb1246aea7&gdpr=1&gdpr_consent=

Request Chain 102

https://csync.loopme.me/?redirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D HTTP 307
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=155851cf-87cd-450a-81c4-54eff13ca4c9

Request Chain 181

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 182

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 183

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 210

https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent= HTTP 302
https://u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=

Request Chain 211

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://pixel.advertising.com/ups/55953/sync?uid=9f032fca-0dba-42f2-8098-51c9289794c5&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=9f032fca-0dba-42f2-8098-51c9289794c5

Request Chain 212

https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm=&google_sc=&google_tc= HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEGmmmo4wXzmdhrkVAhOD37k&google_cver=1 HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEGmmmo4wXzmdhrkVAhOD37k&google_cver=1&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEGmmmo4wXzmdhrkVAhOD37k&google_cver=1&apid=UPd10e7602-bbb2-11ea-ac49-06e43d3d11ac

Request Chain 213

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D&_test=XvyxJwAAAE3FBVvC HTTP 302
https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XvyxJwAAAE3FBVvC&_test=XvyxJwAAAE3FBVvC HTTP 302
https://sync.adaptv.advertising.com/sync?type=gif&key=tubemogul&uid=XvyxJwAAAE3FBVvC&_test=XvyxJwAAAE3FBVvC

Request Chain 218

https://sync.serverbid.com/ss/2000891.html HTTP 302
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Request Chain 221

https://ap.lijit.com/beacon?informer=13394437 HTTP 302
https://ap.lijit.com/beacon?informer=13394437&dnr=1

Request Chain 226

https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=8HzFNacokWHoLZA18iiOZ_V6xTTofZA3_Ct-IVro

239 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/ 78 KB
20 KB 625ms
238ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

a7213d6ac0897a013c62166427162431d2e38ec47fabde973146afdc0efeb367

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatpost.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 01 Jul 2020 15:52:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/?p=157013>; rel=shortlink
X-Frame-Options: SAMEORIGIN
X-Debug-Auth: off
X-Request-Host: threatpost.com
x-cache-hit: HIT
Content-Encoding: gzip

GET
H/1.1 200
OK main.css
threatpost.com/wp-content/themes/threatpost-2018/assets/css/ 236 KB
36 KB 394ms
140ms Stylesheet
text/css 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7d9944f6f4e2d0330ca2a9d758a404fdca5937f4a0ddf939247ca3505f9f0bbc

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:03 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: W/"5ef99b7d-3b1cb"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 08 Jul 2020 15:52:03 GMT

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 32 KB
12 KB 143ms
49ms Script
application/javascript 13.224.102.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-80.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 812649c7f263402f7c65977e5f76c1d802d58633076d0f8379cc081acc923252

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:38:19 GMT
content-encoding: gzip
age: 825
x-cache: Hit from cloudfront
status: 200
content-length: 11900
x-amz-meta-git_commit: 8ce16fa
last-modified: Tue, 30 Jun 2020 22:41:50 GMT
server: AmazonS3
etag: "84023d8beb851dc80e791c385eea477c"
x-amz-version-id: lMzqWte._qFWN5YvPiLoScr3wKAjeWE5
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: FDFTATVMthAlH8K3dTrElBVRBTbjETDM4cAvx2y-qsm1GVPtvFwEOw==

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 19 KB
3 KB 44ms
18ms Script
application/javascript 2606:4700:e4::ac40:a60d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a60d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 482029b5f5f08818d7e14279dd72eb1f23e01c415bb43635776d139b36e4551b

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:03 GMT
content-encoding: br
cf-cache-status: HIT
age: 117
status: 200
cf-request-id: 03acad0a100000649def2f8200000001
last-modified: Mon, 15 Jun 2020 18:57:17 GMT
server: cloudflare
etag: W/"4c51-5a823fee24e3a-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5ac14abceba0649d-FRA
expires: Wed, 01 Jul 2020 15:50:44 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 49 KB
16 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

beb618486515329792ad1bdfe768ad1b73ca49a9953d54422809ded6537db495

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "557 / 191 of 1000 / last-modified: 1593546056"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 16551
x-xss-protection: 0
expires: Wed, 01 Jul 2020 15:52:03 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 218 KB
61 KB 56ms
31ms Script
application/javascript 2606:4700:e4::ac40:a60d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a60d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aaf45a172ec90c76bcecd61c68d998c2256fe9b1700371e80011d1161c5ab629

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:03 GMT
content-encoding: br
cf-cache-status: HIT
age: 178
status: 200
cf-request-id: 03acad0a100000649def2f9200000001
last-modified: Fri, 27 Sep 2019 21:07:46 GMT
server: cloudflare
etag: W/"367ba-5938f47194c80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5ac14abceba1649d-FRA
expires: Wed, 01 Jul 2020 15:55:17 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 275 B
237 B 45ms
20ms Script
application/javascript 2606:4700:e4::ac40:a60d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a60d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:03 GMT
content-encoding: br
cf-cache-status: HIT
age: 178
status: 200
cf-request-id: 03acad0a100000649def2fa200000001
last-modified: Sat, 08 Feb 2020 20:49:18 GMT
server: cloudflare
etag: W/"113-59e16a3cfb471-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5ac14abceba2649d-FRA
expires: Wed, 01 Jul 2020 15:55:17 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 341 KB
99 KB 47ms
23ms Script
application/javascript 2606:4700:e4::ac40:a60d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a60d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbca6fe6f2b8dbe341cd5b5a3e26f6df0d3d8820478ba173dcedf1a4279659b2

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:03 GMT
content-encoding: br
cf-cache-status: HIT
age: 178
status: 200
cf-request-id: 03acad0a100000649def2fb200000001
last-modified: Tue, 26 May 2020 21:20:08 GMT
server: cloudflare
etag: W/"55498-5a693a8f41e90-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5ac14abceba4649d-FRA
expires: Wed, 01 Jul 2020 15:52:07 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 16 KB
12 KB 44ms
19ms Script
application/javascript 2606:4700:e4::ac40:a60d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a60d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bcf391dd0b006a87698ac0894d71039d610480913d24fcdaa1f2fdeeeda943e3

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:03 GMT
content-encoding: br
cf-cache-status: HIT
age: 178
status: 200
cf-request-id: 03acad0a100000649def2fc200000001
last-modified: Sun, 24 Nov 2019 00:06:08 GMT
server: cloudflare
etag: W/"41f6-5980c69fe949d-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5ac14abceba5649d-FRA
expires: Wed, 01 Jul 2020 15:55:17 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 89 KB
18 KB 663ms
523ms Stylesheet
text/css 2600:9000:2190:2e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=b0ee8769

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2190:2e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

15e9840f31982980328598c38e5c60434072901f2c902713ef9c4d4900e05307

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:03 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 18049
x-cache-hit: HIT
last-modified: Mon, 29 Jun 2020 07:42:52 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 0baaefd2451e4f0e2d5ea55eb90f4a1a.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: _dsu3syNeDLf9yxHd2-mu88Gxrjbuz_fiZoeSLePzK1AKH_dkL4mkg==
expires: Thu, 02 Jul 2020 12:41:33 GMT

GET
H/1.1 200
OK jquery.js Show response
threatpost.com/wp-includes/js/jquery/ 95 KB
37 KB 394ms
136ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Jun 2020 22:05:38 GMT
Server: nginx
ETag: W/"5ee15932-17a69"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 08 Jul 2020 15:52:03 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 175 KB
55 KB 662ms
523ms Script
application/x-javascript 2600:9000:2190:2e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/themes/threatpost-2018/assets/js/main.js,wp-content/themes/threatpost-2018/assets/js/loadmore.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=b0ee8769

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2190:2e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3dbd06bf1d690a4c0fcbfcd77c26a032558b9f9698bb7261191bfb19656bf8ca

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:03 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 55954
x-cache-hit: HIT
last-modified: Mon, 29 Jun 2020 07:42:54 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 0baaefd2451e4f0e2d5ea55eb90f4a1a.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: FrvEkLcgyQKtabM7X4zUmlImjhEjJUd-JjkzX7uIUQ1uX0OXUhB2cw==
expires: Thu, 02 Jul 2020 12:41:34 GMT

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
398 B 513ms
125ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=1749140930&back=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:03 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: HIT
Transfer-Encoding: chunked
X-Debug-Auth: off
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Request-Host: kasperskycontenthub.com
X-XSS-Protection: 1; mode=block

GET
H2

404

avatar_default.jpg
i1.wp.com/kasperskycontenthub.com/wp-content/themes/kaspersky-root/assets/images/
Redirect Chain

https://secure.gravatar.com/avatar/fab896982b5c9974407bc14bd8b50b84?s=60&d=https%3A%2F%2Fkasperskycontenthub.com%2Fwp-content%2Fthemes%2Fkaspersky-root%2Fassets%2Fimages%2Favatar_default.jpg&r=g
https://i1.wp.com/kasperskycontenthub.com/wp-content/themes/kaspersky-root/assets/images/avatar_default.jpg?ssl=1

65 B
65 B

478ms
394ms

Image
text/html

192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i1.wp.com/kasperskycontenthub.com/wp-content/themes/kaspersky-root/assets/images/avatar_default.jpg?ssl=1
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i0.wp.com
Software: nginx /
Resource Hash: 3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 404
x-nc: EXPIRED fra 4
date: Wed, 01 Jul 2020 15:52:04 GMT
server: nginx
content-type: text/html; charset=utf-8

Redirect headers

x-nc: HIT ams 4
date: Wed, 01 Jul 2020 15:52:04 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
status: 302
content-type: text/html; charset=utf-8
location: https://i1.wp.com/kasperskycontenthub.com/wp-content/themes/kaspersky-root/assets/images/avatar_default.jpg?ssl=1
cache-control: max-age=300
link: <https://www.gravatar.com/avatar/fab896982b5c9974407bc14bd8b50b84?s=60&d=https%3A%2F%2Fkasperskycontenthub.com%2Fwp-content%2Fthemes%2Fkaspersky-root%2Fassets%2Fimages%2Favatar_default.jpg&r=g>; rel="canonical"
content-length: 0
expires: Wed, 01 Jul 2020 15:57:04 GMT

GET
H2 200 54.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2018/12/21152821/ 97 KB
98 KB 199ms
62ms Image
image/jpeg 2600:9000:2190:1000:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/12/21152821/54.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:1000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89529fd41588e00eaa29e53f8d7cf97ea95d1a95e1ae0ed15a0f408d3c4bc99e

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 26 Mar 2020 15:05:19 GMT
via: 1.1 1d32f672764a20290d04a16248d04c57.cloudfront.net (CloudFront), 1.1 a06cb72e779e366fcd004926eacd5b85.cloudfront.net (CloudFront)
last-modified: Fri, 21 Dec 2018 20:28:22 GMT
server: AmazonS3
age: 8383606
etag: "21704af6cc37220871cb014651d78bfe"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, ZRH50-C1
accept-ranges: bytes
content-length: 99764
x-amz-cf-id: qhbtBgLhzuUoxIa5V_TzA0pPzY0lfqi820qTZVEJiHN9gH5r16CtDw==
expires: Sat, 21 Dec 2019 20:28:21 GMT

GET
H2 200 subscribe2.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/ 8 KB
9 KB 151ms
14ms Image
image/jpeg 2600:9000:2190:1000:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:1000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 06:22:32 GMT
via: 1.1 7ce1191b390045e05b9cc74f7514b77b.cloudfront.net (CloudFront), 1.1 a06cb72e779e366fcd004926eacd5b85.cloudfront.net (CloudFront)
last-modified: Tue, 19 Feb 2019 20:14:58 GMT
server: AmazonS3
age: 11870973
etag: "5ba45563f793f39ef6baf02645651654"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, ZRH50-C1
accept-ranges: bytes
content-length: 8281
x-amz-cf-id: i8fGnTnwuBb9oN4OrAFzlff-dEGPTlnFlerbhse7s7opeCFH0Sf85A==
expires: Wed, 19 Feb 2020 20:14:57 GMT

GET
H2 200 microsoft-1-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/11/20113610/ 45 KB
46 KB 202ms
65ms Image
image/jpeg 2600:9000:2190:1000:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/11/20113610/microsoft-1-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:1000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0549b0601c73844ffc7309eeb465b637435e19adbda520ec06e3344c85b76c38

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 08:53:09 GMT
via: 1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront), 1.1 a06cb72e779e366fcd004926eacd5b85.cloudfront.net (CloudFront)
last-modified: Wed, 20 Nov 2019 16:36:13 GMT
server: AmazonS3
age: 12639536
etag: "0d254014ee8f808529128224b9f18eec"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, ZRH50-C1
accept-ranges: bytes
content-length: 46422
x-amz-cf-id: 1N75_bhlj0LW9acA1PtLLwehDVSuKuwOkGtsV9OfSTMnQbQLS8GQ_A==
expires: Thu, 19 Nov 2020 16:36:10 GMT

GET
H2 200 nvidia-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/03/02145658/ 42 KB
42 KB 165ms
28ms Image
image/jpeg 2600:9000:2190:1000:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/02145658/nvidia-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:1000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8e66df0ecc185c710504c83f49193ca71fe1fbdbbb3ae079e0db2844214e6c3d

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Jun 2020 14:45:07 GMT
via: 1.1 efed2d5ffeb697060f4a3aa73bdf068f.cloudfront.net (CloudFront), 1.1 a06cb72e779e366fcd004926eacd5b85.cloudfront.net (CloudFront)
last-modified: Mon, 02 Mar 2020 19:57:01 GMT
server: AmazonS3
age: 522417
etag: "56dc7bc4817a85d4b0f93ef0641c8156"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, ZRH50-C1
accept-ranges: bytes
content-length: 42832
x-amz-cf-id: DsavlqickidVtloPaJ4xK83tY5GjuQ9IgJ_F1W-ylfZ0afZIj1WEPA==
expires: Tue, 02 Mar 2021 19:56:58 GMT

GET
H2 200 new-normal-phishing-scam-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/06/25085723/ 23 KB
23 KB 156ms
19ms Image
image/jpeg 2600:9000:2190:1000:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/06/25085723/new-normal-phishing-scam-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:1000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c31e7f192284add069d9a3048217b82593e24ad90ca536f79896692f1ed44eda

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Jun 2020 13:11:54 GMT
via: 1.1 7419ebe6dc61a036c7f081375facfd52.cloudfront.net (CloudFront), 1.1 a06cb72e779e366fcd004926eacd5b85.cloudfront.net (CloudFront)
last-modified: Thu, 25 Jun 2020 12:57:27 GMT
server: AmazonS3
age: 528011
etag: "e087d25064c8cf69a477109c538fdec2"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, ZRH50-C1
accept-ranges: bytes
content-length: 23313
x-amz-cf-id: 9jRx7vuZSIrc7OwgT0G_k0ZFozDU6xPTXXju61OfWRzTMpYmLnHuJw==
expires: Fri, 25 Jun 2021 12:57:26 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 674 B
537 B 18ms
18ms Script
text/javascript 2a00:1450:4001:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cc15c325492dd5972c007635108f190eb6c75025e75c89d6b006ca7aeb4278a3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 446
x-xss-protection: 1; mode=block
expires: Wed, 01 Jul 2020 15:52:04 GMT

GET
H2 200 work-from-home-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/03/13163335/ 2 KB
2 KB 170ms
34ms Image
image/jpeg 2600:9000:2190:1000:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/13163335/work-from-home-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:1000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3435531b595fb1b2b529346e1df8c979a1fd727f56ea8c0d792316035440cac5

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 20:00:09 GMT
via: 1.1 b454a0b154ae18408006bc2a9abd88ec.cloudfront.net (CloudFront), 1.1 a06cb72e779e366fcd004926eacd5b85.cloudfront.net (CloudFront)
last-modified: Fri, 13 Mar 2020 20:33:52 GMT
server: AmazonS3
age: 1799516
etag: "fd4942a0704785b24b44d177f4a57d86"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, ZRH50-C1
accept-ranges: bytes
content-length: 2098
x-amz-cf-id: keHWK5KF09Or2TJd9zfR27zZknnuPU9TW6EMonG6wp6ufsQQiUZ4lQ==
expires: Sat, 13 Mar 2021 20:33:49 GMT

GET
H2 200 36c3-fake-emails-featured-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/01/31170549/ 2 KB
2 KB 56ms
55ms Image
image/jpeg 2600:9000:2190:1000:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/01/31170549/36c3-fake-emails-featured-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:1000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1f152c8879492dd153cf7a47ad195151e20491e60985d86f9ef7a7ddc85062f6

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Jun 2020 17:25:36 GMT
via: 1.1 5755f825ee6ab59b8a6349608c249e4e.cloudfront.net (CloudFront), 1.1 a06cb72e779e366fcd004926eacd5b85.cloudfront.net (CloudFront)
last-modified: Fri, 31 Jan 2020 22:05:52 GMT
server: AmazonS3
age: 2327189
etag: "62a0a00cafda215547f47f6b6f52bdce"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, ZRH50-C1
accept-ranges: bytes
content-length: 1665
x-amz-cf-id: YOVMGrkncedCjn7lP2pEEypNqBBO8lyEx1ZGc7i89xtq3VqzeHSq-w==
expires: Sat, 30 Jan 2021 22:05:49 GMT

GET
H2 200 ai-safety-featured-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/06/08121133/ 2 KB
2 KB 56ms
55ms Image
image/jpeg 2600:9000:2190:1000:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/08121133/ai-safety-featured-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:1000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5d363c974cd81869ce3fd8d76a06f12b273be51cb358a9a85c21d157eedde824

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 21 May 2020 19:01:41 GMT
via: 1.1 e3666efb6956ba7f03c75c3401b8c79e.cloudfront.net (CloudFront), 1.1 a06cb72e779e366fcd004926eacd5b85.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jul 2018 02:40:26 GMT
server: AmazonS3
age: 3531024
etag: "29cb0a26bc7f2d80110ca80691f44ecd"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, ZRH50-C1
accept-ranges: bytes
content-length: 2089
x-amz-cf-id: 6FyMpxYQVaNRh78g_uSNisCc18QYWBgXecBdTe7XR7ueKaga5PEEPA==
expires: Wed, 03 Jul 2019 02:40:23 GMT

GET
H2 200 microsoft-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/01/22095352/ 2 KB
3 KB 57ms
56ms Image
image/jpeg 2600:9000:2190:1000:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/01/22095352/microsoft-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:1000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcaa21df70fd10c5a594ac5996411eb517750a210903adaa56dc097d5936dc9e

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 19 May 2020 20:38:28 GMT
via: 1.1 8b5bc0831e6dab612582614c3009efa7.cloudfront.net (CloudFront), 1.1 a06cb72e779e366fcd004926eacd5b85.cloudfront.net (CloudFront)
last-modified: Wed, 22 Jan 2020 14:53:54 GMT
server: AmazonS3
age: 3698017
etag: "872d8d15e18da7498f683a1a4b3d2477"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, ZRH50-C1
accept-ranges: bytes
content-length: 2145
x-amz-cf-id: vmRarX7r9oQHrTNneJr6cPsvNnH0p2FMfvVX3QoMH-KMoujEvY7c7w==
expires: Thu, 21 Jan 2021 14:53:52 GMT

GET
H2 200 forcepoint-vpn-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2019/09/20105955/ 2 KB
2 KB 57ms
56ms Image
image/jpeg 2600:9000:2190:1000:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/09/20105955/forcepoint-vpn-64x64.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:1000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 22bce61f4ab1cabf0df284f75cf064654e2c82fd992de9b8bd951f3bb43a87ca

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 04 May 2020 16:08:55 GMT
via: 1.1 befe3b8553d90339ecf78e5d7cefa60b.cloudfront.net (CloudFront), 1.1 a06cb72e779e366fcd004926eacd5b85.cloudfront.net (CloudFront)
last-modified: Fri, 20 Sep 2019 14:59:58 GMT
server: AmazonS3
age: 5010190
etag: "f99bca485823b84c6c1ecf501c34469c"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, ZRH50-C1
accept-ranges: bytes
content-length: 1822
x-amz-cf-id: 454GIJtR2a7U_G4ymgdE95iJNwwEBIph6qtpLv22Z79GgcX3BM-F5w==
expires: Sat, 19 Sep 2020 14:59:55 GMT

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ 28 KB
8 KB 167ms
45ms Script
text/javascript 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e2f8b708c55fa2936245783c3a4d21913bbbce72a5e67b139668ed09a40fb5ce

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:04 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/javascript; charset=utf-8

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 399ms
394ms Script
application/x-javascript 2600:9000:2190:2e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/jquery.json.min.js&ver=b0ee8769

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2190:2e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:04 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 926
x-cache-hit: HIT
last-modified: Mon, 29 Jun 2020 07:42:50 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 0baaefd2451e4f0e2d5ea55eb90f4a1a.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: lA_CiHwTgHm8eClnOumv5qPW_o2pI7KJ8KN8toInqNkUX0Q6KyJciA==
expires: Thu, 02 Jul 2020 12:41:44 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 34 KB
12 KB 899ms
143ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.4.17.15
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:50 GMT
Server: nginx
ETag: W/"5ef99b7a-88c2"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 08 Jul 2020 15:52:05 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 7 KB
3 KB 298ms
293ms Script
application/x-javascript 2600:9000:2190:2e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/conditional_logic.min.js&ver=b0ee8769

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2190:2e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:04 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 2685
x-cache-hit: HIT
last-modified: Mon, 29 Jun 2020 07:42:50 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 0baaefd2451e4f0e2d5ea55eb90f4a1a.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: 6kwd8m1QizO-zblobEYQI2TdbOj9asXTXJjq_1ZnSA8wQs5Zpet2xg==
expires: Thu, 02 Jul 2020 12:41:34 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 5 KB
2 KB 401ms
397ms Script
application/x-javascript 2600:9000:2190:2e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/placeholders.jquery.min.js&ver=b0ee8769

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2190:2e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:04 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 1747
x-cache-hit: HIT
last-modified: Mon, 29 Jun 2020 07:42:50 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 0baaefd2451e4f0e2d5ea55eb90f4a1a.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: cCFfI_ok6n52kWI6JWUHOkUQtbT0ZBekPEc9SYyU9IuopD97S7uv0w==
expires: Thu, 02 Jul 2020 12:41:34 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 676 B
516 B 19ms
14ms Script
text/javascript 2a00:1450:4001:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=5.4.2

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ad237fb737d307f25e314306d8ef8ebddb21d9e56b8521ca9eb89f52883f3bca

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 447
x-xss-protection: 1; mode=block
expires: Wed, 01 Jul 2020 15:52:04 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 279ms
275ms Script
application/x-javascript 2600:9000:2190:2e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/js/wp-embed.min.js,wp-content/plugins/akismet/_inc/form.js&ver=b0ee8769

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2190:2e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

21e46fe44c6929876f5a413c843ae516c0ddfd1aad3e8e33446b7bc0a6781b08

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:04 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 973
x-cache-hit: HIT
last-modified: Wed, 10 Jun 2020 22:05:38 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 0baaefd2451e4f0e2d5ea55eb90f4a1a.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: 31Uj3Mx4qLYntlED1tLRpHcBtuirLlqSlDStC2yCUCQMWu0phOb-Uw==
expires: Thu, 02 Jul 2020 12:41:34 GMT

GET
H2 200 b-8ce16fa.js Show response
tagan.adlightning.com/math-aids-threatpost/ 35 KB
12 KB 53ms
50ms Script
application/javascript 13.224.102.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-8ce16fa.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-80.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82778d6bab0bf693d922b290e21dc5766bc0d7dcc15fb8cbf96223449f07a662

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 21 May 2020 21:03:32 GMT
content-encoding: gzip
age: 3523713
x-cache: Hit from cloudfront
status: 200
content-length: 12279
x-amz-meta-git_commit: 8ce16fa
last-modified: Thu, 21 May 2020 20:57:10 GMT
server: AmazonS3
etag: "1ee78bd32c1d4d051f9e148b667e3f17"
x-amz-version-id: AuxBHdwSL09yrCmxb.j1gjSlW7v1d09f
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: bgLMx5H1JBIynuzfv7tfGeoOBNS26soyXfI8DdcZronz4ArXM9jHqg==

GET
H2 200 bl-8ce16fa-7f9cbf32.js Show response
tagan.adlightning.com/math-aids-threatpost/ 55 KB
16 KB 94ms
92ms Script
application/javascript 13.224.102.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-8ce16fa-7f9cbf32.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-80.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bb983e6afb7b5e90c39046653f93498b063d17a8e33bb8c36455ba7fc7d6a77d

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 00:34:20 GMT
content-encoding: gzip
age: 55065
x-cache: Hit from cloudfront
status: 200
content-length: 16277
x-amz-meta-git_commit: 8ce16fa
last-modified: Tue, 30 Jun 2020 22:41:32 GMT
server: AmazonS3
etag: "ca18b721a9af873068b23589b829a423"
x-amz-version-id: S5rqC6_yIBlseGVI6HZt5MbHjXmNCLag
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: _8ktu3LHBAT_Q4cxjpdN5mJHEmMbT_fWIF2MLCRu0RzEX_u8isY51w==

GET
H2 200 pubads_impl_2020062502.js Show response
securepubads.g.doubleclick.net/gpt/ 249 KB
89 KB 146ms
68ms Script
text/javascript 216.58.208.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020062502.js?21066628

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s12-in-f34.1e100.net

Software

sffe /

Resource Hash

4a48100236e192a9045a10da91c4bc15ed2b0bb7c414bc047ccb96d95e5ec2a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 01 Jul 2020 15:52:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 29 Jun 2020 17:09:20 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 90389
x-xss-protection: 0
expires: Wed, 01 Jul 2020 15:52:03 GMT

GET
H2 200 integrator.sync.js Show response
adservice.google.de/adsid/ 113 B
175 B 21ms
14ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.sync.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 15:52:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 108
x-xss-protection: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 373 B
1 KB 180ms
86ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

921c4c65ae7c9b41fd4a470a9b51dfbfa38514df2188e2fdd18cc42463e37e07

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:06 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 717.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.248:80
AN-X-Request-Uuid: 83e4a61b-5ad5-4f2e-8b43-3a6aa365ef1e
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 373
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 47 B
723 B 224ms
126ms XHR
application/json 216.52.2.48
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.20.0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: cb1439760d337210dceb00cca241a48c8ca7ee237294fbf59ab7e44cb60a8488

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 65

POST
H2 200 v2 Show response
e.serverbid.com/api/ 16 B
168 B 416ms
134ms XHR
application/json 134.209.129.254
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.209.129.254 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Wed, 01 Jul 2020 15:52:04 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com
content-length: 16
vary: Origin
content-type: application/json

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 376 B
1 KB 198ms
100ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

8945d882d99d71bf92ff71afca288918e7babf0d7acbea7904a2c9de0d6b7202

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:06 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 717.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.139:80
AN-X-Request-Uuid: de5cd10f-6f4c-4528-9298-97c143248d92
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 376
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 adreq Show response
ads.servenobid.com/ 109 B
370 B 176ms
58ms XHR
application/json 54.246.176.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=7105
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.176.10 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-176-10.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b46833e000883afdf83e3e9f21c101071354a7ff7207fbf3ba186033bb9deea5

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 01 Jul 2020 15:52:04 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
status: 200
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
access-control-allow-credentials: true

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 25 B
988 B 309ms
212ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=438654&v=7.2&r=%7B%22id%22%3A%2223a32cb933b18a8%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22241103d81bae644%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2225e4db3aade8052%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%222650e6574a7d9e5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2a894a543ce8896d0b9946476de968c9ffa165fed8ed49ee1a88d13d1cb1214f

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:04 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 45
Expires: Wed, 01 Jul 2020 15:52:04 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 306 B
784 B 376ms
65ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&tk_flint=pbjs_lite_v3.20.0&x_source.tid=8e2f3860-d414-41e3-b1c3-2cd176bd9044&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.6376785101073927
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: f0d8c50bb5f6d84cf903f052203e39a5eeba09469d08552d3ed5a68129bad418

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:04 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 306
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 284 B
762 B 366ms
54ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&tk_flint=pbjs_lite_v3.20.0&x_source.tid=a76a5f3d-6b24-40fb-839a-e084e1b6f317&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.36826710037281907
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 94d8c8ef61b60ecad4cde684981ab48487c9fda040764ab489180eeeb4d2f6c9

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:04 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 284
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 304 B
782 B 378ms
60ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&tk_flint=pbjs_lite_v3.20.0&x_source.tid=c98ba92c-6d70-432c-ab4d-787d41ba80a4&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7818656215968105
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: b8eee12b83e27a25bfa6a40f536b25ea815c05726a7ddc2651b3feedf3e00634

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:04 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 304
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 304 B
782 B 394ms
64ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&tk_flint=pbjs_lite_v3.20.0&x_source.tid=c98ba92c-6d70-432c-ab4d-787d41ba80a4&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.24743350279662857
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 2ea89ed02bb4ead2b9e9736bc86f36b1f666333c6dd6f3a46f5beb09309ff119

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:04 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 304
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2

200

ADTECH;apid=1Acf482144-bbb2-11ea-bace-121160e138ec;cfp=1;rndc=1593618724;v=2;cmd=bid;cors=yes;alias=500b452bf8758ae;misc=1593618724194 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=500b452bf8758ae;misc=1593618724194;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=500b452bf8758ae;misc=1593618724194
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1Acf482144-bbb2-11ea-bace-121160e138ec;cfp=1;rndc=1593618724;v=2;cmd=bid;cors=yes;alias=500b452bf8758ae;misc=15...

945 B
1 KB

155ms
154ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1Acf482144-bbb2-11ea-bace-121160e138ec;cfp=1;rndc=1593618724;v=2;cmd=bid;cors=yes;alias=500b452bf8758ae;misc=1593618724194
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 97c269084807bedb7f6b324ae3f0fbb5c0780dfacc24b7c38bf49bff5baa4be4

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1Acf482144-bbb2-11ea-bace-121160e138ec;cfp=1;rndc=1593618724;v=2;cmd=bid;cors=yes;alias=500b452bf8758ae;misc=1593618724194
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1Acf48bbf4-bbb2-11ea-8955-12caad116dbc;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=5110ebaa49f2add;misc=1593618724195 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=5110ebaa49f2add;misc=1593618724195;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=5110ebaa49f2add;misc=1593618724195
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1Acf48bbf4-bbb2-11ea-8955-12caad116dbc;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=5110ebaa49f2add;misc=15...

944 B
1 KB

160ms
159ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1Acf48bbf4-bbb2-11ea-8955-12caad116dbc;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=5110ebaa49f2add;misc=1593618724195
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: d649c8e94e31186ba76150b3ccce8a2b6cf3c0365c93c3ee0e068ef1f41727d9

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1Acf48bbf4-bbb2-11ea-8955-12caad116dbc;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=5110ebaa49f2add;misc=1593618724195
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1Acf48c572-bbb2-11ea-8576-12caad116dbc;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=521d5c720de5fcd;misc=1593618724195 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=521d5c720de5fcd;misc=1593618724195;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=521d5c720de5fcd;misc=1593618724195
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1Acf48c572-bbb2-11ea-8576-12caad116dbc;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=521d5c720de5fcd;misc=15...

945 B
1 KB

158ms
157ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1Acf48c572-bbb2-11ea-8576-12caad116dbc;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=521d5c720de5fcd;misc=1593618724195
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 869bcc98c8eb543a84b385d71ede9b0bbb4cc0cce80d8eb42f49c963b861b9df

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1Acf48c572-bbb2-11ea-8576-12caad116dbc;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=521d5c720de5fcd;misc=1593618724195
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1Acf48e67e-bbb2-11ea-8a7a-1256e9c0edc4;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=53377c1e759781d;misc=1593618724195 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=53377c1e759781d;misc=1593618724195;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=53377c1e759781d;misc=1593618724195
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1Acf48e67e-bbb2-11ea-8a7a-1256e9c0edc4;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=53377c1e759781d;misc=15...

945 B
1 KB

156ms
155ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1Acf48e67e-bbb2-11ea-8a7a-1256e9c0edc4;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=53377c1e759781d;misc=1593618724195
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 282363389dcd2c5897c10116b901468f4a22c45ec583b5a101b9e095616a1671

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1Acf48e67e-bbb2-11ea-8a7a-1256e9c0edc4;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=53377c1e759781d;misc=1593618724195
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1Acf4636c2-bbb2-11ea-bba7-12ff01cc4d58;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=548c9b9d4d77c85;misc=1593618724195 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=548c9b9d4d77c85;misc=1593618724195;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=548c9b9d4d77c85;misc=1593618724195
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1Acf4636c2-bbb2-11ea-bba7-12ff01cc4d58;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=548c9b9d4d77c85;misc=15...

944 B
1 KB

162ms
161ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1Acf4636c2-bbb2-11ea-bba7-12ff01cc4d58;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=548c9b9d4d77c85;misc=1593618724195
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 148b7ec7bcb471dad88aef4e94633559325b2da576127dae4deffdbaaeba0bf2

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1Acf4636c2-bbb2-11ea-bba7-12ff01cc4d58;cfp=1;rndc=1593618723;v=2;cmd=bid;cors=yes;alias=548c9b9d4d77c85;misc=1593618724195
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
115 B 227ms
130ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 01 Jul 2020 15:52:04 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

GET
H2 200 arj Show response
teachingaids-d.openx.net/w/1.0/ 174 B
559 B 225ms
167ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=8e2f3860-d414-41e3-b1c3-2cd176bd9044%2C8e2f3860-d414-41e3-b1c3-2cd176bd9044%2Ca76a5f3d-6b24-40fb-839a-e084e1b6f317%2Cc98ba92c-6d70-432c-ab4d-787d41ba80a4%2Cc98ba92c-6d70-432c-ab4d-787d41ba80a4&nocache=1593618724200&pubcid=1ec3a911-46bd-480c-b201-97181cb4c613&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divIds=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.188.2 /
Resource Hash: 40be03c3074a1bcff5edd01cc83b95ad13ff177fd71e95b064393240c57c3a5b

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
content-encoding: gzip
server: OXGW/16.188.2
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
38 KB 25ms
25ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

eaa2af9d37f1a0f33802e3b6293e263e71eaaa7ea18af8e95e77f3ff6497d54c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:04 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39133
x-xss-protection: 0
last-modified: Wed, 01 Jul 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 01 Jul 2020 15:52:04 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 11 KB
4 KB 391ms
143ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:52 GMT
Server: nginx
ETag: W/"5ef99b7c-2b9f"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 08 Jul 2020 15:52:05 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 11 KB
4 KB 395ms
130ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: W/"5ef99b7d-2b9f"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 08 Jul 2020 15:52:05 GMT

GET
H/1.1 200
OK logo.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 402ms
238ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:52 GMT
Server: nginx
ETag: "5ef99b7c-4a32"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 18994
Expires: Wed, 08 Jul 2020 15:52:04 GMT

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 383ms
156ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: "5ef99b7d-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20920
Expires: Thu, 01 Jul 2021 15:52:04 GMT

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 474ms
237ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:52 GMT
Server: nginx
ETag: "5ef99b7c-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20900
Expires: Thu, 01 Jul 2021 15:52:04 GMT

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 475ms
232ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:52 GMT
Server: nginx
ETag: "5ef99b7c-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20680
Expires: Thu, 01 Jul 2021 15:52:04 GMT

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 387ms
142ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: "5ef99b7d-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20884
Expires: Thu, 01 Jul 2021 15:52:04 GMT

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 476ms
229ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:52 GMT
Server: nginx
ETag: "5ef99b7c-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 15820
Expires: Thu, 01 Jul 2021 15:52:04 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/NMoy4HgGiLr5NAQaEQa2ho8X/ 323 KB
127 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/NMoy4HgGiLr5NAQaEQa2ho8X/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1533bc39e2dd8ede3893909d6f42760e0598d075951447afe88158e57b0961a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 16:39:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Jun 2020 20:56:25 GMT
server: sffe
age: 688352
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 129939
x-xss-protection: 0
expires: Wed, 23 Jun 2021 16:39:32 GMT

GET
H/1.1 200
OK mail-plane-light.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
722 B 757ms
143ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: W/"5ef99b7d-33c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 08 Jul 2020 15:52:05 GMT

GET
H/1.1 200
OK twitter-blue.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
847 B 757ms
146ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: W/"5ef99b7d-364"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 08 Jul 2020 15:52:05 GMT

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame 864C 2 KB
1 KB 44ms
43ms Script
text/javascript 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593618724&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: dee545213f27b4952a48255c1604d6e51c9049bceb67b5ad3b626eafeb0b326b

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:03 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/javascript; charset=utf-8

GET
H/1.1 200
OK mail-plane-large-dark.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
722 B 809ms
126ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:52 GMT
Server: nginx
ETag: W/"5ef99b7c-32c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Wed, 08 Jul 2020 15:52:05 GMT

GET
H/1.1 200
OK logo-white.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 548ms
130ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:05 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: "5ef99b7d-260a"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 9738
Expires: Wed, 08 Jul 2020 15:52:05 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:825::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 2187
date: Wed, 01 Jul 2020 15:15:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Wed, 01 Jul 2020 17:15:37 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
8 KB 25ms
25ms Script
application/x-javascript 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.quantserve.com/quant.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e6e50fd1047f835e02b1b4140c8a63062dff27f25906501694c4829624150955

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:04 GMT
content-encoding: gzip
last-modified: Wed, 01-Jul-2020 15:52:04 GMT
etag: M0-4cca824e
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: private, no-transform, max-age=604800
strict-transport-security: max-age=86400
content-length: 8082
expires: Wed, 08 Jul 2020 15:52:04 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 135ms
64ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:04 GMT
content-encoding: gzip
age: 56913
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-fra19149-FRA
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1593618725.627760,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H/1.1 200
OK iab_consent_sdk.v1.0.js Show response
live.sekindo.com/content/ClientDetections/ Frame 864C 19 KB
6 KB 44ms
40ms Script
application/javascript 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593618724&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 12 Feb 2020 15:01:36 GMT
Server: nginx
ETag: W/"5e441350-4be0"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Thu, 01 Jul 2021 15:52:04 GMT

GET
H/1.1 200
OK DetectGDPR2.v1.0.js Show response
live.sekindo.com/content/ClientDetections/ Frame 864C 8 KB
3 KB 113ms
68ms Script
application/javascript 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/ClientDetections/DetectGDPR2.v1.0.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593618724&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: ace61d80f3fe90bbb02ab328d9705b57a9c8a95d3a0bf6b4cd510d4dacd033df

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Content-Encoding: gzip
Last-Modified: Sun, 26 Jan 2020 18:48:12 GMT
Server: nginx
ETag: W/"5e2ddeec-211f"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Thu, 01 Jul 2021 15:52:04 GMT

GET
H/1.1 200
OK DetectGDPR.v1.0.js Show response
live.sekindo.com/content/ClientDetections/ Frame 864C 7 KB
3 KB 200ms
60ms Script
application/javascript 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/ClientDetections/DetectGDPR.v1.0.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593618724&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: 993ebc45d9927d420801f05819222e8cc1aa523187e4c0b290df02b23ce18093

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:03 GMT
Content-Encoding: gzip
Last-Modified: Sun, 26 Jan 2020 11:58:13 GMT
Server: nginx
ETag: W/"5e2d7ed5-1d87"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Thu, 01 Jul 2021 15:52:03 GMT

GET
H/1.1 200
OK hls.0.12.4_1.min.js Show response
live.sekindo.com/content/video/hls/ Frame 864C 247 KB
85 KB 200ms
60ms Script
application/javascript 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593618724&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: 7d0492c66125b1c2bdc419641e41542857e7d90e323d355ee0b8bb268da121fb

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:03 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 15:31:55 GMT
Server: nginx
ETag: W/"5e1352eb-3dcb9"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Thu, 01 Jul 2021 15:52:03 GMT

GET
H/1.1 200
OK prebidVid.2.44.3_5.min.js Show response
live.sekindo.com/content/prebid/ Frame 864C 273 KB
101 KB 206ms
65ms Script
application/javascript 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593618724&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: e943dbcfb86d85f244a7297d32ba27e2efe5f46e242dfb838253cd52ab95d785

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Jun 2020 12:19:26 GMT
Server: nginx
ETag: W/"5ed7954e-44236"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Thu, 01 Jul 2021 15:52:03 GMT

GET
H/1.1 200
OK liveVideo.php Show response
live.sekindo.com/live/ Frame 864C 425 KB
121 KB 202ms
61ms Script
text/html 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30372D30315F31387D7B7331323334383830387D7B433131397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E6941764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+6+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efcb1246aea7&debugInfo=12348808_ABT+%2F+Prebid+%2F+6+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.0766&geoLong=14.5148&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593618724&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: 8f681d6bfcfccd2a2b1abbe6fcd011ccf0256b27906b8f3696f3391c3c85c43f

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&aip=1&a=1442815985&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&ul=en-us&de...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-35676203-21&cid=1924463279.1593618725&jid=1591018421&_gid=1604028730.1593618725&gjid=340859967&_v=j83&z=1440397821
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1924463279.1593618725&jid=1591018421&_v=j83&z=1440397821
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1924463279.1593618725&jid=1591018421&_v=j83&z=1440397821&slf_rd=1&random=3707279638

42 B
106 B

17ms
16ms

Image
image/gif

2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1924463279.1593618725&jid=1591018421&_v=j83&z=1440397821&slf_rd=1&random=3707279638

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1924463279.1593618725&jid=1591018421&_v=j83&z=1440397821&slf_rd=1&random=3707279638
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 3 B
356 B 379ms
378ms Script
application/x-javascript 2600:9000:2190:e800:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:e800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:50:50 GMT
via: 1.1 8455bcb2c0203b0c4ee93b610d75e69b.cloudfront.net (CloudFront)
last-modified: Fri, 03 Mar 2017 23:52:35 GMT
server: AmazonS3
age: 74
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Error from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=300
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: M0qJr7BsgLys4QGQwj8_KisUEzCOph5lnBDQu3Nj_84GfDwHzON9sA==

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 146 KB
18 KB 465ms
464ms XHR
text/plain 216.58.208.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1801557964832232&correlator=4075890381623023&output=ldjh&impl=fifs&adsid=NT&eid=21066628%2C21064211%2C21066437&vrg=2020062502&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200701&iu_parts=21707124336%2CThreatPost-970x250-ATF%2CThreatPost-300x250-ATF%2CThreatPost-300x600-ATF%2CThreatPost-2x2-Skin&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fcisa-nation-state-attackers-palo-alto-networks-bug%252F157013%252F%26urlquery%3Dgoogfc%26contentid%3D157013%26category%3Dvulnerabilities%26contenttags%3Dapts%252Cattackers%252Cauthentication%252Ccisa-alert%252Ccritical-vulnerability%252Ccve-2020-2021%252Cdepartment-defense%252Centerprise%252Cfirewall-0%252Cforeign-attackers%252Cnation-state%252Cpalo-alto-networks%252Cpatch%252Csaml%252Csecurity-bug%252Cthreat-actors%252Cvpn-appliances&cookie_enabled=1&bc=31&abxe=1&lmt=1593618724&dt=1593618724788&dlt=1593618723313&idt=761&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C1082%2C1082%2C0&adys=10%2C257%2C1542%2C0&adks=1015519800%2C654286612%2C375389812%2C3385906655&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&dssz=41&icsg=176173059&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x90%7C300x250%7C300x250%7C1600x2&msz=728x90%7C300x250%7C300x250%7C1600x2&ga_vid=1924463279.1593618725&ga_sid=1593618725&ga_hid=1442815985&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020062502.js?21066628

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s12-in-f34.1e100.net

Software

cafe /

Resource Hash

55cdccf663f0301ade1a37bca0f7217476fe2e7867dc0c207ebc90e315e4a0c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:05 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18274
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,5283645110
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,138301519116
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
05271505f1376639d2adc2f31a57eb63.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 56ms
21ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://05271505f1376639d2adc2f31a57eb63.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 6ms
5ms Other
text/html 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 adsct
t.co/i/ 43 B
449 B 259ms
158ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 107
pragma: no-cache
last-modified: Wed, 01 Jul 2020 15:52:04 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d18f3b740e103fa9b9e4ebf59cabbcad
x-transaction: 002815bd00adff65
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 864C 102 KB
26 KB 138ms
58ms Script
application/javascript 13.224.102.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30372D30315F31387D7B7331323334383830387D7B433131397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E6941764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+6+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efcb1246aea7&debugInfo=12348808_ABT+%2F+Prebid+%2F+6+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.0766&geoLong=14.5148&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.234 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-234.zrh50.r.cloudfront.net
Software: Server /
Resource Hash: 7301462cb27dcb0cf467822211f6cdd478be091ed9d776b29f426ce78c4a414f

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:47:48 GMT
content-encoding: gzip
server: Server
age: 257
etag: b586b236f6b3db3c4ca9410451195336
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=900
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: UuxOsggBUjjYBGT7kGwSRr0umTp5CfH0HnBhPbfQN4bjoR1dOZlngA==
via: 1.1 7e81b1a3e22ce96cdfb0b6c2db121d58.cloudfront.net (CloudFront)

GET
H/1.1 200
OK museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 324ms
251ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:05 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:52 GMT
Server: nginx
ETag: "5ef99b7c-5bac"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 23468
Expires: Thu, 01 Jul 2021 15:52:05 GMT

GET
H2 200 pixel;r=1159198939;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F;fpan=1;fpa=P0-2055733808-1593618724980;ns=0;ce...
pixel.quantserve.com/ 35 B
371 B 10ms
9ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1159198939;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F;fpan=1;fpa=P0-2055733808-1593618724980;ns=0;ce=1;qjs=1;qv=3d595974-20200604132620;cm=;gdpr=0;ref=;d=threatpost.com;je=0;sr=1600x1200x24;enc=n;dst=1;et=1593618724980;tzo=-120;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2018%2F12%2F21152821%2F54%252Ejp%2Ctype.article%2Ctitle.CISA%3A%20Nation-State%20Attackers%20Likely%20to%20Exploit%20Palo%20Alto%20Networks%20Bug%2Cdescription.An%20authentication-bypass%20vulnerability%20allows%20attackers%20to%20access%20network%20assets%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:04 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
status: 200
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame D442 2 KB
677 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto&display=swap

Requested by

Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30372D30315F31387D7B7331323334383830387D7B433131397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E6941764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+6+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efcb1246aea7&debugInfo=12348808_ABT+%2F+Prebid+%2F+6+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.0766&geoLong=14.5148&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 01 Jul 2020 15:02:38 GMT
server: ESF
date: Wed, 01 Jul 2020 15:52:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Jul 2020 15:52:05 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame ECD4 2 KB
655 B 19ms
19ms Stylesheet
text/css 2a00:1450:4001:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 01 Jul 2020 15:15:04 GMT
server: ESF
date: Wed, 01 Jul 2020 15:52:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Jul 2020 15:52:05 GMT

GET
H/1.1 200
OK user_sync.html
ads.pubmatic.com/AdServer/js/ Frame A605 0
0 163ms
51ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30372D30315F31387D7B7331323334383830387D7B433131397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E6941764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+6+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efcb1246aea7&debugInfo=12348808_ABT+%2F+Prebid+%2F+6+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.0766&geoLong=14.5148&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Last-Modified: Tue, 14 Apr 2020 10:28:34 GMT
ETag: "1300708-2eae-5a33da96f833f"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 4169
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=143382
Expires: Fri, 03 Jul 2020 07:41:47 GMT
Date: Wed, 01 Jul 2020 15:52:05 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

liveCS.php
live.sekindo.com/live/ Frame E049
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID&__user_chec...
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=94&advUuid=cfc0d5ec-bbb2-11ea-98cb-1df4c96b2406

0
0

42ms
42ms

Document
text/html

63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=94&advUuid=cfc0d5ec-bbb2-11ea-98cb-1df4c96b2406
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30372D30315F31387D7B7331323334383830387D7B433131397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E6941764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+6+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efcb1246aea7&debugInfo=12348808_ABT+%2F+Prebid+%2F+6+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.0766&geoLong=14.5148&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash

Request headers

Host: live.sekindo.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Server: nginx
Date: Wed, 01 Jul 2020 15:52:04 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
X-Powered-By: PHP/7.3.19
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-store
Pragma: no-cache
Age: 0
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Wed, 01 Jul 2020 15:52:05 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=cfc0d5ec-bbb2-11ea-98cb-1df4c96b2406; expires=Thu, 01-Jul-2021 16:58:45 GMT; path=/; domain=.spotxchange.com; SameSite=none; Secure
Location: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=94&advUuid=cfc0d5ec-bbb2-11ea-98cb-1df4c96b2406
X-fe: 130
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

GET
H/1.1

200
OK

liveCS.php
live.sekindo.com/live/ Frame 6DF8
Redirect Chain

https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D98%26advUuid%3D
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=98&advUuid=3aca70f8-a37c-4f08-acb2-c9d394dbb6fb

0
0

45ms
42ms

Document
text/html

63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=98&advUuid=3aca70f8-a37c-4f08-acb2-c9d394dbb6fb
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30372D30315F31387D7B7331323334383830387D7B433131397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E6941764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+6+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efcb1246aea7&debugInfo=12348808_ABT+%2F+Prebid+%2F+6+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.0766&geoLong=14.5148&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash

Request headers

Host: live.sekindo.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Server: nginx
Date: Wed, 01 Jul 2020 15:52:04 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
X-Powered-By: PHP/7.3.19
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-store
Pragma: no-cache
Age: 0
Content-Encoding: gzip

Redirect headers

status: 302
vary: Accept, Accept-Encoding
set-cookie: i=1ec3a911-46bd-480c-b201-97181cb4c613|1593618724; Version=1; Expires=Thu, 01-Jul-2021 15:52:05 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.188.2
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=98&advUuid=3aca70f8-a37c-4f08-acb2-c9d394dbb6fb
date: Wed, 01 Jul 2020 15:52:05 GMT
content-type: text/html
content-length: 0
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK placeHolder.png
live.sekindo.com/content/video/splayer/assets/ 23 KB
24 KB 98ms
72ms Image
image/png 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/content/video/splayer/assets/placeHolder.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: 76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Sun, 11 Jun 2017 08:03:58 GMT
Server: nginx
ETag: "593cf96e-5dbf"
Content-Type: image/png
Cache-Control: no-cache, private
Accept-Ranges: bytes
Content-Length: 23999
Expires: Wed, 01 Jul 2020 15:52:03 GMT

GET
H/1.1 200
OK vid5d5bb0d47c725224559183.jpg
video.sekindo.com/uploads/cn1/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame ECD4 8 KB
8 KB 203ms
64ms Image
image/jpeg 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn1/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.jpg?cbuster=1570431012

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

39acff21a7526c57aecfab519ae6bc57b24611d05058c34fe7a1c6391a456339

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Tue, 20 Aug 2019 08:42:11 GMT
Server: Tengine
ETag: "5d5bb263-1f36"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 7990
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5dfbdccdd42f1591065679.jpg
video.sekindo.com/uploads/cn9/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame ECD4 4 KB
5 KB 205ms
48ms Image
image/jpeg 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn9/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5dfbdccdd42f1591065679.jpg?cbuster=1576787159

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

d2a953a03ff9038e93d2a3b6b85a73eb2d6fdd185b2f4472ba592b802867078b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Thu, 19 Dec 2019 20:26:26 GMT
Server: Tengine
ETag: "5dfbdcf2-11a2"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 4514
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5e53e246175a5158734501.jpg
video.sekindo.com/uploads/cn4/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame ECD4 6 KB
6 KB 203ms
48ms Image
image/jpeg 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn4/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.jpg?cbuster=1582555723

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

14be6a0a8ec5070f1aac299ccff69379e9bf038148d5a1c5a66f772308f6e959

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Mon, 24 Feb 2020 14:49:43 GMT
Server: Tengine
ETag: "5e53e287-165d"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 5725
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5cb1036e48189699601426.jpg
video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/ Frame ECD4 11 KB
11 KB 203ms
48ms Image
image/jpeg 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/vid5cb1036e48189699601426.jpg?cbuster=1591260319

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

9eff853e0e48a1d66ee00e3daed67fbdbc2f15ddd89916c2492864c4bf00dcb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Fri, 12 Apr 2019 21:40:34 GMT
Server: Tengine
ETag: "5cb105d2-2a65"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 10853
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5ccb365137a1a741260230.jpg
video.sekindo.com/uploads/cn5/video/users/converted/24485/video_5c74e337b0b1c456249184/ Frame ECD4 18 KB
18 KB 206ms
65ms Image
image/jpeg 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn5/video/users/converted/24485/video_5c74e337b0b1c456249184/vid5ccb365137a1a741260230.jpg?cbuster=1591260379

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

592219fca9342c842545618d2f3ccd0b8a8f5895bb0e9877e188b2ac017e832d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Thu, 02 May 2019 18:29:13 GMT
Server: Tengine
ETag: "5ccb36f9-484c"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 18508
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5ccb3653026fa765944911.jpg
video.sekindo.com/uploads/cn5/video/users/converted/24485/video_5c74e337b0b1c456249184/ Frame ECD4 12 KB
12 KB 49ms
46ms Image
image/jpeg 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn5/video/users/converted/24485/video_5c74e337b0b1c456249184/vid5ccb3653026fa765944911.jpg?cbuster=1591260379

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

0e453d31a556b49b2fe38a790b45d234aa46ffa811e40f499d27c941658d8fe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Thu, 02 May 2019 18:29:22 GMT
Server: Tengine
ETag: "5ccb3702-2f0f"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 12047
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5cb29d69f3304348391178.jpg
video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/ Frame ECD4 10 KB
10 KB 49ms
46ms Image
image/jpeg 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/vid5cb29d69f3304348391178.jpg?cbuster=1591260321

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

34cd6311da41615789f6c7c4302d57501cd772a174b6f984b864bb3683abb1e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Sun, 14 Apr 2019 02:40:30 GMT
Server: Tengine
ETag: "5cb29d9e-264c"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 9804
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5cb29d6c98f3a455360008.jpg
video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/ Frame ECD4 13 KB
13 KB 43ms
41ms Image
image/jpeg 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/vid5cb29d6c98f3a455360008.jpg?cbuster=1591260321

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

69a48d0048fc5eb68c4b52a37b36c6c4a5cff257d114afce9ac9c5c6229d3626

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Sun, 14 Apr 2019 02:41:11 GMT
Server: Tengine
ETag: "5cb29dc7-3236"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 12854
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5cb1036a89d55056130539.jpg
video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/ Frame ECD4 11 KB
12 KB 47ms
46ms Image
image/jpeg 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/vid5cb1036a89d55056130539.jpg?cbuster=1591260319

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

3cb5627fb22b404f82531acf16febdd395595021426caf8db97cbc78817be204

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Fri, 12 Apr 2019 21:38:32 GMT
Server: Tengine
ETag: "5cb10558-2d08"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 11528
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5cb1036c48e74940963298.jpg
video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/ Frame ECD4 21 KB
21 KB 53ms
53ms Image
image/jpeg 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/vid5cb1036c48e74940963298.jpg?cbuster=1591260319

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

31d85fbe07b479d27a2ef6e195eb4cfd9dce455e6c5549b2fb23d3e59d532391

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Fri, 12 Apr 2019 21:39:48 GMT
Server: Tengine
ETag: "5cb105a4-5455"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 21589
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

sync
x.bidswitch.net/ul_cb/ Frame 864C
Redirect Chain

https://x.bidswitch.net/sync?ssp=sekindo&user_id=5efcb1246aea7&custom_data=5efcb1246aea7&gdpr=1&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5efcb1246aea7&custom_data=5efcb1246aea7&gdpr=1&gdpr_consent=

43 B
412 B

36ms
36ms

Image
image/gif

3.127.169.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5efcb1246aea7&custom_data=5efcb1246aea7&gdpr=1&gdpr_consent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.169.241 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-169-241.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Wed, 01 Jul 2020 15:52:06 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status: 302
date: Wed, 01 Jul 2020 15:52:06 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5efcb1246aea7&custom_data=5efcb1246aea7&gdpr=1&gdpr_consent=
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

liveCS.php
live.sekindo.com/live/ Frame 864C
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=155851cf-87cd-450a-81c4-54eff13ca4c9

0
347 B

45ms
45ms

Image
text/html

63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=155851cf-87cd-450a-81c4-54eff13ca4c9
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:06 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-store
Content-Type: text/html; charset=utf-8

Redirect headers

status: 307
date: Wed, 01 Jul 2020 15:52:06 GMT
content-length: 0
location: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=155851cf-87cd-450a-81c4-54eff13ca4c9

GET
H/1.1 200
OK vid5d5bb0d47c725224559183.jpg
video.sekindo.com/uploads/cn1/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame D442 8 KB
8 KB 198ms
64ms Image
image/jpeg 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn1/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.jpg?cbuster=1570431012

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

39acff21a7526c57aecfab519ae6bc57b24611d05058c34fe7a1c6391a456339

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://amli.sekindo.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Tue, 20 Aug 2019 08:42:11 GMT
Server: Tengine
ETag: "5d5bb263-1f36"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 7990
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame D442 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D442 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame 864C 70 KB
3 KB 74ms
74ms XHR
application/json 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=1&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn1%2Fvideo%2Fusers%2Fconverted%2F28530%2Fvideo_5d5baf9fe4c32389620327%2Fvid5d5bb0d47c725224559183.mp4&vid_content_id=483586&vid_content_desc=Apple%27s+new+phone+to+be+called+iPhone+XC%3F&vid_content_title=Apple%27s+new+phone+to+be+called+iPhone+XC%3F&vid_content_duration=40&debugInformation=ABT+%2F+Prebid+%2F+6+%2F+default&x=320&y=180&fpl=2&pubUrl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30372D30315F31387D7B7331323334383830387D7B433131397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E6941764947526C5A6D46316248513D7D7B4C363631357DFEFE&isApp=0&geoLati=50.0766&geoLong=14.5148&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efcb1246aea7&cbuster=1593618725100&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30372D30315F31387D7B7331323334383830387D7B433131397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E6941764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+6+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efcb1246aea7&debugInfo=12348808_ABT+%2F+Prebid+%2F+6+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.0766&geoLong=14.5148&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: 21be3f696764f11a2746ff8d41be1a071eb3dc11ebfad8c82bd60d95d805cc00

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:04 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 2995

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame 864C 24 KB
2 KB 71ms
70ms XHR
application/json 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=0&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn1%2Fvideo%2Fusers%2Fconverted%2F28530%2Fvideo_5d5baf9fe4c32389620327%2Fvid5d5bb0d47c725224559183.mp4&vid_content_id=483586&vid_content_desc=Apple%27s+new+phone+to+be+called+iPhone+XC%3F&vid_content_title=Apple%27s+new+phone+to+be+called+iPhone+XC%3F&vid_content_duration=40&debugInformation=ABT+%2F+Prebid+%2F+6+%2F+default&x=320&y=180&fpl=2&pubUrl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30372D30315F31387D7B7331323334383830387D7B433131397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E6941764947526C5A6D46316248513D7D7B4C363631357DFEFE&isApp=0&geoLati=50.0766&geoLong=14.5148&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efcb1246aea7&cbuster=1593618725101&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30372D30315F31387D7B7331323334383830387D7B433131397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E6941764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+6+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efcb1246aea7&debugInfo=12348808_ABT+%2F+Prebid+%2F+6+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.0766&geoLong=14.5148&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: fa3930fb77bf683949012030e2d5e68a5937b57d0ca5de425b41a8fd593997e0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:04 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 1824

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame D442 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto&display=swap
Origin: https://threatpost.com

Response headers

date: Tue, 09 Jun 2020 00:43:54 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 1955291
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Wed, 09 Jun 2021 00:43:54 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 864C 6 KB
3 KB 129ms
38ms XHR
application/javascript 13.224.102.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.234 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-234.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:30:39 GMT
content-encoding: gzip
vary: Origin
age: 1287
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Tue, 23 Jun 2020 10:10:39 GMT
server: AmazonS3
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 e8a7e21f51478f02a6e51b69e3450928.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 0AHbZiziOhBF3oisu0h5woCy2_oLd37ScLnluFPAPPX3eB1JwD2u-w==

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 864C 0
215 B 605ms
223ms XHR
application/json 18.185.15.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.15.67 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-15-67.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 864C 0
59 B 51ms
51ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 01 Jul 2020 15:52:05 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/NMoy4HgGiLr5NAQaEQa2ho8X/ 323 KB
127 KB 15ms
5ms Script
text/javascript 2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/NMoy4HgGiLr5NAQaEQa2ho8X/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=5.4.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1533bc39e2dd8ede3893909d6f42760e0598d075951447afe88158e57b0961a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 16:39:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Jun 2020 20:56:25 GMT
server: sffe
age: 688353
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 129939
x-xss-protection: 0
expires: Wed, 23 Jun 2021 16:39:32 GMT

GET
H2 200 flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
566 B 377ms
376ms Image
image/svg+xml 2600:9000:2190:2e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:2e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=b0ee8769
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Wed, 01 Jul 2020 15:52:05 GMT
content-encoding: gzip
last-modified: Mon, 29 Jun 2020 07:42:52 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: W/"5ef99b7c-ec"
x-cache: Miss from cloudfront
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
x-amz-cf-id: 1L6BjaAMFbXRkkgDLkgdLWG4kM2a83vffWg-vnkml3MZUUZuUhLTTQ==
via: 1.1 0baaefd2451e4f0e2d5ea55eb90f4a1a.cloudfront.net (CloudFront)
expires: Wed, 08 Jul 2020 15:52:05 GMT

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 440ms
397ms Font
font/woff2 2600:9000:2190:2e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:2e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=b0ee8769
Origin: https://threatpost.com

Response headers

date: Wed, 01 Jul 2020 15:52:05 GMT
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 77160
pragma: public
last-modified: Mon, 29 Jun 2020 07:42:52 GMT
server: nginx
etag: "5ef99b7c-12d68"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: szR74qHEWTKYco6aLpJe7TAhZOfSGQ9wV5kheUGPtGhHxG1qXGepXA==
expires: Thu, 01 Jul 2021 15:52:05 GMT

GET
H/1.1 200
OK photo-newsletter.jpg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 83 KB
83 KB 1303ms
222ms Image
image/jpeg 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/photo-newsletter.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 940e0c3385928422aae38e1a74f1d84b462d8ce1a056c686fde505a0bf3162bb

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Jul 2020 15:52:06 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:52 GMT
Server: nginx
ETag: "5ef99b7c-14c88"
Content-Type: image/jpeg
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 85128
Expires: Wed, 08 Jul 2020 15:52:06 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
652 B 348ms
214ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 117
pragma: no-cache
last-modified: Wed, 01 Jul 2020 15:52:05 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e0a3de9a90cf25d9c4749f423fba4e88
x-transaction: 00fbb81f005d3c90
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame CC5F 0
0 29ms
29ms Document
text/html 2a00:1450:4001:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&theme=standard&size=normal&cb=4yqcv2wqaz4i

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jZW47XGOX8HG/xPfFS/tnw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&theme=standard&size=normal&cb=4yqcv2wqaz4i
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Jul 2020 15:52:05 GMT
content-security-policy: script-src 'report-sample' 'nonce-jZW47XGOX8HG/xPfFS/tnw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10817
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bl-8ce16fa-7f9cbf32.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 342F 55 KB
16 KB 55ms
51ms Script
application/javascript 13.224.102.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-8ce16fa-7f9cbf32.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-80.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bb983e6afb7b5e90c39046653f93498b063d17a8e33bb8c36455ba7fc7d6a77d

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 00:34:20 GMT
content-encoding: gzip
age: 55066
x-cache: Hit from cloudfront
status: 200
content-length: 16277
x-amz-meta-git_commit: 8ce16fa
last-modified: Tue, 30 Jun 2020 22:41:32 GMT
server: AmazonS3
etag: "ca18b721a9af873068b23589b829a423"
x-amz-version-id: S5rqC6_yIBlseGVI6HZt5MbHjXmNCLag
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 6m7kTKxj7XLpNusJWLIkJdVrq1lAyFtOPszOD9tlGwGd8WXnJylamw==

GET
H2 200 b-8ce16fa.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 342F 35 KB
12 KB 99ms
96ms Script
application/javascript 13.224.102.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-8ce16fa.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-80.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82778d6bab0bf693d922b290e21dc5766bc0d7dcc15fb8cbf96223449f07a662

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 21 May 2020 21:03:32 GMT
content-encoding: gzip
age: 3523714
x-cache: Hit from cloudfront
status: 200
content-length: 12279
x-amz-meta-git_commit: 8ce16fa
last-modified: Thu, 21 May 2020 20:57:10 GMT
server: AmazonS3
etag: "1ee78bd32c1d4d051f9e148b667e3f17"
x-amz-version-id: AuxBHdwSL09yrCmxb.j1gjSlW7v1d09f
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: dMsGX1XZ5UBrZ4kWMh1-72zPBA562CeXEFB7Me1SCWr05uQuH7KOkQ==

GET
H/1.1 200
OK chunklist_640.m3u8 Show response
video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/ Frame 864C 330 B
730 B 198ms
67ms XHR
application/vnd.apple.mpegurl 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/chunklist_640.m3u8
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: cc1a06507fef3821468dfabe5f908b44d8e048a85ab70cf5a95a3ea7a6c7f071

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Tue, 20 Aug 2019 08:43:55 GMT
Server: Tengine
ETag: "5d5bb2cb-14a"
Content-Type: application/vnd.apple.mpegurl
Access-Control-Allow-Origin: *
Expires: Wed, 08 Jul 2020 15:52:04 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 330
X-Proxy-Cache: HIT

GET
H2 200 / Show response
graph.facebook.com/ 96 B
505 B 56ms
42ms XHR
application/json 2a03:2880:f02d:e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2d36bffbb58ecc453f166cd49885ffe3a548fa0b818a7926c2ea0304de6aa563

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
etag: "061000c0e4112ce7a70e8d6ae3fc168bcbf6d630"
status: 200
x-fb-rev: 1002317832
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 96
pragma: no-cache
x-fb-debug: O4q8uoF5XSYK1UFDRbGCHXs8xn/JcJri8zW4AHC7mmFmL0bwCkHvcvMIEQHnshdvX9u1WiE4qgkW5F4BBEa5aQ==
x-fb-trace-id: DiXRn0pjORO
date: Wed, 01 Jul 2020 15:52:05 GMT, Wed, 01 Jul 2020 15:52:05 GMT
content-type: application/json
access-control-allow-origin: *
x-fb-request-id: A7iWUMLR33-60IK5Uvzcxcq
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v3.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 share
www.linkedin.com/countserv/count/ 0
0 132ms
132ms Script
text/html 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin.com/countserv/count/share?url=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&format=jsonp&callback=jQuery1124048804399701416923_1593618724217&_=1593618724218
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 info.json Show response
www.reddit.com/api/ 4 KB
3 KB 355ms
234ms XHR
application/json 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.53.140 Manchester, United Kingdom, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

3a9228eca2961efdd420c3ab63578dfe8180b1bbe2d9976b8557e90cbc6fc9e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: *
x-cache: MISS
status: 200
vary: accept-encoding
content-length: 1701
x-xss-protection: 1; mode=block
x-served-by: cache-man4148-MAN
x-moose: majestic
expires: -1
server: snooserv
x-timer: S1593618726.726834,VS0,VE175
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=UTF-8
via: 1.1 varnish
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 bl-8ce16fa-7f9cbf32.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 5278 55 KB
16 KB 52ms
51ms Script
application/javascript 13.224.102.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-8ce16fa-7f9cbf32.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-80.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bb983e6afb7b5e90c39046653f93498b063d17a8e33bb8c36455ba7fc7d6a77d

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 00:34:20 GMT
content-encoding: gzip
age: 55066
x-cache: Hit from cloudfront
status: 200
content-length: 16277
x-amz-meta-git_commit: 8ce16fa
last-modified: Tue, 30 Jun 2020 22:41:32 GMT
server: AmazonS3
etag: "ca18b721a9af873068b23589b829a423"
x-amz-version-id: S5rqC6_yIBlseGVI6HZt5MbHjXmNCLag
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: woXk7uQveFWKsc3DpH1n-EWc0sj5rnMi3ZVBeNxnttsyBeIDRWRAxw==

GET
H2 200 b-8ce16fa.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 5278 35 KB
12 KB 52ms
51ms Script
application/javascript 13.224.102.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-8ce16fa.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-80.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82778d6bab0bf693d922b290e21dc5766bc0d7dcc15fb8cbf96223449f07a662

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 21 May 2020 21:03:32 GMT
content-encoding: gzip
age: 3523714
x-cache: Hit from cloudfront
status: 200
content-length: 12279
x-amz-meta-git_commit: 8ce16fa
last-modified: Thu, 21 May 2020 20:57:10 GMT
server: AmazonS3
etag: "1ee78bd32c1d4d051f9e148b667e3f17"
x-amz-version-id: AuxBHdwSL09yrCmxb.j1gjSlW7v1d09f
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: coirQDvrHXEUNTLh_QxVNcYgAIf_CSjBOa7T2VUYQmCStseW4OcT-A==

GET
H2 200 bl-8ce16fa-7f9cbf32.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 3BC4 55 KB
16 KB 84ms
83ms Script
application/javascript 13.224.102.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-8ce16fa-7f9cbf32.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-80.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bb983e6afb7b5e90c39046653f93498b063d17a8e33bb8c36455ba7fc7d6a77d

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 00:34:20 GMT
content-encoding: gzip
age: 55066
x-cache: Hit from cloudfront
status: 200
content-length: 16277
x-amz-meta-git_commit: 8ce16fa
last-modified: Tue, 30 Jun 2020 22:41:32 GMT
server: AmazonS3
etag: "ca18b721a9af873068b23589b829a423"
x-amz-version-id: S5rqC6_yIBlseGVI6HZt5MbHjXmNCLag
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: bmZiQ0DFt_x2X0lF8onFhf8pjeDOlF-jISZYp2iAPSbkAYyjx7AltA==

GET
H2 200 b-8ce16fa.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 3BC4 35 KB
12 KB 84ms
84ms Script
application/javascript 13.224.102.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-8ce16fa.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-80.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82778d6bab0bf693d922b290e21dc5766bc0d7dcc15fb8cbf96223449f07a662

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 21 May 2020 21:03:32 GMT
content-encoding: gzip
age: 3523714
x-cache: Hit from cloudfront
status: 200
content-length: 12279
x-amz-meta-git_commit: 8ce16fa
last-modified: Thu, 21 May 2020 20:57:10 GMT
server: AmazonS3
etag: "1ee78bd32c1d4d051f9e148b667e3f17"
x-amz-version-id: AuxBHdwSL09yrCmxb.j1gjSlW7v1d09f
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: uuMevKuxsIOxesh-0Lw4A3BmjMSu8JRP_kkCFKEo_BiGbi2WO66sYQ==

GET
H2 200 bl-8ce16fa-7f9cbf32.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame F129 55 KB
16 KB 74ms
73ms Script
application/javascript 13.224.102.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-8ce16fa-7f9cbf32.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-80.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bb983e6afb7b5e90c39046653f93498b063d17a8e33bb8c36455ba7fc7d6a77d

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 00:34:20 GMT
content-encoding: gzip
age: 55066
x-cache: Hit from cloudfront
status: 200
content-length: 16277
x-amz-meta-git_commit: 8ce16fa
last-modified: Tue, 30 Jun 2020 22:41:32 GMT
server: AmazonS3
etag: "ca18b721a9af873068b23589b829a423"
x-amz-version-id: S5rqC6_yIBlseGVI6HZt5MbHjXmNCLag
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: az7N29au65e66jsbxrP6fA79RmKVeITrpCASc3uZCj1N5msVTO0XEA==

GET
H2 200 b-8ce16fa.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame F129 35 KB
12 KB 75ms
74ms Script
application/javascript 13.224.102.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-8ce16fa.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-80.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82778d6bab0bf693d922b290e21dc5766bc0d7dcc15fb8cbf96223449f07a662

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 21 May 2020 21:03:32 GMT
content-encoding: gzip
age: 3523714
x-cache: Hit from cloudfront
status: 200
content-length: 12279
x-amz-meta-git_commit: 8ce16fa
last-modified: Thu, 21 May 2020 20:57:10 GMT
server: AmazonS3
etag: "1ee78bd32c1d4d051f9e148b667e3f17"
x-amz-version-id: AuxBHdwSL09yrCmxb.j1gjSlW7v1d09f
via: 1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: nXFiXfVvgfnkYZRJx-Rlx2an61OR5AkyoziPd7nTrFLfjcOJe0_fnA==

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame FDD0 0
0 61ms
61ms Document
text/html 2a00:1450:4001:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&theme=light&size=normal&cb=mmk59yf1kule

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8aILfe9w14va/B3jJIY9jw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&theme=light&size=normal&cb=mmk59yf1kule
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Jul 2020 15:52:05 GMT
content-security-policy: script-src 'report-sample' 'nonce-8aILfe9w14va/B3jJIY9jw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10358
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012006230309000/ Frame 342F 205 KB
56 KB 68ms
37ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ce200758387e7446ef2d83ac06d37ed663ab0bf7e1370c5a659017bd5662d7c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 4004
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57191
x-xss-protection: 0
server: sffe
date: Wed, 01 Jul 2020 14:45:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3e1735ca4791a48"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jul 2021 14:45:22 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame 342F 16 KB
6 KB 67ms
36ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-ad-exit-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b71631421727262576684de39d0c58bd135eae52e2d568949c059a4e1e79e7f3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 76898
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5910
x-xss-protection: 0
server: sffe
date: Tue, 30 Jun 2020 18:30:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3712521b72b8c0ab"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Jun 2021 18:30:28 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame 342F 96 KB
30 KB 37ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-analytics-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a825d0e781d4861afa8cca726ae602e1c9ae49cbf6dc77390a08384039694c47

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3997
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29740
x-xss-protection: 0
server: sffe
date: Wed, 01 Jul 2020 14:45:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0a5060c0fd825ed9"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jul 2021 14:45:29 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame 342F 4 KB
2 KB 77ms
46ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-fit-text-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83de5accdb79e0a9f1622998c8ef0e9a6584befaa2ceab6814225345a7089ddc

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 76898
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1784
x-xss-protection: 0
server: sffe
date: Tue, 30 Jun 2020 18:30:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8a685cb1692c66b"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Jun 2021 18:30:28 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame 342F 48 KB
15 KB 69ms
39ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-form-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

054e64dc705360fa512cdcbd2b7f068d32eb2a961c20719f90c7dc48a1733010

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 76898
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15035
x-xss-protection: 0
server: sffe
date: Tue, 30 Jun 2020 18:30:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8980465596d9ce39"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Jun 2021 18:30:28 GMT

GET
H2 200 9760024153416966022
tpc.googlesyndication.com/simgad/ Frame 342F 40 KB
40 KB 8ms
7ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9760024153416966022?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qke-jwIhvTjbfsyVRspAFVi3r355A

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fbf33b39fb359dee1f6d9b80835c1f43dc303aecd6697a2128ce25b9de87e4b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 18 Jun 2020 08:33:40 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 15:48:30 GMT
server: sffe
age: 1149506
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41163
x-xss-protection: 0
expires: Fri, 18 Jun 2021 08:33:40 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 342F 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 16988
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 02 Jul 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 342F 295 B
402 B 7ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 08:18:35 GMT
x-content-type-options: nosniff
server: cafe
age: 27211
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 02 Jul 2020 08:18:35 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 342F 0
0 69ms
68ms Image
text/html 216.58.208.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cx3lNJLH8Xrq3NJSl-gaKn6SQBI-UjLFd-K7S6s0Jr4G649cCEAEg0YfSIGDM4e2B_C6gAbX63OYCyAECqQKHZbbwrJBmPuACAKgDAcgDCKoEnAJP0GfKV61IVRvrQLB2bl44Y8JIdJwB-C8YeFx4BbctSQRidMwKpYFj9Zuka2FN7A782TuBzxTbT82dDTiWgFKsaLF7cLMVVmDn-5loiROmvEtVnphcC8at69fL0Q-h8L0pNjAmUHpi1MD0g3u7ynjwQ5nof3BIsBveIyKJ2DN2jUQ1477dFaI8J3aptdtGK6Q4-KGgtErSFH31tCjm4yib6z1lc-6egi3G4pJyjThRJKZ9Ij-5z30MfUGvUtqH_tfhgxEVJcipbkDpE_HRucL2UTtvztLqYbZFddahububscKWCKaA-6qvhRt22yP3DdTUAC5kLq6G1ZW9rvZiWk8Tcj59aitDa1CqFJB1EM-mhX3buh9Y2AESZJIElMAEyay05KoC4AQBkgUECAQYAZIFBAgFGASgBgKAB7OFo5kBqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEL6yCtIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNzI2MzU3MzQ0NjgwNDA3OIAKA8gLAdgTDA&sigh=AKhuuZ1iP6o&tpd=AGWhJmvGP9L9u5NE2JGLYFsIT0aMz52-IjjIYs6z3Fp_s5TF5Q
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s12-in-f34.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 342F 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfcec43178b0e8e1c435b131261ab7dccaedde579c5cdc6ea74fbf5bb31ffbe

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012006230309000/ Frame 5278 205 KB
56 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ce200758387e7446ef2d83ac06d37ed663ab0bf7e1370c5a659017bd5662d7c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 4004
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57191
x-xss-protection: 0
server: sffe
date: Wed, 01 Jul 2020 14:45:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3e1735ca4791a48"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jul 2021 14:45:22 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame 5278 16 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-ad-exit-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b71631421727262576684de39d0c58bd135eae52e2d568949c059a4e1e79e7f3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 76898
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5910
x-xss-protection: 0
server: sffe
date: Tue, 30 Jun 2020 18:30:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3712521b72b8c0ab"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Jun 2021 18:30:28 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame 5278 96 KB
29 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-analytics-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a825d0e781d4861afa8cca726ae602e1c9ae49cbf6dc77390a08384039694c47

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3997
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29740
x-xss-protection: 0
server: sffe
date: Wed, 01 Jul 2020 14:45:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0a5060c0fd825ed9"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jul 2021 14:45:29 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame 5278 4 KB
2 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-fit-text-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83de5accdb79e0a9f1622998c8ef0e9a6584befaa2ceab6814225345a7089ddc

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 76898
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1784
x-xss-protection: 0
server: sffe
date: Tue, 30 Jun 2020 18:30:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8a685cb1692c66b"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Jun 2021 18:30:28 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame 5278 48 KB
15 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-form-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

054e64dc705360fa512cdcbd2b7f068d32eb2a961c20719f90c7dc48a1733010

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 76898
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15035
x-xss-protection: 0
server: sffe
date: Tue, 30 Jun 2020 18:30:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8980465596d9ce39"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Jun 2021 18:30:28 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5278 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 16988
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 02 Jul 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5278 295 B
360 B 7ms
7ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 08:18:35 GMT
x-content-type-options: nosniff
server: cafe
age: 27211
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 02 Jul 2020 08:18:35 GMT

GET
H2 200 1744574652835401627
tpc.googlesyndication.com/simgad/ Frame 5278 20 KB
20 KB 8ms
7ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1744574652835401627?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmLfeKfpcBo8bAwnFz45dZETHYfjQ

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa34788821a38bcde13987589d01ac54956fb32a5c748602b27d09e177e35d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 18 Jun 2020 04:36:11 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 15:47:35 GMT
server: sffe
age: 1163755
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20126
x-xss-protection: 0
expires: Fri, 18 Jun 2021 04:36:11 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5278 0
0 68ms
68ms Image
text/html 216.58.208.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CRx6RJLH8Xru3NJSl-gaKn6SQBI-UjLFd2KPS6s0Jr4G649cCEAEg0YfSIGDM4e2B_C6gAbX63OYCyAECqQKHZbbwrJBmPuACAKgDAcgDCKoEnwJP0FsI8uzJgUmzT3DQMkMWPIKiTTdPWLDgM9p-0_njNwlTdT_tvn20QhesF0GcxY9FhcnnQQQUATET6HJJg4H-1Rq1npIQ28q8Z-d2bb9RpL9BUKmuloJF5FgAEddRtlsEG4ttN8NZiOyiMoK-oJGLrH0UyKklJw9SXbdMqhpl9rNDgKNcAnjKi24fEdwP7BI1TcXmPlkCKwUR83cODRl2Aej1F_aJHHAu4snvPpUQ2nRRr7Jqhg6O9-QrK4Pk9Fiigcq_vptTiYNRzZOr2tqPQmH6fEFb4ZgtHzwZ-eP3fagpHEMDfaj6h74prV1Pd3FFCrCTtbH7JJV-LpJ3wHdIHVcw4gAIo8Y9RHul1QuvzvGvnREv824_8R-rdZLwDMAEyay05KoC4AQBkgUECAQYAZIFBAgFGASgBgKAB7OFo5kBqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEI_GB9IICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNzI2MzU3MzQ0NjgwNDA3OIAKA8gLAdgTDA&sigh=D-jhc0T-D0I&tpd=AGWhJmtPPtfrzTPpcXFzb-A4kcrDlRXsdKTE2_rvyA4ghiNKlg
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s12-in-f34.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 5278 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4dd1dce38b66fc66d42d650fe440440450d79ccfe433b0aaf4981cc0b626120

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ Frame 864C 24 B
1 KB 280ms
279ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=435871&v=8.1&r=%7B%22id%22%3A%2259e748d966c361%22%2C%22imp%22%3A%5B%7B%22id%22%3A%226e3d4f0c4b17b2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.8%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%2C%7B%22id%22%3A%227a1f995b8b3ac%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.8%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&nf=1&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d25cdeed2ccb087b677ff1774fa5b972961bd96269181553ffd8693924a1592f

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:06 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 44
Expires: Wed, 01 Jul 2020 15:52:06 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 864C 0
215 B 222ms
221ms XHR
application/json 18.185.15.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.15.67 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-15-67.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame 864C 92 B
285 B 137ms
137ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=e02a1d41-ffb8-48b6-89e4-7c7c15cbf9f4&nocache=1593618726135&gdpr_consent=&gdpr=1&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&skip=1&auid=540882778&vwd=320&vht=180&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.188.2 /
Resource Hash: 004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:06 GMT
via: 1.1 google
server: OXGW/16.188.2
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 92
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 864C 0
59 B 58ms
58ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 01 Jul 2020 15:52:06 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 864C 144 B
838 B 82ms
82ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

42ec7d154f1abcad8706bc2ce0f89883ef5baa499a0c84f6ab6acace87d9dc84

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:08 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 717.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.186:80
AN-X-Request-Uuid: b06d21b0-d5a1-4472-9654-1bdfdfaca2c8
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 bframe
www.google.com/recaptcha/api2/ Frame 0A7E 0
0 21ms
21ms Document
text/html 2a00:1450:4001:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=n6zm3jbnam64

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-cTw+2mhwPrghVocD06huKw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=n6zm3jbnam64
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Jul 2020 15:52:06 GMT
content-security-policy: script-src 'report-sample' 'nonce-cTw+2mhwPrghVocD06huKw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1175
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK w_640_000.ts Show response
video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/ Frame 864C 307 KB
307 KB 54ms
53ms XHR
video/mp2t 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/w_640_000.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: f603a089c9e5601d169903db787d29fc049a3a287dd40ad03900dc02745fcaeb

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:04 GMT
Last-Modified: Tue, 20 Aug 2019 08:43:53 GMT
Server: Tengine
ETag: "5d5bb2c9-4ca68"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Wed, 08 Jul 2020 15:52:04 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 313960
X-Proxy-Cache: HIT

GET
BLOB 200
OK 587fb58c-be9c-49c5-8f39-6962d6d5885a
https://threatpost.com/ Frame 864C 63 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://threatpost.com/587fb58c-be9c-49c5-8f39-6962d6d5885a
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 64352
Content-Type: text/javascript

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012006230309000/ Frame 3BC4 205 KB
56 KB 7ms
4ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ce200758387e7446ef2d83ac06d37ed663ab0bf7e1370c5a659017bd5662d7c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 4004
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57191
x-xss-protection: 0
server: sffe
date: Wed, 01 Jul 2020 14:45:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3e1735ca4791a48"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jul 2021 14:45:22 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame 3BC4 16 KB
6 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-ad-exit-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b71631421727262576684de39d0c58bd135eae52e2d568949c059a4e1e79e7f3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 76898
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5910
x-xss-protection: 0
server: sffe
date: Tue, 30 Jun 2020 18:30:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3712521b72b8c0ab"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Jun 2021 18:30:28 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame 3BC4 96 KB
29 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-analytics-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a825d0e781d4861afa8cca726ae602e1c9ae49cbf6dc77390a08384039694c47

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3997
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29740
x-xss-protection: 0
server: sffe
date: Wed, 01 Jul 2020 14:45:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0a5060c0fd825ed9"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jul 2021 14:45:29 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame 3BC4 4 KB
2 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-fit-text-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83de5accdb79e0a9f1622998c8ef0e9a6584befaa2ceab6814225345a7089ddc

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 76898
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1784
x-xss-protection: 0
server: sffe
date: Tue, 30 Jun 2020 18:30:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8a685cb1692c66b"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Jun 2021 18:30:28 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame 3BC4 48 KB
15 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-form-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

054e64dc705360fa512cdcbd2b7f068d32eb2a961c20719f90c7dc48a1733010

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 76898
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15035
x-xss-protection: 0
server: sffe
date: Tue, 30 Jun 2020 18:30:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8980465596d9ce39"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Jun 2021 18:30:28 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3BC4 7 KB
813 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=en

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d3838febe02ee1538a1336ac01f452a6fe7682106cd21b46cda9c40092c8e3aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 01 Jul 2020 15:26:56 GMT
server: ESF
date: Wed, 01 Jul 2020 15:52:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Jul 2020 15:52:06 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3BC4 5 KB
772 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 01 Jul 2020 14:42:14 GMT
server: ESF
date: Wed, 01 Jul 2020 15:52:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Jul 2020 15:52:06 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/210661164476808107/ Frame 3BC4 11 KB
11 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/210661164476808107/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIqgIQnAEYASABLQAAAD8wqgI4nAFFAACAPw&rs=AOga4qkwPSsofHaNpHSH6UIqgCur2nda5A

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e9621be2cc62895b462e1e1198172d36ccdd7fdc6ad658ca20135ba5f3a1db3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Jun 2020 08:23:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 07:50:58 GMT
server: sffe
age: 545319
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10829
x-xss-protection: 0
expires: Fri, 25 Jun 2021 08:23:27 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12873405645878381694/ Frame 3BC4 2 KB
2 KB 12ms
10ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12873405645878381694/downsize_200k_v1?sqp=4sqPyQR5QncIABIUDc3MzD4VAAAAQB0AAAAAJQAAAAAYACIKDQAAgD8VAACAPypPCFoQAR0AALRCIAEoATAGOANAgMLXL0gAUABYAGBacAJ4AIABAIgBAJABAJ0BAACAP6ABAKgBALABgK3iBLgB____________AcUBLbKdPg&rs=AOga4ql45MtAWjzPkLW0I9qh0O63Bde1yQ

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06c5c6f82e19c34ebf8c6c560780a5a6bdb89460159b8aafc38e7ac5f9609184

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 14:45:33 GMT
x-content-type-options: nosniff
last-modified: Thu, 09 Jan 2020 18:12:51 GMT
server: sffe
age: 1818393
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1862
x-xss-protection: 0
expires: Thu, 10 Jun 2021 14:45:33 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3BC4 0
0 68ms
67ms Image
text/html 216.58.208.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cu5HkJLH8Xry3NJSl-gaKn6SQBJn_7oJe6oqV54YMuuPzqqoaEAEg0YfSIGDM4e2B_C6gAYqX_IgDyAEGqQL0c9wyzN2QPuACAKgDAcgDCqoEmAJP0Ec00m5UvHpoNysdZawrAgvvnbmWjU2keHtxXP_xJnhf6mrWRIcjotIueWEZcdheiQTRlXZJu-z6y5ZFNWuSJvnhESDB1VB3USbOOGmkjQfzUOBUf30AvRvxHvRjlfKosE678YnS_y-7CgdCy-5wN-1JXFIWo6OqH4ND6JkxpdrQmBE7-rRB0U8oC9JxFamJtnkbZFtuc1CPUiSgZxCo4vAvbI4MhdMtqUMKT1G-ZdHrxSye2dEE9qJaC4Sc06j0bZeglU7yI7n-cCgXz7vvxHc7xVznxpnfSYKL9Txmysd5CFf_OzCPJzRNh7L5mTzl6aAZFg2UR0RGvC-SKvdg7gfxYVQuAkskrJnoubZR3cHq5KDcpBbIwAT19-a1ywHgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGN4AH3uiDd6gHjs4bqAfVyRuoB5PYG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAfIHBBDtrgjSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTcyNjM1NzM0NDY4MDQwNziACgPICwHYEwyYFgE&sigh=nJnKXQNuRXM&template_id=492&tpd=AGWhJmt5Egefj606L4vy9Ac_C6XrymROFTFqOm77vUkBhw_p-A
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s12-in-f34.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3BC4 2 KB
3 KB 11ms
10ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 16988
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 02 Jul 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3BC4 295 B
361 B 10ms
9ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 08:18:35 GMT
x-content-type-options: nosniff
server: cafe
age: 27211
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 02 Jul 2020 08:18:35 GMT

GET
DATA 200
OK truncated
/ Frame 3BC4 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55be5fa6a1df7bfb136ca70e3dd78bbbcc84ed7aa0337b28a0ed3518e8592e56

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012006230309000/ Frame F129 205 KB
56 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ce200758387e7446ef2d83ac06d37ed663ab0bf7e1370c5a659017bd5662d7c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 4004
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57191
x-xss-protection: 0
server: sffe
date: Wed, 01 Jul 2020 14:45:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3e1735ca4791a48"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jul 2021 14:45:22 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012006230309000/v0/ Frame F129 96 KB
29 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012006230309000/v0/amp-analytics-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a825d0e781d4861afa8cca726ae602e1c9ae49cbf6dc77390a08384039694c47

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3997
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29740
x-xss-protection: 0
server: sffe
date: Wed, 01 Jul 2020 14:45:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0a5060c0fd825ed9"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jul 2021 14:45:29 GMT

GET
H2 200 7464639028652035684
tpc.googlesyndication.com/simgad/ Frame F129 330 B
449 B 7ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7464639028652035684

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f19e7ee6cdf20bd478c037707c447b7cd469051de4dadeac32a795efb463c2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 14:30:09 GMT
x-content-type-options: nosniff
age: 1819317
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 330
x-xss-protection: 0
last-modified: Tue, 28 Jan 2020 23:02:00 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Jun 2021 14:30:09 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame F129 0
64 B 69ms
68ms Image
image/gif 216.58.208.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsteeC-y1UXv7U3VaFcbcNPq5E0so-oH7otgl0EOEssCM-RbB5UtuXUScIWl8FqQ3IUtlHQ4U9E1CCnr9cXGVFUPhuJN7YE9t7Uo_jyILmvWzMjg96U90ra-B4j60HvatRSDrPTj6V-JKCBJfGYo_rviGAUCZ5KCykBlg2e8GG0wi46MqX9FHjzRP8C4TO-sWzgtb1ldzkE7JVrr0ftKW__TJQdW_hTrMFLYPubSMYVkGzaGILyII4nU1KQsjAblR82YdzRgwzrPN_oDKsd2mQ&sai=AMfl-YS_mGvqElu7tK_rFnmyIP4XNiie2EY_EB66n5HUp5Nalv0Tf4ToMe157K0XeWbgYEeIp85s8M04UGqihBaQrBHKAD-IgAntlVM54-H5&sig=Cg0ArKJSzKdpHXb2pi35EAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s12-in-f34.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 15:52:06 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F129 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79ae19413265c13951cf5a55b9306590710554240f2ed8b6185527c1b560e82a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 3BC4 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=en
Origin: https://threatpost.com

Response headers

date: Tue, 09 Jun 2020 00:43:54 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 1955292
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Wed, 09 Jun 2021 00:43:54 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 3BC4 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=en
Origin: https://threatpost.com

Response headers

date: Sat, 13 Jun 2020 02:31:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 1603258
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Sun, 13 Jun 2021 02:31:08 GMT

GET
H2 200 bframe
www.google.com/recaptcha/api2/ Frame 4B90 0
0 20ms
20ms Document
text/html 2a00:1450:4001:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=wzge3cqrzqr

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5PCTeiLXq1xIi2zbGaSxSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=wzge3cqrzqr
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Jul 2020 15:52:06 GMT
content-security-policy: script-src 'report-sample' 'nonce-5PCTeiLXq1xIi2zbGaSxSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1174
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame 864C 173 B
380 B 108ms
36ms XHR
application/json 35.157.226.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.226.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-226-170.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 643da705843ae6524c5178d56ea094118c372968fcaf1510e74e408b20d6ca17

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:06 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 167
expires: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 342F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
38ms

Image
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Wed, 01 Jul 2020 15:52:06 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 5278
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
39ms

Image
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Wed, 01 Jul 2020 15:52:06 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 3BC4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

53ms
52ms

Image
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Wed, 01 Jul 2020 15:52:06 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 9760024153416966022
tpc.googlesyndication.com/simgad/ Frame 342F 40 KB
40 KB 6ms
5ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9760024153416966022?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qke-jwIhvTjbfsyVRspAFVi3r355A

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fbf33b39fb359dee1f6d9b80835c1f43dc303aecd6697a2128ce25b9de87e4b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 18 Jun 2020 08:33:40 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 15:48:30 GMT
server: sffe
age: 1149506
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41163
x-xss-protection: 0
expires: Fri, 18 Jun 2021 08:33:40 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 342F 2 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 16988
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 02 Jul 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 342F 295 B
361 B 7ms
7ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 08:18:35 GMT
x-content-type-options: nosniff
server: cafe
age: 27211
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 02 Jul 2020 08:18:35 GMT

GET
H2 200 1744574652835401627
tpc.googlesyndication.com/simgad/ Frame 5278 20 KB
20 KB 6ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1744574652835401627?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmLfeKfpcBo8bAwnFz45dZETHYfjQ

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa34788821a38bcde13987589d01ac54956fb32a5c748602b27d09e177e35d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 18 Jun 2020 04:36:11 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 15:47:35 GMT
server: sffe
age: 1163755
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20126
x-xss-protection: 0
expires: Fri, 18 Jun 2021 04:36:11 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5278 2 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 16988
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 02 Jul 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5278 295 B
361 B 6ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 08:18:35 GMT
x-content-type-options: nosniff
server: cafe
age: 27211
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 02 Jul 2020 08:18:35 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/210661164476808107/ Frame 3BC4 11 KB
11 KB 11ms
7ms Image
image/jpeg 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e9621be2cc62895b462e1e1198172d36ccdd7fdc6ad658ca20135ba5f3a1db3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Jun 2020 08:23:27 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 07:50:58 GMT
server: sffe
age: 545319
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10829
x-xss-protection: 0
expires: Fri, 25 Jun 2021 08:23:27 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12873405645878381694/ Frame 3BC4 2 KB
2 KB 10ms
7ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06c5c6f82e19c34ebf8c6c560780a5a6bdb89460159b8aafc38e7ac5f9609184

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 14:45:33 GMT
x-content-type-options: nosniff
last-modified: Thu, 09 Jan 2020 18:12:51 GMT
server: sffe
age: 1818393
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1862
x-xss-protection: 0
expires: Thu, 10 Jun 2021 14:45:33 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3BC4 2 KB
3 KB 11ms
9ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 16988
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 02 Jul 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3BC4 295 B
361 B 11ms
8ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 08:18:35 GMT
x-content-type-options: nosniff
server: cafe
age: 27211
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 02 Jul 2020 08:18:35 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame F129 0
54 B 67ms
66ms Image
image/gif 216.58.208.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu0Rdy4L5CroOBnjCjIu2YqlwwZ7XaJ38Vt1rPwmf73zjJxw2NT0G9FbWaqCFJrR5ZOHZWRcR6j7Ck-HHixKVHOiwC6RGAUkmNaQ48j7-pUEjyL_S3ynbuH3BLyq1QItqVZjb-tP0w2kn-KGcVq0uecJJyrUveSDe6b-E6o17sTbK0xzTJdFWz3rn73OXxhjkljzrGgO6553yb9CNmgL3JXG12PX9_LlbmpVyrZ8UwoWmkMeBlpwi7Yjyll0zb_GhvOM60V5MNGD7SPRs3ry0Xy&sai=AMfl-YRtjYoIi0-aVwwtpBnpzByAPVQFbjRWb4nae9xZs4lAIWEV0y1SJYh0-JlcuEE6k_ybw0779vMzvKm2Te8ttxXkHzrH78Kdab1sjbtz&sig=Cg0ArKJSzBczGWNJQPaIEAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s12-in-f34.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 15:52:06 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 7464639028652035684
tpc.googlesyndication.com/simgad/ Frame F129 330 B
393 B 6ms
5ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7464639028652035684

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f19e7ee6cdf20bd478c037707c447b7cd469051de4dadeac32a795efb463c2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 14:30:09 GMT
x-content-type-options: nosniff
age: 1819317
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 330
x-xss-protection: 0
last-modified: Tue, 28 Jan 2020 23:02:00 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Jun 2021 14:30:09 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 7 KB
6 KB 17ms
17ms XHR
application/json 2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020062502&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020062502.js?21066628

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b16bd49e3c6016aa7b5bc24e7f8df810dbbbdc0e69b56906162b46a48d1189f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jul 2020 15:52:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 5638
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
6 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1591403518460474"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5540
x-xss-protection: 0
expires: Wed, 01 Jul 2020 15:52:06 GMT

GET
H/1.1 200
OK w_640_001.ts Show response
video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/ Frame 864C 269 KB
269 KB 38ms
37ms XHR
video/mp2t 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/w_640_001.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 175f8fc188e2702864cef9389872db6dc702da811744754cc479b6719b954b1e

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:05 GMT
Last-Modified: Tue, 20 Aug 2019 08:43:54 GMT
Server: Tengine
ETag: "5d5bb2ca-43320"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Wed, 08 Jul 2020 15:52:05 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 275232
X-Proxy-Cache: HIT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame ECD4 0
379 B 44ms
43ms Image
text/html 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=16&serverTime=1593618724&s=0&sta=12348808&x=320&y=180&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%206%20%2F%20default&isApp=0&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efcb1246aea7&contentFileId=483586&mediaPlayListId=5946&playerVer=3.0.0&contentMatchType=&isExcludeFromOpt=0&cbuster=1593618726815&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:06 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame 315E 0
0 6ms
5ms Document
text/html 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/210/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4590
date: Wed, 01 Jul 2020 15:40:49 GMT
expires: Thu, 01 Jul 2021 15:40:49 GMT
last-modified: Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 677
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK w_640_002.ts Show response
video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/ Frame 864C 261 KB
261 KB 60ms
59ms XHR
video/mp2t 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/w_640_002.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 9de9a21dfc3a7c2f955749eb7775022ad5ea7da7235945d9b2eb93f7317ad484

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:05 GMT
Last-Modified: Tue, 20 Aug 2019 08:43:54 GMT
Server: Tengine
ETag: "5d5bb2ca-412d0"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Wed, 08 Jul 2020 15:52:05 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 266960
X-Proxy-Cache: HIT

GET
H/1.1 200
OK w_640_003.ts Show response
video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/ Frame 864C 355 KB
356 KB 38ms
38ms XHR
video/mp2t 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/w_640_003.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 931f5a817d756ac2e8ea318075ce1ba5563a05aea56767ced31cc2f5ae072ff1

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:05 GMT
Last-Modified: Tue, 20 Aug 2019 08:43:54 GMT
Server: Tengine
ETag: "5d5bb2ca-58d04"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Wed, 08 Jul 2020 15:52:05 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 363780
X-Proxy-Cache: HIT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
55 B 39ms
39ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gpt_2020062502&jk=1801557964832232&bg=!LC-lLzdYpHesmzpuaN4CAAAAdFIAAAAMmQF_2XR7AX6V0NPN4Dj6Zkl1R9RH5VHrp9KPh9wVaSa5qc0IOdVQK-hGRCLNNaXeKxAZ4yyhsv27Jp9c9Blzs9lN-uD_SiBgdd68QnpMfzsEwwSO-_ZOw8d2n46cGRGUrXCg93aMohAhM9Ctvcu7k5XwrC8xKxtMgQNRMTW7_rYgvbDb8yHYHfzHfO9Xl57RCNC9xeKCRNC0RQpFD-tivZOTnoHwP_uUykGymGJKsxxkTEde2OGVeQktTexXX5N17duW7hSNScbV19DBaWqaZ6ZwBADxE-QXlKaaZpQhP7sUeGUGTRw89PkY3-2eKCmp3vAyFpUwes1ULvQxNw63Tik_JYsLvre1Mmf63JrC-LRQQE0Z7gKNmCOsKyixcLQQWs2_UXyo5dO-TkxOlPMQ_FRqmIxLyLDxm-jeiFrurh_WJpF_TB0O7LTylox4x2oTAWQ84CDJD1BBzs6StQ0oBsv7BLn1kyKd0rgraApZ5pTEBBnY-c3-PWziGJwEj6YfT0Q

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK w_640_004.ts Show response
video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/ Frame 864C 386 KB
386 KB 38ms
37ms XHR
video/mp2t 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/w_640_004.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 26095a8a3cb5d733aae274b3e60140f2be5b015192616ff32a27348b680fbe54

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:05 GMT
Last-Modified: Tue, 20 Aug 2019 08:43:55 GMT
Server: Tengine
ETag: "5d5bb2cb-60630"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Wed, 08 Jul 2020 15:52:05 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 394800
X-Proxy-Cache: HIT

GET
H/1.1 200
OK w_640_005.ts Show response
video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/ Frame 864C 431 KB
432 KB 42ms
41ms XHR
video/mp2t 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/w_640_005.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: d12ddf1a204678d1e3d6057a4ce0c52d56537572d45d3f444e87a35695be08cb

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:05 GMT
Last-Modified: Tue, 20 Aug 2019 08:43:55 GMT
Server: Tengine
ETag: "5d5bb2cb-6bd0c"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Wed, 08 Jul 2020 15:52:05 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 441612
X-Proxy-Cache: HIT

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 1BD8 0
0 167ms
46ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Fri, 29 May 2020 23:03:21 GMT
Content-Encoding: gzip
Content-Length: 9233
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=86258
Expires: Thu, 02 Jul 2020 15:49:45 GMT
Date: Wed, 01 Jul 2020 15:52:07 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 3552 0
0 67ms
67ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Last-Modified: Tue, 14 Apr 2020 10:27:52 GMT
ETag: "13006b6-a4bb-5a33da6f1a023"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 15243
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=114177
Expires: Thu, 02 Jul 2020 23:35:04 GMT
Date: Wed, 01 Jul 2020 15:52:07 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame CE85 0
0 121ms
54ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Last-Modified: Tue, 14 Apr 2020 10:27:52 GMT
ETag: "13006b6-a4bb-5a33da6f1a023"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 15243
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=114177
Expires: Thu, 02 Jul 2020 23:35:04 GMT
Date: Wed, 01 Jul 2020 15:52:07 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 8CA5 0
0 129ms
41ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Connection: keep-alive
Content-Length: 506
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Thu, 06 May 2021 05:24:22 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 01 Jul 2020 15:52:07 GMT
Age: 4876066
X-Served-By: cache-lga21948-LGA, cache-hhn4023-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 236858, 4926272
X-Timer: S1593618727.259966,VS0,VE0
Vary: Accept-Encoding

GET
H2

200

pd
u.openx.net/w/1.0/ Frame E5FD
Redirect Chain

https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
https://u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=

0
0

54ms
54ms

Document
text/html

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.188.2 /
Resource Hash

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=5580b018-c9a2-4616-b1f6-802b5821b826|1593618727
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=5580b018-c9a2-4616-b1f6-802b5821b826|1593618727; Version=1; Expires=Thu, 01-Jul-2021 15:52:07 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1593618727|gekin0vNiygu; Version=1; Expires=Thu, 16-Jul-2020 15:52:07 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.188.2
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 01 Jul 2020 15:52:07 GMT
content-type: text/html
content-length: 421
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

status: 302
set-cookie: i=5580b018-c9a2-4616-b1f6-802b5821b826|1593618727; Version=1; Expires=Thu, 01-Jul-2021 15:52:07 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.188.2
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=
date: Wed, 01 Jul 2020 15:52:07 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2

204

sync
pixel.advertising.com/ups/55953/ Frame 864C
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
https://pixel.advertising.com/ups/55953/sync?uid=9f032fca-0dba-42f2-8098-51c9289794c5&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=9f032fca-0dba-42f2-8098-51c9289794c5

0
124 B

37ms
37ms

Image
text/plain

35.157.252.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55953/sync?uid=9f032fca-0dba-42f2-8098-51c9289794c5&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=9f032fca-0dba-42f2-8098-51c9289794c5

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.252.175 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-252-175.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Wed, 01 Jul 2020 15:52:07 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:07 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.advertising.com/ups/55953/sync?uid=9f032fca-0dba-42f2-8098-51c9289794c5&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=9f032fca-0dba-42f2-8098-51c9289794c5
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 369

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/57304/ Frame 864C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm=&google_sc=&google_tc=
https://pixel.advertising.com/ups/57304/sync?uid=CAESEGmmmo4wXzmdhrkVAhOD37k&google_cver=1
https://pixel.advertising.com/ups/57304/sync?uid=CAESEGmmmo4wXzmdhrkVAhOD37k&google_cver=1&verify=true
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEGmmmo4wXzmdhrkVAhOD37k&google_cver=1&apid=UPd10e7602-bbb2-11ea-ac49-06e43d3d11ac

0
1 KB

100ms
34ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEGmmmo4wXzmdhrkVAhOD37k&google_cver=1&apid=UPd10e7602-bbb2-11ea-ac49-06e43d3d11ac

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.113 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:07 GMT
Server: ATS/7.1.2.113
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Wed, 01 Jul 2020 15:52:07 GMT
location: https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEGmmmo4wXzmdhrkVAhOD37k&google_cver=1&apid=UPd10e7602-bbb2-11ea-ac49-06e43d3d11ac
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET

sync
sync.adaptv.advertising.com/ Frame 864C
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D&_test=XvyxJwAAAE3FBVvC
https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XvyxJwAAAE3FBVvC&_test=XvyxJwAAAE3FBVvC
https://sync.adaptv.advertising.com/sync?type=gif&key=tubemogul&uid=XvyxJwAAAE3FBVvC&_test=XvyxJwAAAE3FBVvC

0
0

GET
H2 200 %7Bcombo_uid%7D
pr-bh.ybp.yahoo.com/sync/adaptv_ortb/ Frame 864C 43 B
839 B 130ms
42ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/adaptv_ortb/%7Bcombo_uid%7D

Requested by

Host: threatpost.com
URL: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 01 Jul 2020 15:52:07 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame ECD4 0
379 B 43ms
43ms Image
text/html 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=36&serverTime=1593618724&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%206%20%2F%20default&isApp=0&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efcb1246aea7&contentFileId=0&mediaPlayListId=0&cbuster=1593618727186&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:06 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 342F 42 B
107 B 40ms
40ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvh8S09erHlK8h2tjDQxpzJluliyNUuq2zHXvB9HEOTUrPzTuauoTiwWK9T0CDV6M5XJsxoMXR47RC6oevssl6sguYY-7_ro8FbdYabSzAYzpXgiM6zZWv3uRgCYA&sai=AMfl-YQ9rihUuKww-fzx3OE7-jfMeAlPGjIzwHEz1qpMmaaUkvwkSSMOadLKldUaK-1OcCAFZTfuSyKahciOAl8UMQtlwOux24dPD2HPP8Us&sig=Cg0ArKJSzCCs0zhKFtRGEAE&id=ampim&o=315,10&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,0,1001,1001&tos=0,0,0,1001,0&tfs=371&tls=1372&g=100&h=100&tt=1372&r=v&avms=ampa&adk=1015519800

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync.html
public.servenobid.com/ Frame A3A1 0
0 175ms
69ms Document
text/html 13.224.102.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.40 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-40.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: public.servenobid.com
:scheme: https
:path: /sync.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

status: 200
content-type: text/html
content-length: 2238
date: Wed, 01 Jul 2020 02:11:35 GMT
last-modified: Wed, 05 Feb 2020 04:43:10 GMT
etag: "b6a3577c8173652d03faf98111a4c16a"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 1437ff2cfbc1ea8c7a36e6b0ce6e935a.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: dxZ-m10OfL1tk3MLlB5RzfPc_EF9nlXlrJZW8sjdkn9OmYYRYyJHlQ==
age: 49233

GET
H/1.1

200
OK

2000891.html
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame 8F25
Redirect Chain

https://sync.serverbid.com/ss/2000891.html
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

0
0

1225ms
56ms

Document
text/html

205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Date: Wed, 01 Jul 2020 15:52:09 GMT
Connection: Keep-Alive
Cache-Control: max-age=18776
Content-Length: 4947
Content-Type: text/html
Last-Modified: Wed, 20 Nov 2019 20:29:05 GMT
Accept-Ranges: bytes
ETag: "1b0ebac83fe30af80513039edbdf566f"
x-amz-request-id: tx000000000000025911627-005efba901-35e3884-nyc3a
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1593618729.dop218.lo4.t,1593618729.cds091.lo4.shn,1593618729.dop218.lo4.t,1593618729.cds210.lo4.c

Redirect headers

status: 302
content-length: 0
location: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
cache-control: no-cache

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 3535 0
0 73ms
73ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=156858:2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Last-Modified: Tue, 14 Apr 2020 10:27:52 GMT
ETag: "13006b6-a4bb-5a33da6f1a023"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 15243
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=114177
Expires: Thu, 02 Jul 2020 23:35:04 GMT
Date: Wed, 01 Jul 2020 15:52:07 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 0E1D 0
0 69ms
68ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Fri, 29 May 2020 23:03:21 GMT
Content-Encoding: gzip
Content-Length: 9233
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=86258
Expires: Thu, 02 Jul 2020 15:49:45 GMT
Date: Wed, 01 Jul 2020 15:52:07 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

Cookie set beacon
ap.lijit.com/ Frame 231A
Redirect Chain

https://ap.lijit.com/beacon?informer=13394437
https://ap.lijit.com/beacon?informer=13394437&dnr=1

0
0

49ms
47ms

Document
text/html

216.52.2.48
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13394437&dnr=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljt_reader=ff6888811c66f4b388def8b9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Server: nginx
Date: Wed, 01 Jul 2020 15:52:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJxlkDsSgEAIQ%2B%2BytQXfBbya490dVxuy5YNJSLgGj5O9NMhZ4hhzLraU1Jelo3YM7uxEMGHqXFUOHv9FEfWlkE0R2yThCqROuJrgmdAjDRgyJn4F9PLtdU6uxdE7KegN8hj4WcFfQe%2FYn3qi%2BwEUOV1J;Path=/;Domain=.lijit.com;Expires=Thu, 01-Jul-2021 15:52:07 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=ff6888811c66f4b388def8b9;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap5ams1

Redirect headers

Server: nginx
Date: Wed, 01 Jul 2020 15:52:07 GMT
Content-Length: 0
Set-Cookie: ljt_reader=ff6888811c66f4b388def8b9;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ap.lijit.com/beacon?informer=13394437&dnr=1
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap5ams1

GET
H/1.1 200
OK ixmatch.html
js-sec.indexww.com/um/ Frame 9B8C 0
0 163ms
69ms Document
text/html 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Server: Apache
Last-Modified: Mon, 19 Jun 2017 19:18:19 GMT
ETag: "74087b-112-55254ff6699bb"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 211
Date: Wed, 01 Jul 2020 15:52:07 GMT
Connection: keep-alive

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 74D2 0
0 64ms
64ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.188.2 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=5580b018-c9a2-4616-b1f6-802b5821b826|1593618727; pd=v2|1593618727|gekin0vNiygu
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=5580b018-c9a2-4616-b1f6-802b5821b826|1593618727; Version=1; Expires=Thu, 01-Jul-2021 15:52:07 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1593618727|mWkigqiysLommOgevNgunsn0; Version=1; Expires=Thu, 16-Jul-2020 15:52:07 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.188.2
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 01 Jul 2020 15:52:07 GMT
content-type: text/html
content-length: 316
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 11EC 0
0 61ms
60ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/

Response headers

Connection: keep-alive
Content-Length: 506
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Thu, 06 May 2021 05:24:22 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 01 Jul 2020 15:52:07 GMT
Age: 4876066
X-Served-By: cache-lga21948-LGA, cache-hhn4023-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 236858, 4926273
X-Timer: S1593618728.817842,VS0,VE0
Vary: Accept-Encoding

GET
H2 204 sync
pixel.advertising.com/ups/56465/ 0
124 B 65ms
63ms Image
text/plain 35.157.252.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.252.175 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-252-175.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Wed, 01 Jul 2020 15:52:07 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

sync
pixel.advertising.com/ups/55965/
Redirect Chain

https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent=
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=8HzFNacokWHoLZA18iiOZ_V6xTTofZA3_Ct-IVro

0
124 B

54ms
53ms

Image
text/plain

35.157.252.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=8HzFNacokWHoLZA18iiOZ_V6xTTofZA3_Ct-IVro

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.252.175 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-252-175.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Wed, 01 Jul 2020 15:52:07 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:07 GMT
status: 302
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=8HzFNacokWHoLZA18iiOZ_V6xTTofZA3_Ct-IVro
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
264 B 68ms
66ms Image
image/gif 54.229.128.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.128.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-128-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:07 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status: 200
cache-control: private,no-cache, must-revalidate
content-type: image/gif
content-length: 70

GET
H2 204 current
aol-match.dotomi.com/match/bounce/ 0
104 B 91ms
19ms Image
text/plain 2a02:fa8:8806:13::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aol-match.dotomi.com/match/bounce/current?networkId=60&version=1&nuid=1Acf482144-bbb2-11ea-bace-121160e138ec&gdpr=1&gdpr_consent=&rurl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55853%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Wed, 01 Jul 2020 15:52:07 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5278 42 B
107 B 62ms
62ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvzUfUC3_w1k8_F2hIALzcpCQOPZlbsfBbfa9YS2HCwFMl37niCpV178xZLwoqcWA3WtLZN0NhCV_VZMmHi13kfYzm_XTiSxAXUymlr3wrmwbeV1I7wy4QJtJv-Xw&sai=AMfl-YSkeAaGvv-MFTQ3SNB4AEcCsUkrtaBB_7XkzXQgwp7Vwy2nNa2ueMyFF7yz1VbsF7Uy6RZwQZqNdL7kmY_3npXZE6Jd-HfpXQBWuXEn&sig=Cg0ArKJSzF8X-CuXyvCsEAE&id=ampim&o=1082,417&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1014&mtos=0,0,1014,1014,1014&tos=0,0,1014,0,0&tfs=340&tls=1354&g=100&h=100&tt=1355&r=v&avms=ampa&adk=654286612

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame F129 42 B
107 B 59ms
58ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsttWOj2eFQJKAWPvFlDIEXV7OthfrJI4s384qOoUKHiMGqcSaFc77r-uSyJeuo_4JnLwqWrhcxVcv0CECpUns9St78fX0o3cNzFc5DgZ5A&sig=Cg0ArKJSzI_QkzScvyVUEAE&id=ampim&o=0,0&d=2,2&ss=1600,1200&bs=1600,1200&mcvt=1010&mtos=0,0,1010,1010,1010&tos=0,0,1010,0,0&tfs=151&tls=1161&g=100&h=100&tt=1161&r=v&avms=ampa&adk=3385906655

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK liveMatching.php Show response
live.sekindo.com/live/ Frame 864C 0
445 B 219ms
96ms XHR
text/html 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveMatching.php
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30372D30315F31387D7B7331323334383830387D7B433131397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E6941764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+6+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efcb1246aea7&debugInfo=12348808_ABT+%2F+Prebid+%2F+6+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.0766&geoLong=14.5148&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:09 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-store

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame ECD4 0
379 B 1130ms
45ms Image
text/html 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1593618724&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%206%20%2F%20default&isApp=0&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efcb1246aea7&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1593618730567&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:10 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK w_640_006.ts Show response
video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/ Frame 864C 116 KB
116 KB 55ms
54ms XHR
video/mp2t 185.167.96.211
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn1/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d47c725224559183.mp4/w_640_006.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.211 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 4dd37d1d10c70e222c5ca77232736e075a96b8824371e9d784c279d6e30e2085

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 01 Jul 2020 15:52:11 GMT
Last-Modified: Tue, 20 Aug 2019 08:43:55 GMT
Server: Tengine
ETag: "5d5bb2cb-1d020"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Wed, 08 Jul 2020 15:52:11 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 118816
X-Proxy-Cache: HIT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ Frame 864C 25 B
1 KB 266ms
175ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=435870&v=8.1&r=%7B%22id%22%3A%22231295ad519fd55%22%2C%22imp%22%3A%5B%7B%22id%22%3A%222486bbab4252822%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.8%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&nf=1&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 16a3de600ad98e5b91fc8377901e76594c460a794eab9680b9ae2abeecc49fc5

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:13 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 45
Expires: Wed, 01 Jul 2020 15:52:13 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 864C 0
215 B 324ms
254ms XHR
application/json 18.185.15.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.15.67 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-15-67.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 864C 144 B
837 B 164ms
66ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

20bf8396a73c1009e1c601159342aabcdbdf1e9633f3ccabb36b2d2a40be5d37

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:15 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 717.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.47:80
AN-X-Request-Uuid: 94fa9aa4-8f67-48f3-abfc-aaabfd37e823
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 864C 0
59 B 51ms
50ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 01 Jul 2020 15:52:13 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame 864C 92 B
283 B 134ms
133ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fcisa-nation-state-attackers-palo-alto-networks-bug%2F157013%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=d877d5f5-293b-4aaa-8882-55c75ec143a8&nocache=1593618733695&gdpr_consent=&gdpr=1&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&skip=1&auid=540882779&vwd=320&vht=180&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.188.2 /
Resource Hash: 004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:13 GMT
via: 1.1 google
server: OXGW/16.188.2
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 92
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame ECD4 43 B
463 B 131ms
43ms Image
image/gif 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=6&serverTime=1593618725&s=58057&sta=12381426&x=320&y=180&msta=12348808&vid_vastType=3&vid_viewabilityState=1&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%206%20%2F%20default&playbackMethod=auto&isApp=0&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efcb1246aea7&rvn=${VP_RVN_MACRO}&attemptMultiplier=10&contentFileId=0&mediaPlayListId=0&playerVer=3.0.0&cbuster=1593618733687&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:12 GMT
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Content-Disposition: inline; filename="pixel.gif"
Content-Type: image/gif
Expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame 864C 173 B
381 B 38ms
35ms XHR
application/json 35.157.226.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.226.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-226-170.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: b53bd277071fe3d5a8f8a1f34d378b82ed5d574f50d38457cbc4676bd00a74f2

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Jul 2020 15:52:14 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 168
expires: 0

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame ECD4 43 B
463 B 1148ms
43ms Image
image/gif 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=6&serverTime=1593618725&s=58057&sta=10813934&x=320&y=180&msta=12348808&vid_vastType=3&vid_viewabilityState=1&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%206%20%2F%20default&playbackMethod=auto&isApp=0&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efcb1246aea7&rvn=${VP_RVN_MACRO}&attemptMultiplier=10&contentFileId=0&mediaPlayListId=0&playerVer=3.0.0&cbuster=1593618734020&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:14 GMT
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Content-Disposition: inline; filename="pixel.gif"
Content-Type: image/gif
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame ECD4 0
379 B 165ms
43ms Image
text/html 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1593618724&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%206%20%2F%20default&isApp=0&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efcb1246aea7&contentFileId=0&mediaPlayListId=0&dur=1000&cbuster=1593618735057&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:15 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame ECD4 0
379 B 121ms
43ms Image
text/html 63.250.56.119
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1593618724&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%206%20%2F%20default&isApp=0&userIpAddr=89.238.186.243&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efcb1246aea7&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1593618735567&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.250.56.119 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Jul 2020 15:52:14 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.adaptv.advertising.com
URL: https://sync.adaptv.advertising.com/sync?type=gif&key=tubemogul&uid=XvyxJwAAAE3FBVvC&_test=XvyxJwAAAE3FBVvC

Verdicts & Comments Add Verdict or Comment

244 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pubmatic.com/	1970-01-19 10:41:45	Name: pi Value: 159196:2
.ads.pubmatic.com/	1970-01-19 10:41:45	Name: KCCH Value: YES
.threatpost.com/	1970-01-19 20:04:47	Name: __qca Value: P0-2055733808-1593618724980
.threatpost.com/	1970-01-20 04:11:30	Name: _ga Value: GA1.2.1924463279.1593618725
.threatpost.com/	1970-01-19 10:41:45	Name: _gid Value: GA1.2.1604028730.1593618725
.threatpost.com/	1970-01-19 10:40:18	Name: _gat_UA-35676203-21 Value: 1
.pubmatic.com/	1970-01-19 12:49:54	Name: KTPCACOOKIE Value: YES
.threatpost.com/	1970-01-20 04:11:30	Name: __gads Value: ID=2cf4a7a3db52f945:T=1593618724:S=ALNI_MZPpl8Hwd9ILvDo7wHQZPbYZN0n9w

29 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 325) Message: gBrowserWidth =1600
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 350) Message: OpenX Slot defined for /21707124336/ThreatPost-970x250-ATF div-gpt-ad-6794670-2
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 350) Message: OpenX Slot defined for /21707124336/ThreatPost-300x250-ATF div-gpt-ad-6794670-3
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 350) Message: OpenX Slot defined for /21707124336/ThreatPost-300x600-ATF div-gpt-ad-6794670-5
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 350) Message: OpenX Slot defined for /21707124336/ThreatPost-2x2-Skin div-gpt-ad-6794670-1
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 3) Message: CMP: Locale=en-us gdpr= false
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 3) Message: GDPR is not applicable, skipping initialization of CMP
console-api	log	(Line 3) Message: Not calling apstag.init() typeof(kAmazonPublisherID)=undefined
console-api	log	(Line 3) Message: ENGINE: gSChainNodes found, prebid configured with 1 supply chain object(s)
console-api	log	(Line 3) Message: Initial Ad Load
console-api	log	(Line 3) Message: sendBidRequests() gPBJSTimeoutTimer=null pbjs.adserverRequestSent=undefined
console-api	log	(Line 3) Message: pbjs bids returned
console-api	log	(Line 3) Message: gPBJSTimeoutTimer cleared
console-api	log	(Line 3) Message: sendAdserverRequest(): pbjsBidsBack
console-api	log	(Line 3) Message: sendAdserverRequest()
console-api	log	(Line 3) Message: Not calling apstag.setDisplayBids() gAmazonBidsBack=false
console-api	log	(Line 3) Message: pbjs.getAdserverTargeting: >> Prebid
console-api	log	(Line 3) Message: [object Object]
console-api	log	(Line 3) Message: pbjs.getBidResponses:
console-api	log	(Line 3) Message: [object Object]
console-api	log	(Line 3) Message: gThisRefreshSlots=
console-api	log	(Line 3) Message: [object Object],[object Object],[object Object],[object Object]
console-api	log	(Line 3) Message: sendAdserverRequest(): ---> Calling googletag.pubads().refresh()
console-api	log	(Line 3) Message: console.groupEnd
console-api	info	URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js(Line 417) Message: Powered by AMP ⚡ HTML – Version 2006230309000 https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
console-api	info	URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js(Line 417) Message: Powered by AMP ⚡ HTML – Version 2006230309000 https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
console-api	info	URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js(Line 417) Message: Powered by AMP ⚡ HTML – Version 2006230309000 https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
console-api	info	URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js(Line 417) Message: Powered by AMP ⚡ HTML – Version 2006230309000 https://threatpost.com/cisa-nation-state-attackers-palo-alto-networks-bug/157013/
console-api	warning	URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js(Line 21) Message: [amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu0Rdy4L5CroOBnjCjIu2YqlwwZ7XaJ38Vt1rPwmf73zjJxw2NT0G9FbWaqCFJrR5ZOHZWRcR6j7Ck-HHixKVHOiwC6RGAUkmNaQ48j7-pUEjyL_S3ynbuH3BLyq1QItqVZjb-tP0w2kn-KGcVq0uecJJyrUveSDe6b-E6o17sTbK0xzTJdFWz3rn73OXxhjkljzrGgO6553yb9CNmgL3JXG12PX9_LlbmpVyrZ8UwoWmkMeBlpwi7Yjyll0zb_GhvOM60V5MNGD7SPRs3ry0Xy&sai=AMfl-YRtjYoIi0-aVwwtpBnpzByAPVQFbjRWb4nae9xZs4lAIWEV0y1SJYh0-JlcuEE6k_ybw0779vMzvKm2Te8ttxXkHzrH78Kdab1sjbtz&sig=Cg0ArKJSzBczGWNJQPaIEAE&adurl=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

05271505f1376639d2adc2f31a57eb63.safeframe.googlesyndication.com
acdn.adnxs.com
ads.adaptv.advertising.com
ads.pubmatic.com
ads.servenobid.com
adserver-us.adtech.advertising.com
adservice.google.de
analytics.twitter.com
aol-match.dotomi.com
ap.lijit.com
as-sec.casalemedia.com
assets.threatpost.com
c.amazon-adsystem.com
cdn.ampproject.org
cm.g.doubleclick.net
csync.loopme.me
e.serverbid.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
graph.facebook.com
hbopenbid.pubmatic.com
i1.wp.com
ib.adnxs.com
js-sec.indexww.com
kasperskycontenthub.com
live.sekindo.com
match.adsrvr.org
media.threatpost.com
pagead2.googlesyndication.com
pixel.advertising.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
public.servenobid.com
qd.admetricspro.com
rules.quantcount.com
secure.gravatar.com
secure.quantserve.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
static.ads-twitter.com
stats.g.doubleclick.net
sync.adaptv.advertising.com
sync.search.spotxchange.com
sync.serverbid.com
t.co
tagan.adlightning.com
teachingaids-d.openx.net
threatpost.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
video.sekindo.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.reddit.com
x.bidswitch.net
sync.adaptv.advertising.com
104.111.230.142
104.244.42.131
104.244.42.69
13.224.102.234
13.224.102.40
13.224.102.80
134.209.129.254
134.209.131.220
148.251.129.84
151.101.113.108
151.101.12.157
172.217.16.194
18.156.0.31
18.185.15.67
185.167.96.211
185.33.220.240
185.64.189.112
185.94.180.126
192.0.77.2
199.232.53.140
205.185.216.10
216.52.2.48
216.58.208.34
23.210.249.164
23.210.249.92
2600:9000:2190:1000:0:5c46:4f40:93a1
2600:9000:2190:2e00:2:9275:3d40:93a1
2600:9000:2190:e800:6:44e3:f8c0:93a1
2606:2800:233:97b6:26be:138a:cba8:bb01
2606:4700:e4::ac40:a60d
2620:116:800d:21:51e4:db4b:4436:b305
2620:1ec:21::14
2a00:1288:110:c305::8000
2a00:1450:4001:801::2002
2a00:1450:4001:802::2001
2a00:1450:4001:802::2002
2a00:1450:4001:802::2003
2a00:1450:4001:808::2001
2a00:1450:4001:808::2003
2a00:1450:4001:80b::2002
2a00:1450:4001:816::2001
2a00:1450:4001:81d::2002
2a00:1450:4001:81e::2003
2a00:1450:4001:821::2004
2a00:1450:4001:824::2008
2a00:1450:4001:825::200a
2a00:1450:4001:825::200e
2a00:1450:400c:c07::9b
2a02:fa8:8806:13::1430
2a03:2880:f02d:e:face:b00c:0:2
2a04:fa87:fffe::c000:4902
3.127.169.241
34.98.64.218
35.157.226.170
35.157.252.175
35.173.160.135
35.244.159.8
54.229.128.207
54.246.176.10
63.250.56.119
69.173.144.141
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
0549b0601c73844ffc7309eeb465b637435e19adbda520ec06e3344c85b76c38
054e64dc705360fa512cdcbd2b7f068d32eb2a961c20719f90c7dc48a1733010
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06c5c6f82e19c34ebf8c6c560780a5a6bdb89460159b8aafc38e7ac5f9609184
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
0e453d31a556b49b2fe38a790b45d234aa46ffa811e40f499d27c941658d8fe9
0e9621be2cc62895b462e1e1198172d36ccdd7fdc6ad658ca20135ba5f3a1db3
148b7ec7bcb471dad88aef4e94633559325b2da576127dae4deffdbaaeba0bf2
14be6a0a8ec5070f1aac299ccff69379e9bf038148d5a1c5a66f772308f6e959
15e9840f31982980328598c38e5c60434072901f2c902713ef9c4d4900e05307
16a3de600ad98e5b91fc8377901e76594c460a794eab9680b9ae2abeecc49fc5
172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d
175f8fc188e2702864cef9389872db6dc702da811744754cc479b6719b954b1e
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1f152c8879492dd153cf7a47ad195151e20491e60985d86f9ef7a7ddc85062f6
20bf8396a73c1009e1c601159342aabcdbdf1e9633f3ccabb36b2d2a40be5d37
21be3f696764f11a2746ff8d41be1a071eb3dc11ebfad8c82bd60d95d805cc00
21e46fe44c6929876f5a413c843ae516c0ddfd1aad3e8e33446b7bc0a6781b08
22bce61f4ab1cabf0df284f75cf064654e2c82fd992de9b8bd951f3bb43a87ca
26095a8a3cb5d733aae274b3e60140f2be5b015192616ff32a27348b680fbe54
282363389dcd2c5897c10116b901468f4a22c45ec583b5a101b9e095616a1671
2a894a543ce8896d0b9946476de968c9ffa165fed8ed49ee1a88d13d1cb1214f
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d36bffbb58ecc453f166cd49885ffe3a548fa0b818a7926c2ea0304de6aa563
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2dfcec43178b0e8e1c435b131261ab7dccaedde579c5cdc6ea74fbf5bb31ffbe
2ea89ed02bb4ead2b9e9736bc86f36b1f666333c6dd6f3a46f5beb09309ff119
3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
31d85fbe07b479d27a2ef6e195eb4cfd9dce455e6c5549b2fb23d3e59d532391
3435531b595fb1b2b529346e1df8c979a1fd727f56ea8c0d792316035440cac5
34cd6311da41615789f6c7c4302d57501cd772a174b6f984b864bb3683abb1e9
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
39acff21a7526c57aecfab519ae6bc57b24611d05058c34fe7a1c6391a456339
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d
3a9228eca2961efdd420c3ab63578dfe8180b1bbe2d9976b8557e90cbc6fc9e1
3cb5627fb22b404f82531acf16febdd395595021426caf8db97cbc78817be204
3dbd06bf1d690a4c0fcbfcd77c26a032558b9f9698bb7261191bfb19656bf8ca
40be03c3074a1bcff5edd01cc83b95ad13ff177fd71e95b064393240c57c3a5b
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
42ec7d154f1abcad8706bc2ce0f89883ef5baa499a0c84f6ab6acace87d9dc84
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
482029b5f5f08818d7e14279dd72eb1f23e01c415bb43635776d139b36e4551b
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a48100236e192a9045a10da91c4bc15ed2b0bb7c414bc047ccb96d95e5ec2a3
4dd37d1d10c70e222c5ca77232736e075a96b8824371e9d784c279d6e30e2085
4fa34788821a38bcde13987589d01ac54956fb32a5c748602b27d09e177e35d9
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55be5fa6a1df7bfb136ca70e3dd78bbbcc84ed7aa0337b28a0ed3518e8592e56
55cdccf663f0301ade1a37bca0f7217476fe2e7867dc0c207ebc90e315e4a0c7
592219fca9342c842545618d2f3ccd0b8a8f5895bb0e9877e188b2ac017e832d
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d363c974cd81869ce3fd8d76a06f12b273be51cb358a9a85c21d157eedde824
643da705843ae6524c5178d56ea094118c372968fcaf1510e74e408b20d6ca17
69a48d0048fc5eb68c4b52a37b36c6c4a5cff257d114afce9ac9c5c6229d3626
6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2
6ce200758387e7446ef2d83ac06d37ed663ab0bf7e1370c5a659017bd5662d7c
7301462cb27dcb0cf467822211f6cdd478be091ed9d776b29f426ce78c4a414f
76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e
76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099
79ae19413265c13951cf5a55b9306590710554240f2ed8b6185527c1b560e82a
7d0492c66125b1c2bdc419641e41542857e7d90e323d355ee0b8bb268da121fb
7d9944f6f4e2d0330ca2a9d758a404fdca5937f4a0ddf939247ca3505f9f0bbc
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
812649c7f263402f7c65977e5f76c1d802d58633076d0f8379cc081acc923252
82778d6bab0bf693d922b290e21dc5766bc0d7dcc15fb8cbf96223449f07a662
83de5accdb79e0a9f1622998c8ef0e9a6584befaa2ceab6814225345a7089ddc
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
869bcc98c8eb543a84b385d71ede9b0bbb4cc0cce80d8eb42f49c963b861b9df
8945d882d99d71bf92ff71afca288918e7babf0d7acbea7904a2c9de0d6b7202
89529fd41588e00eaa29e53f8d7cf97ea95d1a95e1ae0ed15a0f408d3c4bc99e
8b16bd49e3c6016aa7b5bc24e7f8df810dbbbdc0e69b56906162b46a48d1189f
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e66df0ecc185c710504c83f49193ca71fe1fbdbbb3ae079e0db2844214e6c3d
8f681d6bfcfccd2a2b1abbe6fcd011ccf0256b27906b8f3696f3391c3c85c43f
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c
921c4c65ae7c9b41fd4a470a9b51dfbfa38514df2188e2fdd18cc42463e37e07
931f5a817d756ac2e8ea318075ce1ba5563a05aea56767ced31cc2f5ae072ff1
940e0c3385928422aae38e1a74f1d84b462d8ce1a056c686fde505a0bf3162bb
94d8c8ef61b60ecad4cde684981ab48487c9fda040764ab489180eeeb4d2f6c9
97c269084807bedb7f6b324ae3f0fbb5c0780dfacc24b7c38bf49bff5baa4be4
993ebc45d9927d420801f05819222e8cc1aa523187e4c0b290df02b23ce18093
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9de9a21dfc3a7c2f955749eb7775022ad5ea7da7235945d9b2eb93f7317ad484
9eff853e0e48a1d66ee00e3daed67fbdbc2f15ddd89916c2492864c4bf00dcb4
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd
a4dd1dce38b66fc66d42d650fe440440450d79ccfe433b0aaf4981cc0b626120
a7213d6ac0897a013c62166427162431d2e38ec47fabde973146afdc0efeb367
a825d0e781d4861afa8cca726ae602e1c9ae49cbf6dc77390a08384039694c47
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7
aaf45a172ec90c76bcecd61c68d998c2256fe9b1700371e80011d1161c5ab629
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ace61d80f3fe90bbb02ab328d9705b57a9c8a95d3a0bf6b4cd510d4dacd033df
ad237fb737d307f25e314306d8ef8ebddb21d9e56b8521ca9eb89f52883f3bca
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
b46833e000883afdf83e3e9f21c101071354a7ff7207fbf3ba186033bb9deea5
b53bd277071fe3d5a8f8a1f34d378b82ed5d574f50d38457cbc4676bd00a74f2
b71631421727262576684de39d0c58bd135eae52e2d568949c059a4e1e79e7f3
b8eee12b83e27a25bfa6a40f536b25ea815c05726a7ddc2651b3feedf3e00634
bb983e6afb7b5e90c39046653f93498b063d17a8e33bb8c36455ba7fc7d6a77d
bbca6fe6f2b8dbe341cd5b5a3e26f6df0d3d8820478ba173dcedf1a4279659b2
bcaa21df70fd10c5a594ac5996411eb517750a210903adaa56dc097d5936dc9e
bcf391dd0b006a87698ac0894d71039d610480913d24fcdaa1f2fdeeeda943e3
beb618486515329792ad1bdfe768ad1b73ca49a9953d54422809ded6537db495
c1533bc39e2dd8ede3893909d6f42760e0598d075951447afe88158e57b0961a
c31e7f192284add069d9a3048217b82593e24ad90ca536f79896692f1ed44eda
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb1439760d337210dceb00cca241a48c8ca7ee237294fbf59ab7e44cb60a8488
cc15c325492dd5972c007635108f190eb6c75025e75c89d6b006ca7aeb4278a3
cc1a06507fef3821468dfabe5f908b44d8e048a85ab70cf5a95a3ea7a6c7f071
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
d12ddf1a204678d1e3d6057a4ce0c52d56537572d45d3f444e87a35695be08cb
d25cdeed2ccb087b677ff1774fa5b972961bd96269181553ffd8693924a1592f
d2a953a03ff9038e93d2a3b6b85a73eb2d6fdd185b2f4472ba592b802867078b
d3838febe02ee1538a1336ac01f452a6fe7682106cd21b46cda9c40092c8e3aa
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
d649c8e94e31186ba76150b3ccce8a2b6cf3c0365c93c3ee0e068ef1f41727d9
dee545213f27b4952a48255c1604d6e51c9049bceb67b5ad3b626eafeb0b326b
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796
e2f8b708c55fa2936245783c3a4d21913bbbce72a5e67b139668ed09a40fb5ce
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e6e50fd1047f835e02b1b4140c8a63062dff27f25906501694c4829624150955
e943dbcfb86d85f244a7297d32ba27e2efe5f46e242dfb838253cd52ab95d785
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
eaa2af9d37f1a0f33802e3b6293e263e71eaaa7ea18af8e95e77f3ff6497d54c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0d8c50bb5f6d84cf903f052203e39a5eeba09469d08552d3ed5a68129bad418
f19e7ee6cdf20bd478c037707c447b7cd469051de4dadeac32a795efb463c2e2
f603a089c9e5601d169903db787d29fc049a3a287dd40ad03900dc02745fcaeb
f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
fa3930fb77bf683949012030e2d5e68a5937b57d0ca5de425b41a8fd593997e0
fbf33b39fb359dee1f6d9b80835c1f43dc303aecd6697a2128ce25b9de87e4b0
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

239 Requests

99 %HTTPS

43 %IPv6

43 Domains

66 Subdomains

56 IPs

7 Countries

4803 kBTransfer

8836 kBSize

8 Cookies

20 Outgoing links

Redirected requests

239 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

239
Requests

99 %
HTTPS

43 %
IPv6

43
Domains

66
Subdomains

56
IPs

7
Countries

4803 kB
Transfer

8836 kB
Size

8
Cookies

239 HTTP transactions
6 data transactions